Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: TrendMicro alerts

from [Pavithra H] Network Security [Permanent Link]
Subject: Re: TrendMicro alerts
Date: Tue, 27 Nov 2007 12:40:32 +0530 
Hey Joe,

Plugin 25925 -  Checks for vulnerable versions of Trend Micro ServerProtect.
Basically it verifies whether the target host has Trend Micro
ServerProtect < 5.58, 5.58.1185 installed. For version details they
check for the KB item, "Antivirus/TrendMicro/ServerProtect".

Check Plugin 24679, which sets the KB item,
"Antivirus/TrendMicro/ServerProtect" by making DCERPC request to Trend
ServerProtect service (SpntSvc.exe).

For manual checking, look for the file version of SPntSvc.exe to
confirm the version of TrendMicro ServerProtect.

Hope this helps to you to debug the Issue.

On Nov 27, 2007 4:38 AM, Joe Dimino <joedimino@gmail.com> wrote:

We've been receiving numerous TrendMicro ServerProtect alerts, saying the
version is out of date.

We're trying to troubleshoot the issue, and I was wondering if anyone knows
exactly what registry key these plugins are looking at:

24680
25171
25172
25925

I checked the sourcecode at links like

http://www.tenablesecurity.com/plugins/index.php?view=viewsrc&id=25925 but
there isn't enough info to figure it out. All it says is 'Checks for
ServerProtect Version'. Anyone know how it does this?

The windows admins are saying the patches have been applied to the
information servers, so my only guess is that for some reason they aren't
being pushed properly to the rest of the population. I'd like to know
exactly what the plugins are looking for, so we could 'test' the fixes
without having to rescan, since we are restricted from scanning while in
'end of year lockdown mode'. The registry scans don't fall under the same
restrictions.

Thanks for any help. This is my first post, so if I didn't give enough
information, please let me know.

--Joe

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus





-- 
Thanks,
Pavithra.H
Research Analyst, Thirdbrigade Labs
Bangalore
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Scan Is Causing a Reboot, Steven Adair
Next by Date:  Solaris local checks - installed patches, andrew.court
Previous by Thread:  TrendMicro alerts, Joe Dimino
Next by Thread:  Scan Is Causing a Reboot, Bilal Nasrallah
Indexes:  [Date] [Thread] [Top] [All Lists]