PaulDotCom mailing list archives
Nessus WMI patch auditing
From: paul at pauldotcom.com (Paul Asadoorian)
Date: Tue, 15 Jun 2010 21:06:48 -0400
Hey k41zen, Nessus does indeed use WMI for several things: http://blog.tenablesecurity.com/2007/02/advanced_nesssu.html You can get all the details by looking in the plugins directory and searching for files starting with "wmi_*". Not sure if there is a workaround to do patch audits on Windows systems that have admin shares disabled. Let me know if you want me to follow up on this one. We do other things, such as disabling/enabling the remote registry for Windows credentialed scans: http://blog.tenablesecurity.com/2009/03/dynamic-remote-registry-auditing-now-you-see-it-now-you-dont-.html Cheers, Paul On 6/15/10 5:26 PM, k41zen wrote:
So currently Nessus uses SMB for patch auditing which is great if the Admin shares (ADMIN$, C$ etc) are enabled, however the environments I am responsible for have it disabled (AutoShareServer=0). WMI is available though and I know that Nessus uses it for some things. So my question is can I have the option of performing patch auditing using Nessus and WMI? K41zen _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- Paul Asadoorian PaulDotCom Enterprises Web: http://pauldotcom.com Phone: 401.829.9552 Fax: 1.877.846.2187
Current thread:
- Nessus WMI patch auditing k41zen (Jun 15)
- Nessus WMI patch auditing Paul Asadoorian (Jun 15)