Now that nessus has gone fully commercial, we've had to reduce the number of Nessus installs we have - and now have to scan networks remotely over slow WAN links. :-(
I'm now getting a lot of problems with "poor" reports. e.g. Nessus running with full local admin privs no longer "seeing" what remote services and software is installed on the remote PC - and therefore misreports the AV status, patches missing, etc. If I run the same scan a second/third time, it might actually work 100% - it all comes down to timeouts/etc. So: which of the timeout options should I look at increasing? "checks_read_timeout"? "Services[entry]:Network connection timeout"? What about "plugins_timeout"? What if it takes 4 minutes to completely enumerate the services installed on the remote PC? Also, I am assuming this is a timeout problem. Should the failure to get enumeration of software and services on a remote PC (with full admin privs, and lots of evidence the process works in general) show up as failures in nessusd.messages? I've looked through there and cannot find "timed","killed" and I'd expect to. This is with nessus-3.2.1 under RHE4 -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
