Hi, Thanks for the quick response. Actually, I was using administrator credentials. I wonder if something else has gone wrong during the scan? When you say Nessus does understand patches being superceded, is this only when doing file version checks? Thanks for looking into the other issues. I'm afraid I didn't trace the scans that failed, and now I am unable to touch the systems in question. If this happens again I will do that. All the best, Paul -- Paul Johnston Technical Specialist Support Services Group Information and IT Risk HBOS Plc PAJohnston@private Desk: 0113-235-3071 (7581-53071) Mobile: 07766-740756 -----Original Message----- From: plugins-writers-bounces@private [mailto:plugins-writers-bounces@private]On Behalf Of Renaud Deraison Sent: 27 March 2006 15:27 To: Johnston, Paul (Group Information & IT Risk); Nessus Plugin Writers Mailing List Subject: [Plugins-writers] Re: Improving local checks Hi, On Mar 27, 2006, at 8:47 AM, PaJohnston@private wrote: > > > The main reason for this is that Nessus does not understand that > some patches supercede others. Actually, Nessus does understand patches being superceded and has provisions for that. However, in the case of the advisories you're pointing out, this provision was not done -- it's now fixed, thanks. It's also worth noting that this problem would not happen if you had given Nessus credentials to connect and read to C$ (ie: administrator). > > For MS04-044, Nessus failed to report this, because it looks at > "Ntkrnlmp.exe" instead of "NToskrnl.exe". The box in question is a > single processor system. Thanks, this is fixed as well. However note that this check was only used for NT4, which is now unsupported by Microsoft. There are many unpatched flaws in this version. > > Another issue appeared for MS05-044, on a W2k box with IE6, but not > IE-SP1. SE doesn't report it, as the patch is marked as affecting > IE-SP1 only. Nessus does report it. I'm really not sure who's right > here. We will investigate this. Once again, the best way to be sure is to use admin credentials which can then get the exact version of the affected DLL (instead of relying on the registry). > > Also, local checks failed for two systems, without any apparent > reason. I know the credentials are correct, and SE worked > correctly. Unfortunately I didn't notice the failure until my > testing window had passed. Please send us a full pcap capture of the scan of these hosts. Thanks, -- Renaud _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers . ---------------------------------------------------------------------------------------------------------------------- HBOS plc, Registered in Scotland No. SC218813. Registered Office: The Mound, Edinburgh EH1 1YZ. HBOS plc is a holding company, subsidiaries of which are authorised and regulated by the Financial Services Authority. ============================================================================== _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Mon Mar 27 2006 - 08:09:51 PST