If windows is reporting the patch as installed that sounds to me like it is
keying off a registry entry (or existance of a file, however). If nessus ran
the check the same way (local privileges, read registry) it would give the
same result.
There seem to be two possibilities:
1. The nessus plugin in question is checking for the actual vulnerability
and discovering that the system is vulnerable (patch applied, but not
successful -- I've seen this)
2. The nessus plugin gave a false positive.
Not that I personally could help, but if you provide the plugin ids and scan
data to Tenable in my experience they can help determine where the problem
lies. And if it is a false positive everyone benefits if the plugin can be
improved.
Tim Doty
-----Original Message-----
From: nessus-bounces@list.nessus.org [mailto:nessus-bounces@list.nessus.org]
On Behalf Of Gus Fritschie
Sent: Friday, September 22, 2006 8:26 AM
To: nessus@list.nessus.org
Subject: Nessus reports patches as missing
We ran Nessus with local Administrator rights on a Windows XP SP1 system.
It reports several patches as missing. When looking at add/remove programs
the patch appears to be installed. Is this a false-positive? The patches
are pushed out using Patchlink.
What else could I do to confirm if the patch is applied correctly?
Thanks for the help.
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
