• Correct offline nessus.license location

    Hi, I'm pretty new to Nessus and had a Offline PC asset question.   As I was reading the page "Getting Started > Register Nessus Offline > Download License" it instructs to copy the nessus.license to C:\Pr...
    last modified by jwells_lmco
  • False Positive: ping.asp CGI Arbitrary Command Execution

    When we do certain types of scans (especially External ASV PCI-DSS scans), we regularly get false positives for the "[HIGH] ping.asp CGI Arbitrary Command Execution" vulnerability, with the description "The 'ping.asp'...
    last modified by cjs@omise.co
  • All of sudden failed authentication scans on certain subents??

    Over the weekend our network folks attempted to move us over to a new firewall. That didn't go to smoothly and Monday morning they had to roll back to the original firewall.   Now all of sudden I can't scan ce...
    last modified by bfrisan
  • How do I scan with Benchmark OVAL/SCAP content?

    I am attempting to scan my Windows 10 laptop with the DISA-provided Windows 10 benchmark. This includes SCAP/OVAL tests. I went to add an audit file and selected the Custom/Advanced method. When importing the benchmar...
    last modified by durhamsm
  • Unable to reset activation code

    I'm trying to reset my activation code so I can transfer Nessus to a different PC. However, I'm unable to see the activation code when I login to the Support Portal. When I go to the Activation Codes menu, I can see t...
    last modified by jeffjaramilla
  • Cisco IP phones 7975/7911

    Is there a way to get a credentialed scan on these devices?  Thanks...
    last modified by rongisel
  • Question about get_install_count()

    Hi There,   Could someone help explain the above function (get_install_count as used in many nasl scripts, e.g. coldfusion_amf_deserialization.nasl) and how it behaves, in particular:   - How does this fun...
    last modified by dan.andrew
  • CIS RHEL7 - 5.4.4 Ensure default user umask is 027 or more restrictive

    using RHEL 7 CIS Audit file w/NESSUS scanner.  I keep getting flagged for /etc/bashrc (also /etc/profile)   excerpt from the plugin description Actual Value: Non-compliant file(s):   /etc/bashrc - reg...
    last modified by erpadmin
  • Nessus and IEv11 - Website certificate error

    Hi guys long time lurker of this community but first time poster. Love the Security Center and Nessus products but running into an annoying issue and thought you could help. Here's the deal.   I am using Nessus...
    last modified by alex1
  • Agents not updating after patching

    We are seeing the agents reporting on items that have been remediated. What would be causing the agent not to update? When we run credentialed scans the vulnerability goes away.
    last modified by wlgrayjr
  • Amazon Compliance Checks - higlighted account with disabled MFA even for user without assigned password

    Dear Tenable Community,   I have two things to verify.   1) The first one is that I scanned AWS account by using "Amazon Compliance Checks" plugin and I received 'FAILED' result for such check "1.2 Ensure ...
    last modified by aladdin
  • Regex for Does not contain

    Can someone assist with writing the regex for: does not contain (Phrase here) ?   I am trying to do a vulnerability text does not contain a certain exe file on plugin 44401. This is so I can see which systems ar...
    last modified by zaneta22
  • Plugin 96982

    96982 - This was recently set as an informational. Do you know whether or not this will be placed back as a critical and when?
    last modified by zaneta22
  • Database Audit Compliance Nessus Script for passwords

    Hi, i want to create .audit file using nessus script for Oracle Database compliance. Below are the checks that i need to perform: Different passwords must be set for all administrative accounts such as SYSTEM, SYSMA...
    last modified by khadijaazam
  • Plugin 19506

    Hi All,   This is sort of a random question dealing with filtering in the vulnerability analysis. It is my understanding that plugin 19506 is basically used just to grab details about the Nessus scan itself. So ...
    last modified by cbirt2010
  • Credential scans for Mac os

    The way the previous analysts set up credential scan on Linux was using SSH keys. He also locked the account, deleted the password, and added said user to sudoers file. He used these commands: passwd -d username passw...
    last modified by donniewu
  • Oracle 12c: Nessus not detecting CPU April 2017

    Oracle 12c installed on Windows 2012.  Nessus 6.8.1  scanner using a credentialed scan shows Oracle CPU April 2017 missing but DBA and Oracle patch storage shows that CPU April 2017 is installed.
    last modified by paul.s.morgan@navy.mil
  • CGI Generic SQLi - Validation of potential impact

    Greetings Tenable Community, We have a Nessus Professional scan that picked up a:   42479 (1) - CGI Generic SQL Injection (2nd Pass) Description: By providing specially crafted parameters to CGIs, Nessus w...
    last modified by opsec
  • don´t find the 700099

    Hi,   I am trying to find over my nessus (proffessional license) the plugin with 700099 Id and i am not capable to find it, the plugin is mentioned in the following article " WannaCry? Three Actions You Can Take...
    last modified by jgarciamz
  • Intel Firmware Plugin 97997 not detecting vulnerable firmware version on HP PC

    We have a number of HP ProDesk workstations at our company which are running a mix of Windows 7 and Windows 10.  When I run the Intel system discovery tool against them it reports the firmware version at
    last modified by gradbdrift