Thanks for the speedy reply, Renaud. We have a direct-feed and manually
(cron) pull updates every morning at around 2:15 AM every morning.
Using Nessus-3.0.3-es4.
I didn't know the patch plugins worked more thoroughly with admin
credentials. I will definitely try that.
To be clear, we have found Nessus to be an excellent patch monitoring
tool. We run patch-specific plugins (local security checks) on our
Windows, Linux, AIX and Solaris servers once a month, push the results
into an Oracle back-end, and pull really nice graphical reports /
month-over-month metrics on a PHP front-end (Zend Core for Oracle). We
filter the [very] occasional false-positives or risk-accepted
vulnerabilities with a separate table that maps the related Nessus IDs
to specific hosts.
-----Original Message-----
From: nessus-bounces@list.nessus.org
[mailto:nessus-bounces@list.nessus.org] On Behalf Of Renaud Deraison
Sent: Friday, November 10, 2006 7:40 AM
To: nessus@lists.nessus.org
Subject: Re: Re-released Microsoft Patches.
On Nov 10, 2006, at 10:31 AM, John Scherff wrote:
> We are having a similar problem, but in reverse. In some cases,
> Nessus will report that a patch is missing, but the patch has been
> superseded by another patch which HAS been applied. The same thing
> also sometimes occurs when a patch is rolled into a service pack.
Nessus has the appropriate logic to detect superseded patches -- make
sure your plugins are up-to-date.
Also, if you give it admin credentials, then a file version check
will be done, hence nullyfing the risk of wrongly detecting a
superseded patch.
I'd be interested in the specific list of patches which you say
create false positives and knowing how recent your plugin set it.
-- Renaud
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
|