Tucker, Brock - St. Louis, MO wrote: > Let's say that I have a dozen or so scanners that are all set to receive > daily updates. These updates change the default scanning policy to use > all of the plug-ins, correct?
Yes, but your Nessus client is still in the driver seat. If your client is specifying what to scan, a plugin not in that list won't be used. > Now lets say that I have a large scan task that will take a couple > weeks. I want the scan to be the same across the board for these scans. > If I use a .nessusrc file that was copied off to the side when the scan > was started, and specify this special file, will it use only the > plug-ins specified in it, or will it also include the new plug-ins that > have downloaded that aren't in the file. Your saved .nessusrc won't invoke a new plugin. > In the meantime, if there are any individual machine scans that need to > be performed, they should be done with the latest plug-ins set. A new Nessus client connecting to the Nessus daemon, and receiving a full list of current plugins can scan with the latest checks without effecting the other scan. We have this sort of feature built into the Security Center as well. You end up working with something called a 'Vulnerability Policy' that can consist of the absolute latest plugins from certain families or a "locked" list of specific plugins. Ron Gula Tenable Network Security _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
