FREE COMPUTER HELP

free computer help

Blog

NESSUS

Posted by RICHARD BEI on August 6, 2015 at 8:50 AM

I am in cyber security amongst other things and had a very difficult time getting Nessus to enumerate the Windows 7 registry. Here is the fix:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE and then make sure DCOM is set to yes.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System add reg DWORD name is LocalAccountTokenFilterPolicy and set to "1"

Services: set the following to Automatic and started/Remote registry/DCOM/Computer browser/RPC/RPC locator/RPC endpoint mapper/WMI/WMI performance adapter/RPC endpoint mapper.

In the Group Policy window please navigate to Computer Configuration -> Administrative Templates ->

Network -> Network Connections -> Windows Firewall -> Domain Profile and open Windows Firewall:

Allow inbound file and printer sharing exception. Windows Firewall opens UDP ports 137 and 138, and TCP ports 139 and 445.

GPO: Windows firewall: inbound and outbound allow for Public domain and private then turn off public/domain and private firewall.

Why turn off the firewall after setting the file and printer sharing? Windows firewall is very tenacious. I have always found it is 100 percent effective to make exceptions and then turn off the firewall.

Next, go to services and stop/disable Windows Defender/Windows Firewall.

Finally, Turn off User Account Control. When the Nessus scan is launched watch for the Admin$ share. If you see Nessus, then it is working. Also at command prompt run netstat -t 1. Look for port 139 and 445 to be established.

When the scan is complete and the report is generated look for these plug in id's:

10428-Microsoft Windows SMB registry Not Fully Accesible Detection

19506-Nesus Scan Information

21745-Authentication Failure-Local Checks Not Run

24786-Nessus Windows Scan Not Performed wWth Admin Privilages

26917-Microsoft Windows SMB Registry-Nessus Cannot Access The Windows Registry


Categories: None

Post a Comment

Oops!

Oops, you forgot something.

Oops!

The words you entered did not match the given text. Please try again.

Already a member? Sign In

0 Comments

Twitter Follow Button

Subscribe To Our Site

Recent Forum Posts

No recent posts