Doug Nordwall wrote: > any way to reduce the impact/adjust the priority of windows compliance > checks? it seemed that the unix ones were largely pretty nice, but was > hoping for something on the windows side
You didn't mention it, but if you are doing a credentialed patch and system audit simultaneously with a windows compliance check, reducing the number of simultaneous checks in your scan will have less impact. For the specific compliance checks themselves, the configuration checks are less intrusive then the content checks. Again, if you are running both of these types of checks at the same time, reducing these to one plugin per host will minimize any system impact. Lastly, if you want to minimize the time the content checks take to execute you can sacrifice some accuracy for speed. Most content audit files have a "max_size" keyword which specifies how deep into each file the search is performed. The UNIX audit files you have tested may have focused more on content of specific files like /etc/syslog.conf whereas many of the windows content checks look for any .doc or .pdf file which can take longer to complete a test for. Ron Gula Tenable Network Security _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
