Try re-running the scan in un-optimized mode. Meaning un-check the box that says optimize test. I have noticed if the AV plugins cannot correctly poll the list of services running it will sometime cause the plugin to fail.
Also check the event viewer of some of the Windows machines the plugin is failing on. I have noticed sometimes Nessus will (randomly) not correctly login to some windows machines. I get an event viewer error that says login failure from \\(IP address of nessus server). I am going to load samba on my nessus server to see if this helps with authentication. Is the machine you want to scan a member of a domain? If so be certain to include the domain info. You might want to check if the scan config is set to never send credentials in clear text. You want that set to yes (never send credentials in clear) I have seen problems if that is not set to yes. Jeff -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Gadoury Sent: Tuesday, April 13, 2004 1:50 PM To: Renaud Deraison Cc: nessus List (E-mail) Subject: Re: Nessus/Anti Virus Scanning ? OK, so I took another machine which does have Norton on it and ran the test. The two things I changed were the target for the new machine and the SMB login and password for the administrator user of the PC. Now I get this for the result of SMB Fully accessible registry (10428). ****************************************** Nessus did not access the remote registry completely, because this needs to be logged in as administrator. If you want the permissions / values of all the sensitive registry keys to be checked for, we recommend that you fill the 'SMB Login' options in the 'Prefs.' section of the client by the administrator login name and password. Risk factor : None ********************************************* Its almost like its not using the login and password that I entered. I also Exported the scan to a file to see if the Login and Password were set. It seemed as though everything was correct Any Ideas? Mike Renaud Deraison wrote: >On Tue, Apr 13, 2004 at 12:10:27PM -0400, Mike Gadoury wrote: > > >>I initiate the scan against a well known client that never had Norton >>or Mcafee installed. I would expect that I should see a failure / >>vulnerability due to the lack of anti virus software installed. The >>problem is that I don't. >> >> > >The plugin will tell you if NAV or McAffee is installed but not >running, not if it's not installed at all. > > > -- Renaud >_______________________________________________ >Nessus mailing list >[EMAIL PROTECTED] >http://mail.nessus.org/mailman/listinfo/nessus > > _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
