Adam, We try to write every check without an account requirement wherever possible, but for checking files or registry keys, you must have the required access.
I can assure you that all of the Internet Scanner checks that are listed as requiring Administrator access are designed to give a solid vuln/not vuln result. If for whatever reason the check cannot determine one of those two states, an unknown will be recorded and reported to fusion where available. The unknown helps fusion know that we aren't sure, and to go ahead and protect where applicable. Scanning a domain, with a domain administrator account entered into KnownAccounts, should yield you good results. If the accounts in the Known Accounts file to not have the permissions to (for example) map drives, or enumerate the registry on the remote machine, then your results can be indeterminate as you put it. One trick you can try, is to map a drive from the scanning machine, to the remote target by hand. Map this drive using the Administrator account, and try your scan again. This drive mapping should give you the required credentials to run registry checks, without entering anything into the KnownAccounts. If you have examples of some of the Administrator Access checks you are having trouble with, I'd like to hear which ones they are, and possibly exchange the appropriate data to resolve the issues. We really do want you to have the highest possibly accuracy in your scans. Thanks, Ben Layer ISS XForce -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Adam D Sent: Thursday, November 06, 2003 7:25 AM To: [EMAIL PROTECTED] Subject: RE: [ISSForum] Internet Scanner 7.0 Yes Bill, I realize that you must use the KnownAccounts file to add the accounts. Supposedly you should get better results as an administrator though, and we simply just aren't seeing it. Also, what someone said about scan having to be ran from SP to feed fusion is wrong. You can run scans from the local console (CLI or GUI interface) and it will still feed fusion. But feeding fusion all the indeterminates doesn't do much good. Michael, you said that the tool wasn't originally intended to be ran as an administrator. WHy does ISS reccomend scanning as an admin for best results then? And were all of these checks that come back indeterminate designed to come back indeterminate, or is it actually possible to get a definite "Vulnerable" or "Not Vulnerable" from them? I am aware of system scanner, but like you said, it does not feed fusion. Fusion was designed with Internet Scanner to feed it, so why won't it do so? Just a side not too on Michael's comment, if the updates are not applied from SP then you will get an invalid policy format because the policies in SP won't match up with Internet Scanner UNLESS the internet scanner box has been re-installed on the same host name, in which case the initial xpu level must be restored from the local internet scanner machine because SP will only push an XPU to a given host once. Is anyone else having indeterminate problems with Internet Scanner????? Thanks for your help & comments, keep 'em coming. >From: "Epperson, Michael" <[EMAIL PROTECTED]> >To: "Adam Dyer" <[EMAIL PROTECTED]>,<[EMAIL PROTECTED]> >Subject: RE: [ISSForum] Internet Scanner 7.0 >Date: Wed, 5 Nov 2003 14:42:03 -0600 > _________________________________________________________________ MSN Messenger with backgrounds, emoticons and more. http://www.msnmessenger-download.com/tracking/cdp_customize _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
