Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

How to allow Tenable Nessus Scans to run

How to allow Tenable Nessus Scans to run

Version
7.0+


Issue:
Bit9 Agent is preventing Nessus scans from completing


Symptoms:

There may be failed Nessus scans or you may encounter blocks in the Event log, end-users may see the Bit9 notifier popping up.


Cause:
Nessus utilizes .bat files that are unique to each endpoint, and aren’t signed by a publisher.  This makes Nessus hard to approve in larger environments


Solution:
If the Nessus agents have already been deployed to the endpoints, you can create a custom rule for execution control using the following settings:

Name: Nessus Scan Allow
Description: Allow Nessus scans
Status: Enabled
Platform: Windows
Rule Type: Execution Control
Execute Action: Allow
Path or File:
c:\windows\temp\nessus*.bat
c:\windows\tenable_mw_scan*.exe
Process: Specific Process c:\windows\tenable_mw_scan*.exe
c:\windows\system32\services.exe
c:\windows\system32\cmd.exe
User or Group: Any User
Rule Applies To: All Policies


Important Note(s)

More information can be found at http://www.tenable.com/products/nessus

 

 

Internal Notes

https://community.bit9.com/docs/DOC-3582

Tags (3)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎12-07-2015
Views:
1474