Nessus WMI patch auditing

[paul at pauldotcom.com (Paul Asadoorian)]

Hey k41zen,

Nessus does indeed use WMI for several things:

http://blog.tenablesecurity.com/2007/02/advanced_nesssu.html

You can get all the details by looking in the plugins directory and
searching for files starting with "wmi_*".

Not sure if there is a workaround to do patch audits on Windows systems
that have admin shares disabled.  Let me know if you want me to follow
up on this one.

We do other things, such as disabling/enabling the remote registry for
Windows credentialed scans:

http://blog.tenablesecurity.com/2009/03/dynamic-remote-registry-auditing-now-you-see-it-now-you-dont-.html

Cheers,
Paul

On 6/15/10 5:26 PM, k41zen wrote:
> So currently Nessus uses SMB for patch auditing which is great if the
> Admin shares (ADMIN$, C$ etc) are enabled, however the environments I
> am responsible for have it disabled (AutoShareServer=0).
>
> WMI is available though and I know that Nessus uses it for some
> things. So my question is can I have the option of performing patch
> auditing using Nessus and WMI?
>
> K41zen _______________________________________________ Pauldotcom
> mailing list Pauldotcom at mail.pauldotcom.com 
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main
> Web Site: http://pauldotcom.com

-- 
Paul Asadoorian
PaulDotCom Enterprises
Web: http://pauldotcom.com
Phone: 401.829.9552
Fax: 1.877.846.2187