If windows is reporting the patch as installed that sounds to me like it is keying off a registry entry (or existance of a file, however). If nessus ran the check the same way (local privileges, read registry) it would give the same result.
There seem to be two possibilities: 1. The nessus plugin in question is checking for the actual vulnerability and discovering that the system is vulnerable (patch applied, but not successful -- I've seen this) 2. The nessus plugin gave a false positive. Not that I personally could help, but if you provide the plugin ids and scan data to Tenable in my experience they can help determine where the problem lies. And if it is a false positive everyone benefits if the plugin can be improved. Tim Doty -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gus Fritschie Sent: Friday, September 22, 2006 8:26 AM To: [email protected] Subject: Nessus reports patches as missing We ran Nessus with local Administrator rights on a Windows XP SP1 system. It reports several patches as missing. When looking at add/remove programs the patch appears to be installed. Is this a false-positive? The patches are pushed out using Patchlink. What else could I do to confirm if the patch is applied correctly? Thanks for the help. _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
