Version
7.0+
Issue:
Bit9 Agent is preventing Nessus scans from completing
Symptoms:
There may be failed Nessus scans or you may encounter blocks in the Event log, end-users may see the Bit9 notifier popping up.
Cause:
Nessus utilizes .bat files that are unique to each endpoint, and aren’t signed by a publisher. This makes Nessus hard to approve in larger environments
Solution:
If the Nessus agents have already been deployed to the endpoints, you can create a custom rule for execution control using the following settings:
Name: Nessus Scan Allow
Description: Allow Nessus scans
Status: Enabled
Platform: Windows
Rule Type: Execution Control
Execute Action: Allow
Path or File:
c:\windows\temp\nessus*.bat
c:\windows\tenable_mw_scan*.exe
Process: Specific Process c:\windows\tenable_mw_scan*.exe
c:\windows\system32\services.exe
c:\windows\system32\cmd.exe
User or Group: Any User
Rule Applies To: All Policies
Important Note(s)
More information can be found at http://www.tenable.com/products/nessus
Internal Notes
https://community.bit9.com/docs/DOC-3582