Jason Haar wrote: > I just scanned a Chinese install of WinXP-SP2 (the language may not be > important - I'm just saying...) which had Symantec installed on it this > year. > > According to Nessus-3.2.1 it is OK for sid:16193 ( An antivirus is > installed on the remote host), but then hits sid:24236 > <http://cgi.nessus.org/nessus_id.php3?id=24236> ( The remote host is > running a vulnerable version of Symantec AntiVirus). That vulnerability > refers to a 2006 version - so I don't think that's it :-)
Hi Jason, Did you confirm which version of Symantec AV is running on the computer? What did plugin 16193 say? It's possible an odler version of Symantec is there, but a different AV is running just as well. > Maybe it has an old Registry key or something? Anyway, generalizing this > out, if Nessus confirms a machine is running an up-to-date AV engine and > pattern files (any vendor), then shouldn't it ignore any AV > "vulnerabilities" - as they can't be true? Plugin 16193 just checks that AV is running and the signatures are up to date. It does not check for vulnerabilities. > Otherwise, can someone tell me how this machine is up-to-date and > out-of-date at the same time please? ;-) Reading the plugin, there is a short list of vulnerable SAV versions. http://www.nessus.org/plugins/index.php?view=viewsrc&id=24236 Please obtain the version of SAV running on this system in question so we can see if it is indeed vulnerable or if there is an issue with the check. Ron Gula Tenable Network Security _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
