Thanks for the speedy reply, Renaud. We have a direct-feed and manually (cron) pull updates every morning at around 2:15 AM every morning. Using Nessus-3.0.3-es4.
I didn't know the patch plugins worked more thoroughly with admin credentials. I will definitely try that. To be clear, we have found Nessus to be an excellent patch monitoring tool. We run patch-specific plugins (local security checks) on our Windows, Linux, AIX and Solaris servers once a month, push the results into an Oracle back-end, and pull really nice graphical reports / month-over-month metrics on a PHP front-end (Zend Core for Oracle). We filter the [very] occasional false-positives or risk-accepted vulnerabilities with a separate table that maps the related Nessus IDs to specific hosts. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Renaud Deraison Sent: Friday, November 10, 2006 7:40 AM To: [EMAIL PROTECTED] Subject: Re: Re-released Microsoft Patches. On Nov 10, 2006, at 10:31 AM, John Scherff wrote: > We are having a similar problem, but in reverse. In some cases, > Nessus will report that a patch is missing, but the patch has been > superseded by another patch which HAS been applied. The same thing > also sometimes occurs when a patch is rolled into a service pack. Nessus has the appropriate logic to detect superseded patches -- make sure your plugins are up-to-date. Also, if you give it admin credentials, then a file version check will be done, hence nullyfing the risk of wrongly detecting a superseded patch. I'd be interested in the specific list of patches which you say create false positives and knowing how recent your plugin set it. -- Renaud _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
