Hi there [reposted: last attempt blackholed after being delivered to 66.240.11.103]
We've been noticing Nessus incorrectly reporting a tonne of Windows vulnerabilities on our fully patched XP workstations, and I've figured out why. It appears nessus now requires that you run it using a local admin account to get the correct results, as a whole bunch of tests now involve looking at the version numbers of DLL files, etc - something that has to be done via connecting to the admin$ share. e.g. we are seeing most (but not all) of our fully patched XP-SP2 machines showing up as not being patched against ms03-024 (i.e. 11787). If I re-run the scan using an account that has local admin privs, these "hits" disappear. Here the InfoSec group and the Network and Operations group are all separate - i.e role separation. As such there is no way I can change our scans to run with administrative privs (currently we use an unpriv account that has been given Registry read access as per Nessus whitepapers) without violating SOX for starters. So is there something weird about our environment that causes this to happen, or is this 'real'? Thanks! -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
