Hey k41zen, Nessus does indeed use WMI for several things:
http://blog.tenablesecurity.com/2007/02/advanced_nesssu.html You can get all the details by looking in the plugins directory and searching for files starting with "wmi_*". Not sure if there is a workaround to do patch audits on Windows systems that have admin shares disabled. Let me know if you want me to follow up on this one. We do other things, such as disabling/enabling the remote registry for Windows credentialed scans: http://blog.tenablesecurity.com/2009/03/dynamic-remote-registry-auditing-now-you-see-it-now-you-dont-.html Cheers, Paul On 6/15/10 5:26 PM, k41zen wrote: > So currently Nessus uses SMB for patch auditing which is great if the > Admin shares (ADMIN$, C$ etc) are enabled, however the environments I > am responsible for have it disabled (AutoShareServer=0). > > WMI is available though and I know that Nessus uses it for some > things. So my question is can I have the option of performing patch > auditing using Nessus and WMI? > > K41zen _______________________________________________ Pauldotcom > mailing list [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main > Web Site: http://pauldotcom.com -- Paul Asadoorian PaulDotCom Enterprises Web: http://pauldotcom.com Phone: 401.829.9552 Fax: 1.877.846.2187 _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
