I just scanned a Chinese install of WinXP-SP2 (the language may not be important - I'm just saying...) which had Symantec installed on it this year.
According to Nessus-3.2.1 it is OK for sid:16193 ( An antivirus is installed on the remote host), but then hits sid:24236 <http://cgi.nessus.org/nessus_id.php3?id=24236> ( The remote host is running a vulnerable version of Symantec AntiVirus). That vulnerability refers to a 2006 version - so I don't think that's it :-) Maybe it has an old Registry key or something? Anyway, generalizing this out, if Nessus confirms a machine is running an up-to-date AV engine and pattern files (any vendor), then shouldn't it ignore any AV "vulnerabilities" - as they can't be true? Otherwise, can someone tell me how this machine is up-to-date and out-of-date at the same time please? ;-) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
