> > According to WSUS, the patch is not required. When I check the version > of the file on the server, it is indeed the old version. According to > the Microsoft Bulletin Release notes on Microsoft's website, the latest > version is indeed 5.2.3790.2731, with a June 2006 file date. > > > > At this point I was totally confused, because it looks like Nessus > technically is correct. So then I run 2 other tools (GFI Languard and > Shavlik NetChk) against the same server and they both tell me the server > does not require that patch. So now I have a 3 against 1 situations, > but in all aspects looking at just the file version, which shows the > updated version should tell me the real truth. > > > > Any ideas how to better resolve these discrepancies? We are in a > situation that we need to ramp up our patching efforts to get in > compliance and don't want to be hammered by other folks saying that our > results are false.
Hi Amit, Tenable attempts to write as much of their Microsoft patch auditing for Nessus to work off of file analysis than looking into the registry. I'm not 100% sure how NetChk, WSUS or GFI performs these tests, but it would be interesting to call their support groups for more information or perform their tests again with access to the registry disabled. I'm not a GFI user, but reading some of their support portal posts, it looks like it only performs checks by looking at the registry which is not as accurate as looking at the file. Politically, if you manually inspected the file and it agrees with Nessus I hope you'd conclude Nessus was correct and the other scanners were not as accurate. Ron Gula Tenable Network Security _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
