Nessus Report

Report generated by Nessus™

masked_systemname Pre V4 masked_hostname

Mon, 22 Apr 2024 15:38:07 Tokyo Standard Time

TABLE OF CONTENTS
Vulnerabilities by HostExpand All | Collapse All
ipaddr
20
41
33
1
428
Critical
High
Medium
Low
Info
Scan Information
Start time: Mon Apr 22 14:55:02 2024
End time: Mon Apr 22 15:38:07 2024
Host Information
Netbios Name: masked_hostname
IP: ipaddr
MAC Address: D4:F5:EF:9F:F6:38 D4:F5:EF:9F:F6:39
OS: Microsoft Windows Server 2019 Standard Build 17763
Vulnerabilities

154993 - KB5007206: Windows 10 Version 1809 and Windows Server 2019 Security Update (November 2021)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5007206.
It is, therefore, affected by multiple vulnerabilities:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26443, CVE-2021-38666, CVE-2021-41378, CVE-2021-42275, CVE-2021-42276, CVE-2021-42279)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-38631, CVE-2021-38665, CVE-2021-41371)

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2021-36957, CVE-2021-41366, CVE-2021-41367, CVE-2021-41370, CVE-2021-41377, CVE-2021-41379, CVE-2021-42277, CVE-2021-42278, CVE-2021-42280, CVE-2021-42282, CVE-2021-42283, CVE-2021-42285, CVE-2021-42287, CVE-2021-42291)

- A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.
(CVE-2021-42288)

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-41356, CVE-2021-42274, CVE-2021-42284)
See Also
Solution
Apply Cumulative Update KB5007206.
Risk Factor
High
CVSS v3.0 Base Score
9.0 (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.6 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
7.7 (CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-26443
CVE CVE-2021-36957
CVE CVE-2021-38631
CVE CVE-2021-38665
CVE CVE-2021-38666
CVE CVE-2021-41351
CVE CVE-2021-41356
CVE CVE-2021-41366
CVE CVE-2021-41367
CVE CVE-2021-41370
CVE CVE-2021-41371
CVE CVE-2021-41377
CVE CVE-2021-41378
CVE CVE-2021-41379
CVE CVE-2021-42274
CVE CVE-2021-42275
CVE CVE-2021-42276
CVE CVE-2021-42277
CVE CVE-2021-42278
CVE CVE-2021-42279
CVE CVE-2021-42280
CVE CVE-2021-42282
CVE CVE-2021-42283
CVE CVE-2021-42284
CVE CVE-2021-42285
CVE CVE-2021-42287
CVE CVE-2021-42288
CVE CVE-2021-42291
MSKB 5007206
XREF MSFT:MS21-5007206
XREF IAVA:2021-A-0539-S
XREF IAVA:2021-A-0545-S
XREF IAVA:2021-A-0544-S
XREF CISA-KNOWN-EXPLOITED:2022/03/17
XREF CISA-KNOWN-EXPLOITED:2022/05/02
XREF CEA-ID:CEA-2021-0053
Plugin Information
Published: 2021/11/09, Modified: 2022/12/05
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5007206

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.2213
Should be : 10.0.17763.2300
156071 - KB5008218: Windows 10 version 1809 / Windows Server 2019 Security Update (December 2021)
-
Synopsis
The Windows 10 1809 / Windows Server 2019 installation on the remote host is affected by multiple vulnerabilities.
Description
The Windows 10 1809 / Windows Server 2019 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities:

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2021-41333, CVE-2021-43207, CVE-2021-43223, CVE-2021-43226, CVE-2021-43229, CVE-2021-43230, CVE-2021-43231, CVE-2021-43237, CVE-2021-43238, CVE-2021-43239, CVE-2021-43240, CVE-2021-43247, CVE-2021-43248, CVE-2021-43880, CVE-2021-43883, CVE-2021-43893)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-43216, CVE-2021-43222, CVE-2021-43224, CVE-2021-43227, CVE-2021-43235, CVE-2021-43236)

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-43219, CVE-2021-43228)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-43217, CVE-2021-43232, CVE-2021-43233, CVE-2021-43234)
See Also
Solution
Microsoft has released KB5008218 to address this issue.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
6.5 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2021/12/14, Modified: 2022/01/14
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5008218

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.2213
Should be : 10.0.17763.2366
156621 - KB5009557: Windows 10 Version 1809 and Windows Server 2019 Security Update (January 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5009557.
It is, therefore, affected by multiple vulnerabilities:

- A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2022-21836)

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2022-21839, CVE-2022-21843, CVE-2022-21847, CVE-2022-21848, CVE-2022-21883, CVE-2022-21889, CVE-2022-21890, CVE-2022-21918)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2022-21876, CVE-2022-21877, CVE-2022-21880, CVE-2022-21904, CVE-2022-21915)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-21849, CVE-2022-21850, CVE-2022-21851, CVE-2022-21874, CVE-2022-21878, CVE-2022-21888, CVE-2022-21892, CVE-2022-21893, CVE-2022-21898, CVE-2022-21907, CVE-2022-21912, CVE-2022-21922, CVE-2022-21928, CVE-2022-21958, CVE-2022-21959, CVE-2022-21960, CVE-2022-21961, CVE-2022-21962, CVE-2022-21963)

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2022-21833, CVE-2022-21834, CVE-2022-21835, CVE-2022-21838, CVE-2022-21852, CVE-2022-21857, CVE-2022-21858, CVE-2022-21859, CVE-2022-21860, CVE-2022-21861, CVE-2022-21862, CVE-2022-21863, CVE-2022-21864, CVE-2022-21865, CVE-2022-21866, CVE-2022-21867, CVE-2022-21868, CVE-2022-21869, CVE-2022-21870, CVE-2022-21871, CVE-2022-21872, CVE-2022-21873, CVE-2022-21875, CVE-2022-21879, CVE-2022-21881, CVE-2022-21882, CVE-2022-21884, CVE-2022-21885, CVE-2022-21895, CVE-2022-21896, CVE-2022-21897, CVE-2022-21901, CVE-2022-21902, CVE-2022-21903, CVE-2022-21908, CVE-2022-21910, CVE-2022-21914, CVE-2022-21916, CVE-2022-21919, CVE-2022-21920)

- A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.
(CVE-2022-21894, CVE-2022-21900, CVE-2022-21905, CVE-2022-21906, CVE-2022-21913, CVE-2022-21924, CVE-2022-21925)
See Also
Solution
Apply Cumulative Update KB5009557.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-22947
CVE CVE-2021-36976
CVE CVE-2022-21833
CVE CVE-2022-21834
CVE CVE-2022-21835
CVE CVE-2022-21836
CVE CVE-2022-21838
CVE CVE-2022-21839
CVE CVE-2022-21843
CVE CVE-2022-21847
CVE CVE-2022-21848
CVE CVE-2022-21849
CVE CVE-2022-21850
CVE CVE-2022-21851
CVE CVE-2022-21852
CVE CVE-2022-21857
CVE CVE-2022-21858
CVE CVE-2022-21859
CVE CVE-2022-21860
CVE CVE-2022-21861
CVE CVE-2022-21862
CVE CVE-2022-21863
CVE CVE-2022-21864
CVE CVE-2022-21865
CVE CVE-2022-21866
CVE CVE-2022-21867
CVE CVE-2022-21868
CVE CVE-2022-21869
CVE CVE-2022-21870
CVE CVE-2022-21871
CVE CVE-2022-21872
CVE CVE-2022-21873
CVE CVE-2022-21874
CVE CVE-2022-21875
CVE CVE-2022-21876
CVE CVE-2022-21877
CVE CVE-2022-21878
CVE CVE-2022-21879
CVE CVE-2022-21880
CVE CVE-2022-21881
CVE CVE-2022-21882
CVE CVE-2022-21883
CVE CVE-2022-21884
CVE CVE-2022-21885
CVE CVE-2022-21888
CVE CVE-2022-21889
CVE CVE-2022-21890
CVE CVE-2022-21892
CVE CVE-2022-21893
CVE CVE-2022-21894
CVE CVE-2022-21895
CVE CVE-2022-21896
CVE CVE-2022-21897
CVE CVE-2022-21898
CVE CVE-2022-21900
CVE CVE-2022-21901
CVE CVE-2022-21902
CVE CVE-2022-21903
CVE CVE-2022-21904
CVE CVE-2022-21905
CVE CVE-2022-21906
CVE CVE-2022-21907
CVE CVE-2022-21908
CVE CVE-2022-21910
CVE CVE-2022-21912
CVE CVE-2022-21913
CVE CVE-2022-21914
CVE CVE-2022-21915
CVE CVE-2022-21916
CVE CVE-2022-21918
CVE CVE-2022-21919
CVE CVE-2022-21920
CVE CVE-2022-21922
CVE CVE-2022-21924
CVE CVE-2022-21925
CVE CVE-2022-21928
CVE CVE-2022-21958
CVE CVE-2022-21959
CVE CVE-2022-21960
CVE CVE-2022-21961
CVE CVE-2022-21962
CVE CVE-2022-21963
MSKB 5009557
XREF MSFT:MS22-5009557
XREF IAVA:2022-A-0012-S
XREF IAVA:2022-A-0016-S
XREF CISA-KNOWN-EXPLOITED:2022/02/18
XREF CISA-KNOWN-EXPLOITED:2022/05/16
XREF CEA-ID:CEA-2022-0001
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2022/01/11, Modified: 2023/01/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5009557

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.2213
Should be : 10.0.17763.2452
159675 - KB5012647: Windows 10 version 1809 / Windows Server 2019 Security Update (April 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5012591.
It is, therefore, affected by multiple vulnerabilities:

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2022-26790, CVE-2022-26828, CVE-2022-26827, CVE-2022-26807, CVE-2022-26796, CVE-2022-26798, CVE-2022-26808, CVE-2022-26810, CVE-2022-26803, CVE-2022-26802, CVE-2022-26801, CVE-2022-26794, CVE-2022-26792, CVE-2022-26904, CVE-2022-26788, CVE-2022-26793, CVE-2022-26914, CVE-2022-26789, CVE-2022-26797, CVE-2022-26787, CVE-2022-24549, CVE-2022-26795, CVE-2022-26786, CVE-2022-24496, CVE-2022-24544, CVE-2022-24540, CVE-2022-24489, CVE-2022-24486, CVE-2022-24481, CVE-2022-24479, CVE-2022-24527, CVE-2022-24474, CVE-2022-24521, CVE-2022-24550, CVE-2022-24499, CVE-2022-24547, CVE-2022-24546, CVE-2022-24494, CVE-2022-24542, CVE-2022-24530)

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2022-26831, CVE-2022-26915, CVE-2022-24538, CVE-2022-24484, CVE-2022-26784)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-26824, CVE-2022-26812, CVE-2022-26919, CVE-2022-26918, CVE-2022-26809, CVE-2022-26825, CVE-2022-26916, CVE-2022-26819, CVE-2022-26817, CVE-2022-26815, CVE-2022-26814, CVE-2022-26823, CVE-2022-26811, CVE-2022-26829, CVE-2022-26821, CVE-2022-26917, CVE-2022-26820, CVE-2022-26826, CVE-2022-26818, CVE-2022-26822, CVE-2022-26813, CVE-2022-24545, CVE-2022-24541, CVE-2022-24492, CVE-2022-24491, CVE-2022-24537, CVE-2022-24536, CVE-2022-24487, CVE-2022-24534, CVE-2022-24485, CVE-2022-24533, CVE-2022-26903, CVE-2022-24495, CVE-2022-24528, CVE-2022-21983, CVE-2022-22008, CVE-2022-24500)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2022-26920, CVE-2022-26816, CVE-2022-24493, CVE-2022-24539, CVE-2022-24490, CVE-2022-26783, CVE-2022-26785, CVE-2022-24498, CVE-2022-24483)
See Also
Solution
Apply Cumulative Update 5012647
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-21983
CVE CVE-2022-22008
CVE CVE-2022-24474
CVE CVE-2022-24479
CVE CVE-2022-24481
CVE CVE-2022-24482
CVE CVE-2022-24483
CVE CVE-2022-24484
CVE CVE-2022-24485
CVE CVE-2022-24486
CVE CVE-2022-24487
CVE CVE-2022-24489
CVE CVE-2022-24490
CVE CVE-2022-24491
CVE CVE-2022-24492
CVE CVE-2022-24493
CVE CVE-2022-24494
CVE CVE-2022-24495
CVE CVE-2022-24496
CVE CVE-2022-24497
CVE CVE-2022-24498
CVE CVE-2022-24499
CVE CVE-2022-24500
CVE CVE-2022-24521
CVE CVE-2022-24527
CVE CVE-2022-24528
CVE CVE-2022-24530
CVE CVE-2022-24533
CVE CVE-2022-24534
CVE CVE-2022-24536
CVE CVE-2022-24537
CVE CVE-2022-24538
CVE CVE-2022-24539
CVE CVE-2022-24540
CVE CVE-2022-24541
CVE CVE-2022-24542
CVE CVE-2022-24544
CVE CVE-2022-24545
CVE CVE-2022-24546
CVE CVE-2022-24547
CVE CVE-2022-24549
CVE CVE-2022-24550
CVE CVE-2022-26783
CVE CVE-2022-26784
CVE CVE-2022-26785
CVE CVE-2022-26786
CVE CVE-2022-26787
CVE CVE-2022-26788
CVE CVE-2022-26789
CVE CVE-2022-26790
CVE CVE-2022-26792
CVE CVE-2022-26793
CVE CVE-2022-26794
CVE CVE-2022-26795
CVE CVE-2022-26796
CVE CVE-2022-26797
CVE CVE-2022-26798
CVE CVE-2022-26801
CVE CVE-2022-26802
CVE CVE-2022-26803
CVE CVE-2022-26807
CVE CVE-2022-26808
CVE CVE-2022-26809
CVE CVE-2022-26810
CVE CVE-2022-26811
CVE CVE-2022-26812
CVE CVE-2022-26813
CVE CVE-2022-26814
CVE CVE-2022-26815
CVE CVE-2022-26816
CVE CVE-2022-26817
CVE CVE-2022-26818
CVE CVE-2022-26819
CVE CVE-2022-26820
CVE CVE-2022-26821
CVE CVE-2022-26822
CVE CVE-2022-26823
CVE CVE-2022-26824
CVE CVE-2022-26825
CVE CVE-2022-26826
CVE CVE-2022-26827
CVE CVE-2022-26828
CVE CVE-2022-26829
CVE CVE-2022-26831
CVE CVE-2022-26903
CVE CVE-2022-26904
CVE CVE-2022-26914
CVE CVE-2022-26915
CVE CVE-2022-26916
CVE CVE-2022-26917
CVE CVE-2022-26918
CVE CVE-2022-26919
CVE CVE-2022-26920
MSKB 5012647
XREF MSFT:MS22-5012647
XREF IAVA:2022-A-0147-S
XREF IAVA:2022-A-0145-S
XREF CISA-KNOWN-EXPLOITED:2022/05/04
XREF CISA-KNOWN-EXPLOITED:2022/05/16
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2022/04/12, Modified: 2023/02/03
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5012647

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.2213
Should be : 10.0.17763.2803
160928 - KB5013941: Windows 10 version 1809 / Windows Server 2019 Security Update (May 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5013941. It is, therefore, affected by multiple vulnerabilities

- Windows LDAP Remote Code Execution Vulnerability (CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141)

- Windows Network File System Remote Code Execution Vulnerability (CVE-2022-26937)

- Windows Graphics Component Remote Code Execution Vulnerability (CVE-2022-26927)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5013941
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2022/05/10, Modified: 2023/03/23
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5013941

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.2213
Should be : 10.0.17763.2928
162197 - KB5014692: Windows 10 version 1809 / Windows Server 2019 Security Update (June 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5014692. It is, therefore, affected by multiple vulnerabilities

- Windows Network File System Remote Code Execution Vulnerability (CVE-2022-30136)

- Windows Kerberos Elevation of Privilege Vulnerability (CVE-2022-30165)

- Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2022-30139, CVE-2022-30141, CVE-2022-30143, CVE-2022-30146, CVE-2022-30149, CVE-2022-30153, CVE-2022-30161)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5014692
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-21123
CVE CVE-2022-21125
CVE CVE-2022-21127
CVE CVE-2022-21166
CVE CVE-2022-30131
CVE CVE-2022-30132
CVE CVE-2022-30136
CVE CVE-2022-30139
CVE CVE-2022-30140
CVE CVE-2022-30141
CVE CVE-2022-30142
CVE CVE-2022-30143
CVE CVE-2022-30145
CVE CVE-2022-30146
CVE CVE-2022-30147
CVE CVE-2022-30148
CVE CVE-2022-30149
CVE CVE-2022-30150
CVE CVE-2022-30151
CVE CVE-2022-30152
CVE CVE-2022-30153
CVE CVE-2022-30154
CVE CVE-2022-30155
CVE CVE-2022-30160
CVE CVE-2022-30161
CVE CVE-2022-30162
CVE CVE-2022-30163
CVE CVE-2022-30164
CVE CVE-2022-30165
CVE CVE-2022-30166
CVE CVE-2022-30190
MSKB 5014692
XREF MSFT:MS22-5014692
XREF IAVA:2022-A-0240-S
XREF IAVA:2022-A-0241-S
XREF CISA-KNOWN-EXPLOITED:2022/07/05
XREF CEA-ID:CEA-2022-0022
Exploitable With
CANVAS (true) Core Impact (true) Metasploit (true)
Plugin Information
Published: 2022/06/14, Modified: 2023/01/13
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5014692

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.2213
Should be : 10.0.17763.3046
163946 - KB5016623: Windows 10 version 1809 / Windows Server 2019 Security Update (August 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5016623. It is, therefore, affected by multiple vulnerabilities

- Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability (CVE-2022-35747, CVE-2022-35769)

- Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability (CVE-2022-30133, CVE-2022-35744)

- Windows Bluetooth Service Remote Code Execution Vulnerability (CVE-2022-30144)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5016623
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2022/08/09, Modified: 2023/10/25
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5016623

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.2213
Should be : 10.0.17763.3287
164997 - KB5017315: Windows 10 version 1809 / Windows Server 2019 Security Update (September 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5017315. It is, therefore, affected by multiple vulnerabilities

- Windows Photo Import API Elevation of Privilege Vulnerability (CVE-2022-26928)

- Windows Credential Roaming Service Elevation of Privilege Vulnerability (CVE-2022-30170)

- Windows Secure Channel Denial of Service Vulnerability (CVE-2022-30196, CVE-2022-35833)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5017315
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2022/09/13, Modified: 2023/01/30
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5017315

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.2213
Should be : 10.0.17763.3406
171441 - KB5022840: Windows 10 version 1809 / Windows Server 2019 Security Update (February 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5022840. It is, therefore, affected by multiple vulnerabilities

- Windows iSCSI Discovery Service Remote Code Execution Vulnerability (CVE-2023-21803)

- Microsoft PostScript Printer Driver Remote Code Execution Vulnerability (CVE-2023-21684, CVE-2023-21801)

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-21685, CVE-2023-21686, CVE-2023-21799)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5022840
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2023/02/14, Modified: 2024/01/26
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5022840

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.2213
Should be : 10.0.17763.4010
172533 - KB5023702: Windows 10 version 1809 / Windows Server 2019 Security Update (March 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5023702. It is, therefore, affected by multiple vulnerabilities

- An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context. (CVE-2023-1017)

- An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM. (CVE-2023-1018)

- Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2023-21708, CVE-2023-23405, CVE-2023-24869, CVE-2023-24908)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5023702
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2023/03/14, Modified: 2023/08/30
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5023702

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.2213
Should be : 10.0.17763.4131
174108 - KB5025229: Windows 10 version 1809 / Windows Server 2019 Security Update (April 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5025229. It is, therefore, affected by multiple vulnerabilities

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-28275)

- Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-28250)

- Microsoft Message Queuing Remote Code Execution Vulnerability (CVE-2023-21554)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5025229
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2023/04/11, Modified: 2023/10/04
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5025229

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.2213
Should be : 10.0.17763.4252
175347 - KB5026362: Windows 10 version 1809 / Windows Server 2019 Security Update (May 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5026362. It is, therefore, affected by multiple vulnerabilities

- Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-24943)

- Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2023-28283)

- Server for NFS Denial of Service Vulnerability (CVE-2023-24939)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5026362
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.1 (CVSS:3.0/E:F/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2023/05/09, Modified: 2023/06/16
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5026362

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.2213
Should be : 10.0.17763.4377
177247 - KB5027222: Windows 10 version 1809 / Windows Server 2019 Security Update (June 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5027222. It is, therefore, affected by multiple vulnerabilities

- Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-29363, CVE-2023-32014, CVE-2023-32015)

- Windows Collaborative Translation Framework Elevation of Privilege Vulnerability (CVE-2023-32009)

- Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2023-29373)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5027222
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2023/06/13, Modified: 2024/03/25
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5027222

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.2213
Should be : 10.0.17763.4499
178150 - KB5028168: Windows 10 version 1809 / Windows Server 2019 Security Update (July 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5028168. It is, therefore, affected by multiple vulnerabilities

- Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability (CVE-2023-35365, CVE-2023-35366, CVE-2023-35367)

- Windows Netlogon Information Disclosure Vulnerability (CVE-2023-21526)

- Windows Win32k Elevation of Privilege Vulnerability (CVE-2023-21756)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5028168
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-21526
CVE CVE-2023-21756
CVE CVE-2023-32033
CVE CVE-2023-32034
CVE CVE-2023-32035
CVE CVE-2023-32037
CVE CVE-2023-32038
CVE CVE-2023-32039
CVE CVE-2023-32040
CVE CVE-2023-32041
CVE CVE-2023-32042
CVE CVE-2023-32043
CVE CVE-2023-32044
CVE CVE-2023-32045
CVE CVE-2023-32046
CVE CVE-2023-32049
CVE CVE-2023-32053
CVE CVE-2023-32054
CVE CVE-2023-32055
CVE CVE-2023-32056
CVE CVE-2023-32057
CVE CVE-2023-32083
CVE CVE-2023-32084
CVE CVE-2023-32085
CVE CVE-2023-33154
CVE CVE-2023-33155
CVE CVE-2023-33163
CVE CVE-2023-33164
CVE CVE-2023-33166
CVE CVE-2023-33167
CVE CVE-2023-33168
CVE CVE-2023-33169
CVE CVE-2023-33172
CVE CVE-2023-33173
CVE CVE-2023-33174
CVE CVE-2023-35296
CVE CVE-2023-35297
CVE CVE-2023-35299
CVE CVE-2023-35300
CVE CVE-2023-35302
CVE CVE-2023-35303
CVE CVE-2023-35304
CVE CVE-2023-35305
CVE CVE-2023-35306
CVE CVE-2023-35308
CVE CVE-2023-35309
CVE CVE-2023-35310
CVE CVE-2023-35312
CVE CVE-2023-35313
CVE CVE-2023-35314
CVE CVE-2023-35315
CVE CVE-2023-35316
CVE CVE-2023-35317
CVE CVE-2023-35318
CVE CVE-2023-35319
CVE CVE-2023-35320
CVE CVE-2023-35321
CVE CVE-2023-35322
CVE CVE-2023-35324
CVE CVE-2023-35325
CVE CVE-2023-35326
CVE CVE-2023-35328
CVE CVE-2023-35329
CVE CVE-2023-35330
CVE CVE-2023-35331
CVE CVE-2023-35332
CVE CVE-2023-35336
CVE CVE-2023-35338
CVE CVE-2023-35339
CVE CVE-2023-35340
CVE CVE-2023-35341
CVE CVE-2023-35342
CVE CVE-2023-35343
CVE CVE-2023-35344
CVE CVE-2023-35345
CVE CVE-2023-35346
CVE CVE-2023-35348
CVE CVE-2023-35350
CVE CVE-2023-35351
CVE CVE-2023-35352
CVE CVE-2023-35353
CVE CVE-2023-35356
CVE CVE-2023-35357
CVE CVE-2023-35358
CVE CVE-2023-35360
CVE CVE-2023-35361
CVE CVE-2023-35362
CVE CVE-2023-35363
CVE CVE-2023-35364
CVE CVE-2023-35365
CVE CVE-2023-35366
CVE CVE-2023-35367
CVE CVE-2023-36871
CVE CVE-2023-36874
MSKB 5028168
XREF CISA-KNOWN-EXPLOITED:2023/08/01
XREF MSFT:MS23-5028168
XREF IAVA:2023-A-0347-S
XREF IAVA:2023-A-0345-S
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2023/07/11, Modified: 2023/11/01
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5028168

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.2213
Should be : 10.0.17763.4644
179487 - KB5029247: Windows 10 version 1809 / Windows Server 2019 Security Update (August 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5029247. It is, therefore, affected by multiple vulnerabilities

- Microsoft Message Queuing Remote Code Execution Vulnerability (CVE-2023-35385, CVE-2023-36910, CVE-2023-36911)

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36882)

- Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability (CVE-2023-35387)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5029247
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-20569
CVE CVE-2023-35359
CVE CVE-2023-35376
CVE CVE-2023-35377
CVE CVE-2023-35378
CVE CVE-2023-35380
CVE CVE-2023-35381
CVE CVE-2023-35382
CVE CVE-2023-35383
CVE CVE-2023-35384
CVE CVE-2023-35385
CVE CVE-2023-35386
CVE CVE-2023-35387
CVE CVE-2023-36882
CVE CVE-2023-36884
CVE CVE-2023-36889
CVE CVE-2023-36900
CVE CVE-2023-36903
CVE CVE-2023-36904
CVE CVE-2023-36905
CVE CVE-2023-36906
CVE CVE-2023-36907
CVE CVE-2023-36908
CVE CVE-2023-36909
CVE CVE-2023-36910
CVE CVE-2023-36911
CVE CVE-2023-36912
CVE CVE-2023-36913
CVE CVE-2023-38154
CVE CVE-2023-38172
CVE CVE-2023-38184
CVE CVE-2023-38254
MSKB 5029247
XREF MSFT:MS23-5029247
XREF IAVA:2023-A-0416
XREF CISA-KNOWN-EXPLOITED:2023/08/07
XREF IAVA:2023-A-0418-S
XREF IAVA:2023-A-0409-S
XREF IAVA:2023-A-0402-S
XREF IAVA:2023-A-0412-S
Exploitable With
Core Impact (true)
Plugin Information
Published: 2023/08/08, Modified: 2024/02/16
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5029247

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.2213
Should be : 10.0.17763.4737
182865 - KB5031361: Windows 10 version 1809 / Windows Server 2019 Security Update (October 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5031361. It is, therefore, affected by multiple vulnerabilities

- The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. (CVE-2023-44487)
- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36577)

- Windows IIS Server Elevation of Privilege Vulnerability (CVE-2023-36434)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5031361
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-29348
CVE CVE-2023-35349
CVE CVE-2023-36431
CVE CVE-2023-36434
CVE CVE-2023-36436
CVE CVE-2023-36438
CVE CVE-2023-36557
CVE CVE-2023-36563
CVE CVE-2023-36564
CVE CVE-2023-36567
CVE CVE-2023-36570
CVE CVE-2023-36571
CVE CVE-2023-36572
CVE CVE-2023-36573
CVE CVE-2023-36574
CVE CVE-2023-36575
CVE CVE-2023-36576
CVE CVE-2023-36577
CVE CVE-2023-36578
CVE CVE-2023-36579
CVE CVE-2023-36581
CVE CVE-2023-36582
CVE CVE-2023-36583
CVE CVE-2023-36584
CVE CVE-2023-36585
CVE CVE-2023-36589
CVE CVE-2023-36590
CVE CVE-2023-36591
CVE CVE-2023-36592
CVE CVE-2023-36593
CVE CVE-2023-36594
CVE CVE-2023-36596
CVE CVE-2023-36598
CVE CVE-2023-36602
CVE CVE-2023-36603
CVE CVE-2023-36605
CVE CVE-2023-36606
CVE CVE-2023-36697
CVE CVE-2023-36698
CVE CVE-2023-36701
CVE CVE-2023-36702
CVE CVE-2023-36703
CVE CVE-2023-36704
CVE CVE-2023-36706
CVE CVE-2023-36707
CVE CVE-2023-36709
CVE CVE-2023-36710
CVE CVE-2023-36711
CVE CVE-2023-36712
CVE CVE-2023-36713
CVE CVE-2023-36717
CVE CVE-2023-36718
CVE CVE-2023-36720
CVE CVE-2023-36721
CVE CVE-2023-36722
CVE CVE-2023-36723
CVE CVE-2023-36724
CVE CVE-2023-36725
CVE CVE-2023-36726
CVE CVE-2023-36729
CVE CVE-2023-36731
CVE CVE-2023-36732
CVE CVE-2023-36743
CVE CVE-2023-36776
CVE CVE-2023-36902
CVE CVE-2023-38159
CVE CVE-2023-38166
CVE CVE-2023-41765
CVE CVE-2023-41766
CVE CVE-2023-41767
CVE CVE-2023-41768
CVE CVE-2023-41769
CVE CVE-2023-41770
CVE CVE-2023-41771
CVE CVE-2023-41772
CVE CVE-2023-41773
CVE CVE-2023-41774
CVE CVE-2023-44487
MSKB 5031361
XREF MSFT:MS23-5031361
XREF IAVA:2023-A-0552-S
XREF IAVA:2023-A-0553-S
XREF CISA-KNOWN-EXPLOITED:2023/12/07
XREF CISA-KNOWN-EXPLOITED:2023/10/31
XREF CEA-ID:CEA-2024-0004
XREF IAVB:2023-B-0083-S
Exploitable With
Core Impact (true)
Plugin Information
Published: 2023/10/10, Modified: 2024/02/23
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5031361

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.2213
Should be : 10.0.17763.4974
185579 - KB5032196: Windows 10 version 1809 / Windows Server 2019 Security Update (November 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5032196. It is, therefore, affected by multiple vulnerabilities

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36402)

- Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-36397)

- Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability (CVE-2023-36028)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5032196
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-24023
CVE CVE-2023-36017
CVE CVE-2023-36025
CVE CVE-2023-36028
CVE CVE-2023-36033
CVE CVE-2023-36036
CVE CVE-2023-36047
CVE CVE-2023-36392
CVE CVE-2023-36393
CVE CVE-2023-36394
CVE CVE-2023-36395
CVE CVE-2023-36397
CVE CVE-2023-36398
CVE CVE-2023-36400
CVE CVE-2023-36401
CVE CVE-2023-36402
CVE CVE-2023-36403
CVE CVE-2023-36404
CVE CVE-2023-36405
CVE CVE-2023-36408
CVE CVE-2023-36423
CVE CVE-2023-36424
CVE CVE-2023-36425
CVE CVE-2023-36427
CVE CVE-2023-36428
CVE CVE-2023-36705
CVE CVE-2023-36719
CVE CVE-2023-38039
CVE CVE-2023-38545
CVE CVE-2024-21315
MSKB 5032196
XREF MSFT:MS23-5032196
XREF CISA-KNOWN-EXPLOITED:2023/12/05
XREF CEA-ID:CEA-2023-0052
XREF IAVA:2023-A-0638-S
XREF IAVA:2023-A-0636-S
XREF IAVA:2024-A-0105
Plugin Information
Published: 2023/11/14, Modified: 2024/02/16
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5032196

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.2213
Should be : 10.0.17763.5122
132999 - Security Updates for Microsoft .NET Framework (January 2020)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is affected by multiple vulnerabilities.
Description
The Microsoft .NET Framework installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
(CVE-2020-0646)

- A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(CVE-2020-0605, CVE-2020-0606)
See Also
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.1 (CVSS:3.0/E:F/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-0605
CVE CVE-2020-0606
CVE CVE-2020-0646
MSKB 4532935
MSKB 4535101
MSKB 4535103
MSKB 4535102
MSKB 4535105
MSKB 4535104
MSKB 4532933
MSKB 4534271
MSKB 4532938
MSKB 4534306
MSKB 4534977
MSKB 4534976
MSKB 4532936
MSKB 4534276
MSKB 4534293
MSKB 4534979
MSKB 4534978
XREF MSFT:MS20-4532935
XREF MSFT:MS20-4535101
XREF MSFT:MS20-4535103
XREF MSFT:MS20-4535102
XREF MSFT:MS20-4535105
XREF MSFT:MS20-4535104
XREF MSFT:MS20-4532933
XREF MSFT:MS20-4534271
XREF MSFT:MS20-4532938
XREF MSFT:MS20-4534306
XREF MSFT:MS20-4534977
XREF MSFT:MS20-4534976
XREF MSFT:MS20-4532936
XREF MSFT:MS20-4534276
XREF MSFT:MS20-4534293
XREF MSFT:MS20-4534979
XREF MSFT:MS20-4534978
XREF IAVA:2020-A-0028-S
XREF CISA-KNOWN-EXPLOITED:2022/05/03
Exploitable With
CANVAS (true) Metasploit (true)
Plugin Information
Published: 2020/01/16, Modified: 2023/04/25
Plugin Output

tcp/445/cifs


Microsoft .NET Framework 4.7.2
The remote host is missing one of the following rollup KBs :

Cumulative
- 4532947

C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.workflow.runtime.dll has not been patched.
Remote version : 4.7.3440.0
Should be : 4.7.3570.0

187901 - Security Updates for Microsoft .NET Framework (January 2024)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.
Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows:

- Denial of service vulnerability in Microsoft .NET Framework. (CVE-2023-36042, CVE-2024-21312)

- Security feature bypass in System.Data.SqlClient SQL data provider. An attacker can perform a man-in-the-middle attack on the connection between the client and server in order to read and modify the TLS traffic. (CVE-2024-0056)

- Security feature bypass in applications that use the X.509 chain building APIs. When processing an untrusted certificate with malformed signatures, the framework returns an incorrect reason code.
Applications which make use of this reason code may treat this scenario as a successful chain build, potentially bypassing the application's typical authentication logic. (CVE-2024-0057)
See Also
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36042
CVE CVE-2024-0056
CVE CVE-2024-0057
CVE CVE-2024-21312
MSKB 5033898
MSKB 5033899
MSKB 5033904
MSKB 5033907
MSKB 5033909
MSKB 5033910
MSKB 5033911
MSKB 5033912
MSKB 5033914
MSKB 5033916
MSKB 5033917
MSKB 5033918
MSKB 5033919
MSKB 5033920
MSKB 5033922
MSKB 5033945
MSKB 5033946
MSKB 5033947
MSKB 5033948
XREF MSFT:MS24-5033898
XREF MSFT:MS24-5033899
XREF MSFT:MS24-5033904
XREF MSFT:MS24-5033907
XREF MSFT:MS24-5033909
XREF MSFT:MS24-5033910
XREF MSFT:MS24-5033911
XREF MSFT:MS24-5033912
XREF MSFT:MS24-5033914
XREF MSFT:MS24-5033916
XREF MSFT:MS24-5033917
XREF MSFT:MS24-5033918
XREF MSFT:MS24-5033919
XREF MSFT:MS24-5033920
XREF MSFT:MS24-5033922
XREF MSFT:MS24-5033945
XREF MSFT:MS24-5033946
XREF MSFT:MS24-5033947
XREF MSFT:MS24-5033948
XREF IAVA:2024-A-0011-S
Plugin Information
Published: 2024/01/10, Modified: 2024/03/29
Plugin Output

tcp/445/cifs


Microsoft .NET Framework 4.7.2
The remote host is missing one of the following rollup KBs :

Cumulative
- 5033904

C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.web.dll has not been patched.
Remote version : 4.7.3429.0
Should be : 4.7.4081.0

185887 - Security Updates for Microsoft .NET Framework (November 2023)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.
Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows:

- Security feature bypass in ASP.NET. An attacker can bypass the security checks that prevents an attacker from accessing internal applications in a website. (CVE-2023-36560)

- Privilege escalation vulnerability in FTP component of .NET Framework. An attacker can inject arbitrary commands to the FTP server. (CVE-2023-36049)

- Information disclosure vulnerability in .NET Framework. An attacker can obtain the ObjRef URI which could lead to remote code execution. (CVE-2024-29059
See Also
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.8 (CVSS:3.0/E:P/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.8 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36049
CVE CVE-2023-36560
CVE CVE-2024-29059
MSKB 5031984
MSKB 5031987
MSKB 5031988
MSKB 5031989
MSKB 5031990
MSKB 5031991
MSKB 5031993
MSKB 5031995
MSKB 5031999
MSKB 5032000
MSKB 5032004
MSKB 5032005
MSKB 5032006
MSKB 5032007
MSKB 5032008
MSKB 5032009
MSKB 5032010
MSKB 5032011
MSKB 5032012
XREF MSFT:MS23-5031984
XREF MSFT:MS23-5031987
XREF MSFT:MS23-5031988
XREF MSFT:MS23-5031989
XREF MSFT:MS23-5031990
XREF MSFT:MS23-5031991
XREF MSFT:MS23-5031993
XREF MSFT:MS23-5031995
XREF MSFT:MS23-5031999
XREF MSFT:MS23-5032000
XREF MSFT:MS23-5032004
XREF MSFT:MS23-5032005
XREF MSFT:MS23-5032006
XREF MSFT:MS23-5032007
XREF MSFT:MS23-5032008
XREF MSFT:MS23-5032009
XREF MSFT:MS23-5032010
XREF MSFT:MS23-5032011
XREF MSFT:MS23-5032012
XREF IAVA:2023-A-0618-S
XREF IAVA:2024-A-0178-S
Plugin Information
Published: 2023/11/16, Modified: 2024/04/11
Plugin Output

tcp/445/cifs


Microsoft .NET Framework 4.7.2
The remote host is missing one of the following rollup KBs :

Cumulative
- 5031984

C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.web.dll has not been patched.
Remote version : 4.7.3429.0
Should be : 4.7.4076.0

154026 - KB5006672: Windows 10 Version 1809 and Windows Server 2019 Security Update (October 2021)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5006672.
It is, therefore, affected by multiple vulnerabilities:

- A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.
(CVE-2021-40456, CVE-2021-40460, CVE-2021-41337, CVE-2021-41338)

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-36953, CVE-2021-40463)

- A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36970, CVE-2021-40455, CVE-2021-41361)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-40461, CVE-2021-40462, CVE-2021-40465, CVE-2021-40469, CVE-2021-41330, CVE-2021-41331, CVE-2021-41340, CVE-2021-41342)

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2021-26441, CVE-2021-26442, CVE-2021-40443, CVE-2021-40449, CVE-2021-40450, CVE-2021-40464, CVE-2021-40466, CVE-2021-40467, CVE-2021-40470, CVE-2021-40476, CVE-2021-40477, CVE-2021-40478, CVE-2021-40488, CVE-2021-40489, CVE-2021-41335, CVE-2021-41345, CVE-2021-41347)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-38662, CVE-2021-38663, CVE-2021-40454, CVE-2021-40475, CVE-2021-41332, CVE-2021-41343)
See Also
Solution
Apply Security Update 5006672
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2021/10/12, Modified: 2023/12/29
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5006672

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.2213
Should be : 10.0.17763.2237
157432 - KB5010351: Windows 10 version 1809 / Windows Server 2019 Security Update (February 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5010351. It is, therefore, affected by multiple vulnerabilities
See Also
Solution
Apply Security Update 5010351
Risk Factor
High
CVSS v3.0 Base Score
7.9 (CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.6 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-21971
CVE CVE-2022-21974
CVE CVE-2022-21981
CVE CVE-2022-21985
CVE CVE-2022-21989
CVE CVE-2022-21992
CVE CVE-2022-21993
CVE CVE-2022-21994
CVE CVE-2022-21995
CVE CVE-2022-21997
CVE CVE-2022-21998
CVE CVE-2022-21999
CVE CVE-2022-22000
CVE CVE-2022-22001
CVE CVE-2022-22002
CVE CVE-2022-22710
CVE CVE-2022-22712
CVE CVE-2022-22715
CVE CVE-2022-22717
CVE CVE-2022-22718
XREF MSFT:MS22-5010351
XREF IAVA:2022-A-0074-S
XREF IAVA:2022-A-0068-S
XREF CISA-KNOWN-EXPLOITED:2022/04/15
XREF CISA-KNOWN-EXPLOITED:2022/05/10
XREF CISA-KNOWN-EXPLOITED:2022/09/08
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2022/02/08, Modified: 2023/02/13
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5010351

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.2213
Should be : 10.0.17763.2565
158712 - KB5011503: Windows 10 version 1809 / Windows Server 2019 Security Update (March 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5011503. It is, therefore, affected by multiple vulnerabilities:

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2022-23288, CVE-2022-23284, CVE-2022-24455, CVE-2022-23296, CVE-2022-24459, CVE-2022-24507, CVE-2022-23291, CVE-2022-23299, CVE-2022-23298, CVE-2022-23293, CVE-2022-23290, CVE-2022-24460, CVE-2022-24454, CVE-2022-23283, CVE-2022-21967, CVE-2022-24505, CVE-2022-23287, CVE-2022-23286)

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2022-21975, CVE-2022-23253)

- A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.
(CVE-2022-24502)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2022-21977, CVE-2022-22010, CVE-2022-23281, CVE-2022-23297, CVE-2022-24503)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-21990, CVE-2022-23285, CVE-2022-23294)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5011503.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.8 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2022/03/08, Modified: 2023/01/26
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5011503

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.2213
Should be : 10.0.17763.2686
163046 - KB5015811: Windows 10 version 1809 / Windows Server 2019 Security Update (July 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5015811.
It is, therefore, affected by multiple vulnerabilities:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-22024, CVE-2022-22027, CVE-2022-22029, CVE-2022-22038, CVE-2022-22039, CVE-2022-30211, CVE-2022-30214, CVE-2022-30221, CVE-2022-30222)

- A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.
(CVE-2022-22023, CVE-2022-22048, CVE-2022-30203)

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2022-22022, CVE-2022-22026, CVE-2022-22031, CVE-2022-22034, CVE-2022-22036, CVE-2022-22037, CVE-2022-22041, CVE-2022-22045, CVE-2022-22047, CVE-2022-22049, CVE-2022-22050, CVE-2022-30202, CVE-2022-30205, CVE-2022-30206, CVE-2022-30209, CVE-2022-30215, CVE-2022-30220, CVE-2022-30224, CVE-2022-30225, CVE-2022-30226)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5015811
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
8.5 (CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2022/07/12, Modified: 2023/01/16
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5015811

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.2213
Should be : 10.0.17763.3165
166025 - KB5018419: Windows 10 version 1809 / Windows Server 2019 Security Update (October 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5018419. It is, therefore, affected by multiple vulnerabilities

- Server Service Remote Protocol Elevation of Privilege Vulnerability (CVE-2022-38045)

- Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2022-38040)

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2022-37982, CVE-2022-38031)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5018419
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2022/10/11, Modified: 2023/02/09
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5018419

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.2213
Should be : 10.0.17763.3532
167112 - KB5019966: Windows 10 version 1809 / Windows Server 2019 Security Update (November 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5019966. It is, therefore, affected by multiple vulnerabilities

- AMD: CVE-2022-23824 IBPB and Return Address Predictor Interactions (CVE-2022-23824)

- Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability (CVE-2022-37966)

- Windows Kerberos Elevation of Privilege Vulnerability (CVE-2022-37967)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5019966
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-23824
CVE CVE-2022-37966
CVE CVE-2022-37967
CVE CVE-2022-37992
CVE CVE-2022-38015
CVE CVE-2022-38023
CVE CVE-2022-41039
CVE CVE-2022-41045
CVE CVE-2022-41047
CVE CVE-2022-41048
CVE CVE-2022-41049
CVE CVE-2022-41050
CVE CVE-2022-41052
CVE CVE-2022-41053
CVE CVE-2022-41054
CVE CVE-2022-41055
CVE CVE-2022-41056
CVE CVE-2022-41057
CVE CVE-2022-41058
CVE CVE-2022-41073
CVE CVE-2022-41086
CVE CVE-2022-41088
CVE CVE-2022-41090
CVE CVE-2022-41091
CVE CVE-2022-41093
CVE CVE-2022-41095
CVE CVE-2022-41096
CVE CVE-2022-41097
CVE CVE-2022-41098
CVE CVE-2022-41099
CVE CVE-2022-41100
CVE CVE-2022-41101
CVE CVE-2022-41102
CVE CVE-2022-41109
CVE CVE-2022-41113
CVE CVE-2022-41118
CVE CVE-2022-41125
CVE CVE-2022-41128
MSKB 5019966
XREF MSFT:MS22-5019966
XREF CISA-KNOWN-EXPLOITED:2022/12/09
XREF CISA-KNOWN-EXPLOITED:2022/11/29
XREF IAVA:2022-A-0484-S
XREF IAVA:2022-A-0473-S
XREF IAVA:2023-A-0552-S
XREF IAVA:2023-A-0553-S
Plugin Information
Published: 2022/11/08, Modified: 2023/11/16
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5019966

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.2213
Should be : 10.0.17763.3650
168693 - KB5021237: Windows 10 version 1809 / Windows Server 2019 Security Update (December 2022)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5021237. It is, therefore, affected by multiple vulnerabilities

- PowerShell Remote Code Execution Vulnerability (CVE-2022-41076)

- Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability (CVE-2022-44689)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-44670, CVE-2022-44676)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5021237
Risk Factor
High
CVSS v3.0 Base Score
8.5 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.1 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.6 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2022/12/13, Modified: 2023/01/12
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5021237

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.2213
Should be : 10.0.17763.3770
169788 - KB5022286: Windows 10 version 1809 / Windows Server 2019 Security Update (January 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5022286. It is, therefore, affected by multiple vulnerabilities

- Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2023-21732)

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-21681)

- Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2023-21676)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5022286
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2023/01/10, Modified: 2023/09/28
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5022286

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.2213
Should be : 10.0.17763.3887
181303 - KB5030214: Windows 10 version 1809 / Windows Server 2019 Security Update (September 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5030214. It is, therefore, affected by multiple vulnerabilities

- Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability (CVE-2023-35355)

- DHCP Server Service Denial of Service Vulnerability (CVE-2023-38162)

- Windows GDI Elevation of Privilege Vulnerability (CVE-2023-36804, CVE-2023-38161)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5030214
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:F/RL:O/RC:C)
CVSS v2.0 Base Score
8.3 (CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-35355
CVE CVE-2023-36801
CVE CVE-2023-36802
CVE CVE-2023-36803
CVE CVE-2023-36804
CVE CVE-2023-36805
CVE CVE-2023-38139
CVE CVE-2023-38140
CVE CVE-2023-38141
CVE CVE-2023-38142
CVE CVE-2023-38143
CVE CVE-2023-38144
CVE CVE-2023-38147
CVE CVE-2023-38149
CVE CVE-2023-38152
CVE CVE-2023-38160
CVE CVE-2023-38161
CVE CVE-2023-38162
MSKB 5030214
XREF MSFT:MS23-5030214
XREF CISA-KNOWN-EXPLOITED:2023/10/03
XREF IAVA:2023-A-0472-S
XREF IAVA:2023-A-0471-S
Exploitable With
Core Impact (true)
Plugin Information
Published: 2023/09/12, Modified: 2023/12/25
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5030214

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.2213
Should be : 10.0.17763.4851
186789 - KB5033371: Windows 10 version 1809 / Windows Server 2019 Security Update (December 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5033371. It is, therefore, affected by multiple vulnerabilities

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36006)

- Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability (CVE-2023-36696)

- Win32k Elevation of Privilege Vulnerability (CVE-2023-36011)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5033371
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.8 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2023/12/12, Modified: 2024/01/15
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5033371

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.2213
Should be : 10.0.17763.5202
187803 - KB5034127: Windows 10 version 1809 / Windows Server 2019 Security Update (January 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5034127. It is, therefore, affected by multiple vulnerabilities

- Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2024-20654)

- BitLocker Security Feature Bypass Vulnerability (CVE-2024-20666)

- Windows Kerberos Security Feature Bypass Vulnerability (CVE-2024-20674)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5034127
Risk Factor
High
CVSS v3.0 Base Score
8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.3 (CVSS:3.0/E:P/RL:O/RC:C)
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.0 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2024/01/09, Modified: 2024/02/16
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5034127

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.2213
Should be : 10.0.17763.5328
190482 - KB5034768: Windows 10 version 1809 / Windows Server 2019 Security Update (February 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5034768. It is, therefore, affected by multiple vulnerabilities

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2024-21350, CVE-2024-21352, CVE-2024-21358, CVE-2024-21359, CVE-2024-21360, CVE-2024-21361, CVE-2024-21365, CVE-2024-21366, CVE-2024-21367, CVE-2024-21368, CVE-2024-21369, CVE-2024-21370, CVE-2024-21375, CVE-2024-21391, CVE-2024-21420)

- Windows Kernel Elevation of Privilege Vulnerability (CVE-2024-21338, CVE-2024-21371)

- Windows Kernel Information Disclosure Vulnerability (CVE-2024-21340)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5034768
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2024/02/13, Modified: 2024/03/15
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5034768

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.2213
Should be : 10.0.17763.5458
191938 - KB5035849: Windows 10 version 1809 / Windows Server 2019 Security Update (March 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5035849. It is, therefore, affected by multiple vulnerabilities

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2024-21441, CVE-2024-21444, CVE-2024-21450, CVE-2024-26161, CVE-2024-26166)

- Windows USB Hub Driver Remote Code Execution Vulnerability (CVE-2024-21429)

- Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability (CVE-2024-21430)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5035849
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.8 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2024/03/12, Modified: 2024/04/12
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5035849

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.2213
Should be : 10.0.17763.5576
193091 - KB5036896: Windows 10 version 1809 / Windows Server 2019 Security Update (April 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5036896. It is, therefore, affected by multiple vulnerabilities

- SmartScreen Prompt Security Feature Bypass Vulnerability (CVE-2024-29988)

- Secure Boot Security Feature Bypass Vulnerability (CVE-2024-20669, CVE-2024-26168, CVE-2024-26171, CVE-2024-26175, CVE-2024-26180, CVE-2024-26189, CVE-2024-26194, CVE-2024-26240, CVE-2024-26250, CVE-2024-28896, CVE-2024-28897, CVE-2024-28898, CVE-2024-28903, CVE-2024-28919, CVE-2024-28920, CVE-2024-28921, CVE-2024-28922, CVE-2024-28923, CVE-2024-28924, CVE-2024-28925, CVE-2024-29061, CVE-2024-29062)

- Windows rndismp6.sys Remote Code Execution Vulnerability (CVE-2024-26252, CVE-2024-26253)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5036896
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-2201
CVE CVE-2024-20665
CVE CVE-2024-20669
CVE CVE-2024-20678
CVE CVE-2024-20693
CVE CVE-2024-23593
CVE CVE-2024-23594
CVE CVE-2024-26158
CVE CVE-2024-26168
CVE CVE-2024-26171
CVE CVE-2024-26172
CVE CVE-2024-26175
CVE CVE-2024-26179
CVE CVE-2024-26180
CVE CVE-2024-26183
CVE CVE-2024-26189
CVE CVE-2024-26194
CVE CVE-2024-26195
CVE CVE-2024-26200
CVE CVE-2024-26202
CVE CVE-2024-26205
CVE CVE-2024-26207
CVE CVE-2024-26208
CVE CVE-2024-26209
CVE CVE-2024-26210
CVE CVE-2024-26211
CVE CVE-2024-26212
CVE CVE-2024-26214
CVE CVE-2024-26215
CVE CVE-2024-26216
CVE CVE-2024-26217
CVE CVE-2024-26218
CVE CVE-2024-26219
CVE CVE-2024-26220
CVE CVE-2024-26221
CVE CVE-2024-26222
CVE CVE-2024-26223
CVE CVE-2024-26224
CVE CVE-2024-26226
CVE CVE-2024-26227
CVE CVE-2024-26228
CVE CVE-2024-26229
CVE CVE-2024-26230
CVE CVE-2024-26231
CVE CVE-2024-26232
CVE CVE-2024-26233
CVE CVE-2024-26234
CVE CVE-2024-26237
CVE CVE-2024-26239
CVE CVE-2024-26240
CVE CVE-2024-26241
CVE CVE-2024-26242
CVE CVE-2024-26244
CVE CVE-2024-26248
CVE CVE-2024-26250
CVE CVE-2024-26252
CVE CVE-2024-26253
CVE CVE-2024-26254
CVE CVE-2024-26255
CVE CVE-2024-28896
CVE CVE-2024-28897
CVE CVE-2024-28898
CVE CVE-2024-28900
CVE CVE-2024-28901
CVE CVE-2024-28902
CVE CVE-2024-28903
CVE CVE-2024-28919
CVE CVE-2024-28920
CVE CVE-2024-28921
CVE CVE-2024-28922
CVE CVE-2024-28923
CVE CVE-2024-28924
CVE CVE-2024-28925
CVE CVE-2024-29050
CVE CVE-2024-29056
CVE CVE-2024-29061
CVE CVE-2024-29062
CVE CVE-2024-29064
CVE CVE-2024-29066
CVE CVE-2024-29988
MSKB 5036896
XREF MSFT:MS24-5036896
XREF IAVA:2024-A-0227
XREF IAVA:2024-A-0228
Plugin Information
Published: 2024/04/09, Modified: 2024/04/12
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5036896

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.2213
Should be : 10.0.17763.5696
192147 - Microsoft Azure Data Studio < 1.48.0 Elevation of Privilege Vulnerability (CVE-2024-26203)
-
Synopsis
An application installed on the remote Windows host is affected by an elevation of privilege vulnerability.
Description
The version of Microsoft Azure Data Studio installed on the remote Windows host is prior to 1.48.0. It is, therefore, affected by an unspecified elevation of privilege vulnerability.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Azure Data Studio version 1.48.0 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
7.3 (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.4 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-26203
XREF IAVA:2024-A-0157
Plugin Information
Published: 2024/03/15, Modified: 2024/03/18
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Azure Data Studio\
Installed version : 1.44.0.0
Fixed version : 1.48.0

35291 - SSL Certificate Signed Using Weak Hashing Algorithm
-
Synopsis
An SSL certificate in the certificate chain has been signed using a weak hash algorithm.
Description
The remote service uses an SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks. An attacker can exploit this to generate another certificate with the same digital signature, allowing an attacker to masquerade as the affected service.

Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.

Note that certificates in the chain that are contained in the Nessus CA database (known_CA.inc) have been ignored.
See Also
Solution
Contact the Certificate Authority to have the SSL certificate reissued.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVSS v3.0 Temporal Score
6.7 (CVSS:3.0/E:P/RL:O/RC:C)
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.9 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 11849
BID 33065
CVE CVE-2004-2761
CVE CVE-2005-4900
XREF CERT:836068
XREF CWE:310
Plugin Information
Published: 2009/01/05, Modified: 2023/12/15
Plugin Output

tcp/10024


The following certificates were part of the certificate chain sent by
the remote host, but contain hashes that are considered to be weak.

Subject : CN=EVEMA_CA
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Nov 27 13:22:00 2007 GMT
Valid To : Apr 14 13:22:00 2035 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIICojCCAYoCCQDD5Y4r/OzRgjANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDFAhFVkVNQV9DQTAeFw0wNzExMjcxMzIyMDBaFw0zNTA0MTQxMzIyMDBaMBMxETAPBgNVBAMUCEVWRU1BX0NBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy8au7RoZs7WMAn+NjI8oOeYyvtFuGGtEvPt7RHuSzvd/+HTDiFJxgOEUvwjoxK6PdNoddq52DvHLh6wgz7TTGSdAMKbG5NbYYEjBUJG1RbIIkf7o7OvlPLsTSfe5xWASkIAduNWsYI5DVZ3BMQUT5Q1oTIdz0Fweb+gzYNr3Lskg0wnzaP8j79x/Yri07wIdc/7Q7N3N2vhpbPLxcA5gLuB5PZdMORqVyl7j0GdB6FljYTET05VwmsuwiFTs2ptdPhw3CdSAFH00+yD0jJXWpwTEnAsE4lDGilqte+XzOusyebDSbzDeKI5OoCL0e/iGGi7V5E9HJIHpdC8p/FxVSwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQAaJRikSA3J9FRkariLf0hmwb0+mzbZfIIpG/mJDLa83ntR6ddb31WoYb9gw+DrRplI4Iz5VgwTkgvk0Apjyrq1si/2reLdf0mtKDyIvLpkwxg3iNxZ8Yd7IQQuoBw6W9QVQlEfOgMjRMaPlaoq38QAvZTVy7WrQnpwD7OCkcvJFPt3PqabVxgJo4d5gNOCgetXRJjBPoyXu6ueAsukAgQevyNB3hgtF3kLxywIYiOwWWOlgRg1WZajp5DboUYHnnnH/lEesFvyzCl61JJWFBYV73leQoOE+aaJoeNVg+36kw4ZX5xNgOTaG0Q+fHEPsf1ZSgvWKzHX/i9VML3srp1g
-----END CERTIFICATE-----

Subject : CN=EVEMA_SERVER
Signature Algorithm : SHA-1 With RSA Encryption
Valid From : Nov 27 13:22:02 2007 GMT
Valid To : Apr 14 13:22:02 2035 GMT
Raw PEM certificate :
-----BEGIN CERTIFICATE-----
MIICnjCCAYYCAQIwDQYJKoZIhvcNAQEFBQAwEzERMA8GA1UEAxQIRVZFTUFfQ0EwHhcNMDcxMTI3MTMyMjAyWhcNMzUwNDE0MTMyMjAyWjAXMRUwEwYDVQQDFAxFVkVNQV9TRVJWRVIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCclZciryUTwXEzDeqpA47QDJ9vtum/Yaa1fCr4LxPXQfQwZrbIaT1gdn51tT2mx1HQJ2tDx+tTxkw45A+EdDdrE9V8FlEjqQaN0YHhPGadXa8U0vkWTZtV98ZJoswytl8ElJuMglBIc5k4Y6g4iVxtLVBqL6U7HTRotQD3trcToZ3MvTW7wfwRDcr+3eM3Lo83YyreKgkS2JakVfPHuglH9NKEySKt+er8KlmdUnQNb0DNzyNoETUMdjirz4nOvcGBLYf9Dy9N+VuGxBjipp9FhuSVCDxwwZmuJhPjxVY/BPzfdabXKFzMO08jh6bvXVF6QRjsPRFukznTAmulcUjJAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAFLqZ+xBPMcW1ZvRznwpNRu92rBdvqG3iTcjwDn3MnqcwFFgUYerytctSYnfsn0GiqTzapNt8Na/CvtsDatSpRsaMx0v20JG0ZDMnPK1e+S6pLVPBCHe++8Kn+NlIdhJN3JOca/MaWH0zK1emi+UkNExjs0T9vkyeneJ9tO4qx8auXe3bepir5QncFP2w4ZoUKeHZaGW1MZDa4Jn083Yar1/HfFd3Fy4YVAOHBuheub8cuP38o/vfDJI6Ma0xBnaTjW6Fuw3goFa2etrFPcXxoxJ2Wy3HujDbWnIbHyKmvovxIjkjf7uk302KSWUWTdRjaZ9qRTDm2eYzIktcXBTDNk=
-----END CERTIFICATE-----

42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
-
Synopsis
The remote service supports the use of medium strength SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
See Also
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
References
Plugin Information
Published: 2009/11/23, Modified: 2021/02/03
Plugin Output

tcp/636/ldap


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
-
Synopsis
The remote service supports the use of medium strength SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
See Also
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
References
Plugin Information
Published: 2009/11/23, Modified: 2021/02/03
Plugin Output

tcp/1433/mssql


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
-
Synopsis
The remote service supports the use of medium strength SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
See Also
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
References
Plugin Information
Published: 2009/11/23, Modified: 2021/02/03
Plugin Output

tcp/3269/ldap


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
-
Synopsis
The remote service supports the use of medium strength SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
See Also
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
References
Plugin Information
Published: 2009/11/23, Modified: 2021/02/03
Plugin Output

tcp/3389/msrdp


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

168395 - Security Updates for Microsoft .NET Framework (April 2022)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.
Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by a denial of service vulnerability.
See Also
http://www.nessus.org/u?496ec3f1
http://www.nessus.org/u?eff833d3
https://support.microsoft.com/en-us/help/5012117
https://support.microsoft.com/en-us/help/5012118
https://support.microsoft.com/en-us/help/5012119
https://support.microsoft.com/en-us/help/5012120
https://support.microsoft.com/en-us/help/5012121
https://support.microsoft.com/en-us/help/5012122
https://support.microsoft.com/en-us/help/5012123
https://support.microsoft.com/en-us/help/5012124
https://support.microsoft.com/en-us/help/5012125
https://support.microsoft.com/en-us/help/5012128
https://support.microsoft.com/en-us/help/5012129
https://support.microsoft.com/en-us/help/5012130
https://support.microsoft.com/en-us/help/5012131
https://support.microsoft.com/en-us/help/5012136
https://support.microsoft.com/en-us/help/5012137
https://support.microsoft.com/en-us/help/5012138
https://support.microsoft.com/en-us/help/5012139
https://support.microsoft.com/en-us/help/5012140
https://support.microsoft.com/en-us/help/5012141
https://support.microsoft.com/en-us/help/5012142
https://support.microsoft.com/en-us/help/5012143
https://support.microsoft.com/en-us/help/5012144
https://support.microsoft.com/en-us/help/5012145
https://support.microsoft.com/en-us/help/5012146
https://support.microsoft.com/en-us/help/5012147
https://support.microsoft.com/en-us/help/5012148
https://support.microsoft.com/en-us/help/5012149
https://support.microsoft.com/en-us/help/5012150
https://support.microsoft.com/en-us/help/5012151
https://support.microsoft.com/en-us/help/5012152
https://support.microsoft.com/en-us/help/5012153
https://support.microsoft.com/en-us/help/5012154
https://support.microsoft.com/en-us/help/5012155
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:F/RL:O/RC:C)
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
4.1 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-26832
MSKB 5012117
MSKB 5012118
MSKB 5012119
MSKB 5012120
MSKB 5012121
MSKB 5012122
MSKB 5012123
MSKB 5012124
MSKB 5012125
MSKB 5012128
MSKB 5012129
MSKB 5012130
MSKB 5012131
MSKB 5012136
MSKB 5012137
MSKB 5012138
MSKB 5012139
MSKB 5012140
MSKB 5012141
MSKB 5012142
MSKB 5012143
MSKB 5012144
MSKB 5012145
MSKB 5012146
MSKB 5012147
MSKB 5012148
MSKB 5012149
MSKB 5012150
MSKB 5012151
MSKB 5012152
MSKB 5012153
MSKB 5012154
MSKB 5012155
XREF MSFT:MS22-5012117
XREF MSFT:MS22-5012118
XREF MSFT:MS22-5012119
XREF MSFT:MS22-5012120
XREF MSFT:MS22-5012121
XREF MSFT:MS22-5012122
XREF MSFT:MS22-5012123
XREF MSFT:MS22-5012124
XREF MSFT:MS22-5012125
XREF MSFT:MS22-5012128
XREF MSFT:MS22-5012129
XREF MSFT:MS22-5012130
XREF MSFT:MS22-5012131
XREF MSFT:MS22-5012136
XREF MSFT:MS22-5012137
XREF MSFT:MS22-5012138
XREF MSFT:MS22-5012139
XREF MSFT:MS22-5012140
XREF MSFT:MS22-5012141
XREF MSFT:MS22-5012142
XREF MSFT:MS22-5012143
XREF MSFT:MS22-5012144
XREF MSFT:MS22-5012145
XREF MSFT:MS22-5012146
XREF MSFT:MS22-5012147
XREF MSFT:MS22-5012148
XREF MSFT:MS22-5012149
XREF MSFT:MS22-5012150
XREF MSFT:MS22-5012151
XREF MSFT:MS22-5012152
XREF MSFT:MS22-5012153
XREF MSFT:MS22-5012154
XREF MSFT:MS22-5012155
XREF IAVA:2022-A-0143-S
Plugin Information
Published: 2022/12/05, Modified: 2023/09/20
Plugin Output

tcp/445/cifs


Microsoft .NET Framework 4.7.2
The remote host is missing one of the following rollup KBs :

Cumulative
- 5012128

C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.web.dll has not been patched.
Remote version : 4.7.3429.0
Should be : 4.7.3930.0

193217 - Security Updates for Microsoft .NET Framework (April 2024)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.
Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by remote code execution vulnerability.
See Also
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
Medium
CVSS v3.0 Base Score
7.3 (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.4 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-21409
MSKB 5036604
MSKB 5036605
MSKB 5036606
MSKB 5036607
MSKB 5036608
MSKB 5036609
MSKB 5036610
MSKB 5036611
MSKB 5036612
MSKB 5036613
MSKB 5036614
MSKB 5036615
MSKB 5036618
MSKB 5036619
MSKB 5036620
MSKB 5036621
MSKB 5036624
MSKB 5036625
MSKB 5036626
MSKB 5036627
MSKB 5036631
MSKB 5036632
MSKB 5036633
MSKB 5036634
MSKB 5036636
MSKB 5036637
XREF MSFT:MS24-5036604
XREF MSFT:MS24-5036605
XREF MSFT:MS24-5036606
XREF MSFT:MS24-5036607
XREF MSFT:MS24-5036608
XREF MSFT:MS24-5036609
XREF MSFT:MS24-5036610
XREF MSFT:MS24-5036611
XREF MSFT:MS24-5036612
XREF MSFT:MS24-5036613
XREF MSFT:MS24-5036614
XREF MSFT:MS24-5036615
XREF MSFT:MS24-5036618
XREF MSFT:MS24-5036619
XREF MSFT:MS24-5036620
XREF MSFT:MS24-5036621
XREF MSFT:MS24-5036624
XREF MSFT:MS24-5036625
XREF MSFT:MS24-5036626
XREF MSFT:MS24-5036627
XREF MSFT:MS24-5036631
XREF MSFT:MS24-5036632
XREF MSFT:MS24-5036633
XREF MSFT:MS24-5036634
XREF MSFT:MS24-5036636
XREF MSFT:MS24-5036637
XREF IAVA:2024-A-0219
Plugin Information
Published: 2024/04/11, Modified: 2024/04/12
Plugin Output

tcp/445/cifs


Microsoft .NET Framework 4.7.2
The remote host is missing one of the following rollup KBs :

Cumulative
- 5036604

C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.runtime.serialization.dll has not been patched.
Remote version : 4.7.3440.0
Should be : 4.7.4092.0

139598 - Security Updates for Microsoft .NET Framework (August 2020)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is affected by multiple vulnerabilities.
Description
The Microsoft .NET Framework installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)

- A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. (CVE-2020-1046)
See Also
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.9 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2020-1046
CVE CVE-2020-1476
MSKB 4569751
MSKB 4571709
MSKB 4569748
MSKB 4569749
MSKB 4569746
MSKB 4571692
MSKB 4569745
MSKB 4571741
MSKB 4570506
MSKB 4570507
MSKB 4571694
MSKB 4570505
MSKB 4570502
MSKB 4570503
MSKB 4570500
MSKB 4570501
MSKB 4570508
MSKB 4570509
XREF MSFT:MS20-4569751
XREF MSFT:MS20-4571709
XREF MSFT:MS20-4569748
XREF MSFT:MS20-4569749
XREF MSFT:MS20-4569746
XREF MSFT:MS20-4571692
XREF MSFT:MS20-4569745
XREF MSFT:MS20-4571741
XREF MSFT:MS20-4570506
XREF MSFT:MS20-4570507
XREF MSFT:MS20-4571694
XREF MSFT:MS20-4570505
XREF MSFT:MS20-4570502
XREF MSFT:MS20-4570503
XREF MSFT:MS20-4570500
XREF MSFT:MS20-4570501
XREF MSFT:MS20-4570508
XREF MSFT:MS20-4570509
XREF IAVA:2020-A-0368-S
XREF CEA-ID:CEA-2020-0101
Plugin Information
Published: 2020/08/14, Modified: 2022/12/06
Plugin Output

tcp/445/cifs


Microsoft .NET Framework 4.7.2
The remote host is missing one of the following rollup KBs :

Cumulative
- 4569776

C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.web.dll has not been patched.
Remote version : 4.7.3429.0
Should be : 4.7.3650.0

179664 - Security Updates for Microsoft .NET Framework (August 2023)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.
Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows:

- A remote code execution vulnerability in applications running on IIS using their parent application's Application Pool which can lead to privilege escalation and other security bypasses. (CVE-2023-36899)

- A spoofing vulnerability where an unauthenticated remote attacker can sign ClickOnce deployments without a valid code signing certificate. (CVE-2023-36873)
See Also
http://www.nessus.org/u?31a7e1cb
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36873
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36899
https://support.microsoft.com/en-us/help/5028946
https://support.microsoft.com/en-us/help/5028947
https://support.microsoft.com/en-us/help/5028948
https://support.microsoft.com/en-us/help/5028950
https://support.microsoft.com/en-us/help/5028951
https://support.microsoft.com/en-us/help/5028952
https://support.microsoft.com/en-us/help/5028953
https://support.microsoft.com/en-us/help/5028954
https://support.microsoft.com/en-us/help/5028955
https://support.microsoft.com/en-us/help/5028956
https://support.microsoft.com/en-us/help/5028957
https://support.microsoft.com/en-us/help/5028958
https://support.microsoft.com/en-us/help/5028960
https://support.microsoft.com/en-us/help/5028961
https://support.microsoft.com/en-us/help/5028962
https://support.microsoft.com/en-us/help/5028963
https://support.microsoft.com/en-us/help/5028967
https://support.microsoft.com/en-us/help/5028968
https://support.microsoft.com/en-us/help/5028969
https://support.microsoft.com/en-us/help/5028970
https://support.microsoft.com/en-us/help/5028973
https://support.microsoft.com/en-us/help/5028974
https://support.microsoft.com/en-us/help/5028975
https://support.microsoft.com/en-us/help/5028976
https://support.microsoft.com/en-us/help/5028977
https://support.microsoft.com/en-us/help/5028978
https://support.microsoft.com/en-us/help/5028979
https://support.microsoft.com/en-us/help/5028980
https://support.microsoft.com/en-us/help/5028981
https://support.microsoft.com/en-us/help/5028982
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.0 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36873
CVE CVE-2023-36899
MSKB 5028946
MSKB 5028947
MSKB 5028948
MSKB 5028950
MSKB 5028951
MSKB 5028952
MSKB 5028953
MSKB 5028954
MSKB 5028955
MSKB 5028956
MSKB 5028957
MSKB 5028958
MSKB 5028960
MSKB 5028961
MSKB 5028962
MSKB 5028963
MSKB 5028967
MSKB 5028968
MSKB 5028969
MSKB 5028970
MSKB 5028973
MSKB 5028974
MSKB 5028975
MSKB 5028976
MSKB 5028977
MSKB 5028978
MSKB 5028979
MSKB 5028980
MSKB 5028981
MSKB 5028982
XREF MSFT:MS23-5028946
XREF MSFT:MS23-5028947
XREF MSFT:MS23-5028948
XREF MSFT:MS23-5028950
XREF MSFT:MS23-5028951
XREF MSFT:MS23-5028952
XREF MSFT:MS23-5028953
XREF MSFT:MS23-5028954
XREF MSFT:MS23-5028955
XREF MSFT:MS23-5028956
XREF MSFT:MS23-5028957
XREF MSFT:MS23-5028958
XREF MSFT:MS23-5028960
XREF MSFT:MS23-5028961
XREF MSFT:MS23-5028962
XREF MSFT:MS23-5028963
XREF MSFT:MS23-5028967
XREF MSFT:MS23-5028968
XREF MSFT:MS23-5028969
XREF MSFT:MS23-5028970
XREF MSFT:MS23-5028973
XREF MSFT:MS23-5028974
XREF MSFT:MS23-5028975
XREF MSFT:MS23-5028976
XREF MSFT:MS23-5028977
XREF MSFT:MS23-5028978
XREF MSFT:MS23-5028979
XREF MSFT:MS23-5028980
XREF MSFT:MS23-5028981
XREF MSFT:MS23-5028982
XREF IAVA:2023-A-0406-S
Plugin Information
Published: 2023/08/10, Modified: 2023/09/15
Plugin Output

tcp/445/cifs


Microsoft .NET Framework 4.7.2
The remote host is missing one of the following rollup KBs :

Cumulative
- 5028960

C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.web.dll has not been patched.
Remote version : 4.7.3429.0
Should be : 4.7.4057.0

168745 - Security Updates for Microsoft .NET Framework (December 2022)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.
Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in the handling of XPS files.
See Also
http://www.nessus.org/u?0d29de7c
http://www.nessus.org/u?e40dadbd
https://support.microsoft.com/en-us/help/5020859
https://support.microsoft.com/en-us/help/5020860
https://support.microsoft.com/en-us/help/5020861
https://support.microsoft.com/en-us/help/5020862
https://support.microsoft.com/en-us/help/5020866
https://support.microsoft.com/en-us/help/5020867
https://support.microsoft.com/en-us/help/5020868
https://support.microsoft.com/en-us/help/5020869
https://support.microsoft.com/en-us/help/5020872
https://support.microsoft.com/en-us/help/5020873
https://support.microsoft.com/en-us/help/5020874
https://support.microsoft.com/en-us/help/5020875
https://support.microsoft.com/en-us/help/5020876
https://support.microsoft.com/en-us/help/5020877
https://support.microsoft.com/en-us/help/5020878
https://support.microsoft.com/en-us/help/5020879
https://support.microsoft.com/en-us/help/5020880
https://support.microsoft.com/en-us/help/5020881
https://support.microsoft.com/en-us/help/5020882
https://support.microsoft.com/en-us/help/5020883
https://support.microsoft.com/en-us/help/5020894
https://support.microsoft.com/en-us/help/5020895
https://support.microsoft.com/en-us/help/5020896
https://support.microsoft.com/en-us/help/5020897
https://support.microsoft.com/en-us/help/5020898
https://support.microsoft.com/en-us/help/5020899
https://support.microsoft.com/en-us/help/5020900
https://support.microsoft.com/en-us/help/5020901
https://support.microsoft.com/en-us/help/5020902
https://support.microsoft.com/en-us/help/5020903
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-41089
MSKB 5020859
MSKB 5020860
MSKB 5020861
MSKB 5020862
MSKB 5020866
MSKB 5020867
MSKB 5020868
MSKB 5020869
MSKB 5020872
MSKB 5020873
MSKB 5020874
MSKB 5020875
MSKB 5020876
MSKB 5020877
MSKB 5020878
MSKB 5020879
MSKB 5020880
MSKB 5020881
MSKB 5020882
MSKB 5020883
MSKB 5020894
MSKB 5020895
MSKB 5020896
MSKB 5020897
MSKB 5020898
MSKB 5020899
MSKB 5020900
MSKB 5020901
MSKB 5020902
MSKB 5020903
XREF MSFT:MS22-5020859
XREF MSFT:MS22-5020860
XREF MSFT:MS22-5020861
XREF MSFT:MS22-5020862
XREF MSFT:MS22-5020866
XREF MSFT:MS22-5020867
XREF MSFT:MS22-5020868
XREF MSFT:MS22-5020869
XREF MSFT:MS22-5020872
XREF MSFT:MS22-5020873
XREF MSFT:MS22-5020874
XREF MSFT:MS22-5020875
XREF MSFT:MS22-5020876
XREF MSFT:MS22-5020877
XREF MSFT:MS22-5020878
XREF MSFT:MS22-5020879
XREF MSFT:MS22-5020880
XREF MSFT:MS22-5020881
XREF MSFT:MS22-5020882
XREF MSFT:MS22-5020883
XREF MSFT:MS22-5020894
XREF MSFT:MS22-5020895
XREF MSFT:MS22-5020896
XREF MSFT:MS22-5020897
XREF MSFT:MS22-5020898
XREF MSFT:MS22-5020899
XREF MSFT:MS22-5020900
XREF MSFT:MS22-5020901
XREF MSFT:MS22-5020902
XREF MSFT:MS22-5020903
XREF IAVA:2022-A-0534-S
Plugin Information
Published: 2022/12/15, Modified: 2023/11/20
Plugin Output

tcp/445/cifs


Microsoft .NET Framework 4.7.2
The remote host is missing one of the following rollup KBs :

Cumulative
- 5020866

C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.core.dll has not been patched.
Remote version : 4.7.3468.0
Should be : 4.7.4010.0

168396 - Security Updates for Microsoft .NET Framework (February 2021)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.
Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by a denial of service vulnerability.
See Also
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-24111
MSKB 4578950
MSKB 4578951
MSKB 4578952
MSKB 4578953
MSKB 4600944
MSKB 4600945
MSKB 4600957
MSKB 4601048
MSKB 4601050
MSKB 4601051
MSKB 4601052
MSKB 4601054
MSKB 4601055
MSKB 4601056
MSKB 4601057
MSKB 4601058
MSKB 4601060
MSKB 4601089
MSKB 4601090
MSKB 4601091
MSKB 4601092
MSKB 4601093
MSKB 4601094
XREF MSFT:MS21-4578950
XREF MSFT:MS21-4578951
XREF MSFT:MS21-4578952
XREF MSFT:MS21-4578953
XREF MSFT:MS21-4600944
XREF MSFT:MS21-4600945
XREF MSFT:MS21-4600957
XREF MSFT:MS21-4601048
XREF MSFT:MS21-4601050
XREF MSFT:MS21-4601051
XREF MSFT:MS21-4601052
XREF MSFT:MS21-4601054
XREF MSFT:MS21-4601055
XREF MSFT:MS21-4601056
XREF MSFT:MS21-4601057
XREF MSFT:MS21-4601058
XREF MSFT:MS21-4601060
XREF MSFT:MS21-4601089
XREF MSFT:MS21-4601090
XREF MSFT:MS21-4601091
XREF MSFT:MS21-4601092
XREF MSFT:MS21-4601093
XREF MSFT:MS21-4601094
XREF IAVA:2021-A-0079-S
Plugin Information
Published: 2022/12/05, Modified: 2022/12/06
Plugin Output

tcp/445/cifs


Microsoft .NET Framework 4.7.2
The remote host is missing one of the following rollup KBs :

Cumulative
- 4601060

C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.web.dll has not been patched.
Remote version : 4.7.3429.0
Should be : 4.7.3770.0

171598 - Security Updates for Microsoft .NET Framework (February 2023)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.
Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows:

- A denial of service (DoS) vulnerability. (CVE-2023-21722)

- A remote code execution vulnerability. (CVE-2023-21808)
See Also
http://www.nessus.org/u?5bd7d30c
http://www.nessus.org/u?42dae88f
http://www.nessus.org/u?db0b1765
https://support.microsoft.com/en-us/help/5022497
https://support.microsoft.com/en-us/help/5022498
https://support.microsoft.com/en-us/help/5022499
https://support.microsoft.com/en-us/help/5022501
https://support.microsoft.com/en-us/help/5022502
https://support.microsoft.com/en-us/help/5022503
https://support.microsoft.com/en-us/help/5022504
https://support.microsoft.com/en-us/help/5022505
https://support.microsoft.com/en-us/help/5022506
https://support.microsoft.com/en-us/help/5022507
https://support.microsoft.com/en-us/help/5022508
https://support.microsoft.com/en-us/help/5022509
https://support.microsoft.com/en-us/help/5022511
https://support.microsoft.com/en-us/help/5022512
https://support.microsoft.com/en-us/help/5022513
https://support.microsoft.com/en-us/help/5022514
https://support.microsoft.com/en-us/help/5022515
https://support.microsoft.com/en-us/help/5022516
https://support.microsoft.com/en-us/help/5022520
https://support.microsoft.com/en-us/help/5022521
https://support.microsoft.com/en-us/help/5022522
https://support.microsoft.com/en-us/help/5022523
https://support.microsoft.com/en-us/help/5022524
https://support.microsoft.com/en-us/help/5022525
https://support.microsoft.com/en-us/help/5022526
https://support.microsoft.com/en-us/help/5022529
https://support.microsoft.com/en-us/help/5022530
https://support.microsoft.com/en-us/help/5022531
https://support.microsoft.com/en-us/help/5022574
https://support.microsoft.com/en-us/help/5022575
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:F/RL:O/RC:C)
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-21722
CVE CVE-2023-21808
MSKB 5022497
MSKB 5022498
MSKB 5022499
MSKB 5022501
MSKB 5022502
MSKB 5022503
MSKB 5022504
MSKB 5022505
MSKB 5022506
MSKB 5022507
MSKB 5022508
MSKB 5022509
MSKB 5022511
MSKB 5022512
MSKB 5022513
MSKB 5022514
MSKB 5022515
MSKB 5022516
MSKB 5022520
MSKB 5022521
MSKB 5022522
MSKB 5022523
MSKB 5022524
MSKB 5022525
MSKB 5022526
MSKB 5022529
MSKB 5022530
MSKB 5022531
MSKB 5022574
MSKB 5022575
XREF MSFT:MS23-5022497
XREF MSFT:MS23-5022498
XREF MSFT:MS23-5022499
XREF MSFT:MS23-5022501
XREF MSFT:MS23-5022502
XREF MSFT:MS23-5022503
XREF MSFT:MS23-5022504
XREF MSFT:MS23-5022505
XREF MSFT:MS23-5022506
XREF MSFT:MS23-5022507
XREF MSFT:MS23-5022508
XREF MSFT:MS23-5022509
XREF MSFT:MS23-5022511
XREF MSFT:MS23-5022512
XREF MSFT:MS23-5022513
XREF MSFT:MS23-5022514
XREF MSFT:MS23-5022515
XREF MSFT:MS23-5022516
XREF MSFT:MS23-5022520
XREF MSFT:MS23-5022521
XREF MSFT:MS23-5022522
XREF MSFT:MS23-5022523
XREF MSFT:MS23-5022524
XREF MSFT:MS23-5022525
XREF MSFT:MS23-5022526
XREF MSFT:MS23-5022529
XREF MSFT:MS23-5022530
XREF MSFT:MS23-5022531
XREF MSFT:MS23-5022574
XREF MSFT:MS23-5022575
XREF IAVA:2023-A-0087-S
Plugin Information
Published: 2023/02/17, Modified: 2023/09/04
Plugin Output

tcp/445/cifs


Microsoft .NET Framework 4.7.2
The remote host is missing one of the following rollup KBs :

Cumulative
- 5022511

C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.core.dll has not been patched.
Remote version : 4.7.3468.0
Should be : 4.7.4038.0

168397 - Security Updates for Microsoft .NET Framework (January 2022)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.
Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by a denial of service vulnerability.
See Also
http://www.nessus.org/u?a191b934
http://www.nessus.org/u?0717522a
https://support.microsoft.com/en-us/help/5008858
https://support.microsoft.com/en-us/help/5008859
https://support.microsoft.com/en-us/help/5008860
https://support.microsoft.com/en-us/help/5008865
https://support.microsoft.com/en-us/help/5008866
https://support.microsoft.com/en-us/help/5008867
https://support.microsoft.com/en-us/help/5008868
https://support.microsoft.com/en-us/help/5008869
https://support.microsoft.com/en-us/help/5008870
https://support.microsoft.com/en-us/help/5008873
https://support.microsoft.com/en-us/help/5008874
https://support.microsoft.com/en-us/help/5008875
https://support.microsoft.com/en-us/help/5008876
https://support.microsoft.com/en-us/help/5008877
https://support.microsoft.com/en-us/help/5008878
https://support.microsoft.com/en-us/help/5008879
https://support.microsoft.com/en-us/help/5008880
https://support.microsoft.com/en-us/help/5008881
https://support.microsoft.com/en-us/help/5008882
https://support.microsoft.com/en-us/help/5008883
https://support.microsoft.com/en-us/help/5008885
https://support.microsoft.com/en-us/help/5008886
https://support.microsoft.com/en-us/help/5008887
https://support.microsoft.com/en-us/help/5008888
https://support.microsoft.com/en-us/help/5008889
https://support.microsoft.com/en-us/help/5008890
https://support.microsoft.com/en-us/help/5008891
https://support.microsoft.com/en-us/help/5008892
https://support.microsoft.com/en-us/help/5008893
https://support.microsoft.com/en-us/help/5008894
https://support.microsoft.com/en-us/help/5008895
https://support.microsoft.com/en-us/help/5008896
https://support.microsoft.com/en-us/help/5008897
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2022-21911
MSKB 5008858
MSKB 5008859
MSKB 5008860
MSKB 5008865
MSKB 5008866
MSKB 5008867
MSKB 5008868
MSKB 5008869
MSKB 5008870
MSKB 5008873
MSKB 5008874
MSKB 5008875
MSKB 5008876
MSKB 5008877
MSKB 5008878
MSKB 5008879
MSKB 5008880
MSKB 5008881
MSKB 5008882
MSKB 5008883
MSKB 5008885
MSKB 5008886
MSKB 5008887
MSKB 5008888
MSKB 5008889
MSKB 5008890
MSKB 5008891
MSKB 5008892
MSKB 5008893
MSKB 5008894
MSKB 5008895
MSKB 5008896
MSKB 5008897
XREF MSFT:MS22-5008858
XREF MSFT:MS22-5008859
XREF MSFT:MS22-5008860
XREF MSFT:MS22-5008865
XREF MSFT:MS22-5008866
XREF MSFT:MS22-5008867
XREF MSFT:MS22-5008868
XREF MSFT:MS22-5008869
XREF MSFT:MS22-5008870
XREF MSFT:MS22-5008873
XREF MSFT:MS22-5008874
XREF MSFT:MS22-5008875
XREF MSFT:MS22-5008876
XREF MSFT:MS22-5008877
XREF MSFT:MS22-5008878
XREF MSFT:MS22-5008879
XREF MSFT:MS22-5008880
XREF MSFT:MS22-5008881
XREF MSFT:MS22-5008882
XREF MSFT:MS22-5008883
XREF MSFT:MS22-5008885
XREF MSFT:MS22-5008886
XREF MSFT:MS22-5008887
XREF MSFT:MS22-5008888
XREF MSFT:MS22-5008889
XREF MSFT:MS22-5008890
XREF MSFT:MS22-5008891
XREF MSFT:MS22-5008892
XREF MSFT:MS22-5008893
XREF MSFT:MS22-5008894
XREF MSFT:MS22-5008895
XREF MSFT:MS22-5008896
XREF MSFT:MS22-5008897
Plugin Information
Published: 2022/12/05, Modified: 2022/12/06
Plugin Output

tcp/445/cifs


Microsoft .NET Framework 4.7.2
The remote host is missing one of the following rollup KBs :

Cumulative
- 5008873

C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.web.dll has not been patched.
Remote version : 4.7.3429.0
Should be : 4.7.3905.0

138464 - Security Updates for Microsoft .NET Framework (July 2020)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.
Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability :

- A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)
See Also
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:F/RL:O/RC:C)
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.6 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-1147
MSKB 4565489
MSKB 4565508
MSKB 4565511
MSKB 4565513
MSKB 4565627
MSKB 4565628
MSKB 4565630
MSKB 4565631
MSKB 4565633
MSKB 4566466
MSKB 4566467
MSKB 4566468
MSKB 4566469
MSKB 4566516
MSKB 4566517
MSKB 4566518
MSKB 4566519
MSKB 4566520
XREF IAVA:2020-A-0305-S
XREF CISA-KNOWN-EXPLOITED:2022/05/03
XREF MSFT:MS20-4565489
XREF MSFT:MS20-4565508
XREF MSFT:MS20-4565511
XREF MSFT:MS20-4565513
XREF MSFT:MS20-4565627
XREF MSFT:MS20-4565628
XREF MSFT:MS20-4565630
XREF MSFT:MS20-4565631
XREF MSFT:MS20-4565633
XREF MSFT:MS20-4566466
XREF MSFT:MS20-4566467
XREF MSFT:MS20-4566468
XREF MSFT:MS20-4566469
XREF MSFT:MS20-4566516
XREF MSFT:MS20-4566517
XREF MSFT:MS20-4566518
XREF MSFT:MS20-4566519
XREF MSFT:MS20-4566520
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2020/07/14, Modified: 2023/04/25
Plugin Output

tcp/445/cifs


Microsoft .NET Framework 4.7.2
The remote host is missing one of the following rollup KBs :

Cumulative
- 4565625

C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.configuration.dll has not been patched.
Remote version : 4.7.3324.0
Should be : 4.7.3630.0

177393 - Security Updates for Microsoft .NET Framework (June 2023)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.
Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows:

- A remote code execution vulnerability in the MSDIA SDK where corrupted PDBs can cause a heap overflow.
(CVE-2023-24897)

- A remote code execution vulnerability in WPF where the BAML offers other ways to instantiate types.
(CVE-2023-21808)

- A remote code execution vulnerability in the WPF XAML parser (CVE-2023-24895)
See Also
http://www.nessus.org/u?283f4db9
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24895
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29326
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29331
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32030
https://support.microsoft.com/en-us/help/5027107
https://support.microsoft.com/en-us/help/5027108
https://support.microsoft.com/en-us/help/5027109
https://support.microsoft.com/en-us/help/5027110
https://support.microsoft.com/en-us/help/5027111
https://support.microsoft.com/en-us/help/5027112
https://support.microsoft.com/en-us/help/5027113
https://support.microsoft.com/en-us/help/5027114
https://support.microsoft.com/en-us/help/5027115
https://support.microsoft.com/en-us/help/5027116
https://support.microsoft.com/en-us/help/5027117
https://support.microsoft.com/en-us/help/5027118
https://support.microsoft.com/en-us/help/5027119
https://support.microsoft.com/en-us/help/5027121
https://support.microsoft.com/en-us/help/5027122
https://support.microsoft.com/en-us/help/5027123
https://support.microsoft.com/en-us/help/5027124
https://support.microsoft.com/en-us/help/5027125
https://support.microsoft.com/en-us/help/5027126
https://support.microsoft.com/en-us/help/5027127
https://support.microsoft.com/en-us/help/5027128
https://support.microsoft.com/en-us/help/5027129
https://support.microsoft.com/en-us/help/5027131
https://support.microsoft.com/en-us/help/5027132
https://support.microsoft.com/en-us/help/5027133
https://support.microsoft.com/en-us/help/5027134
https://support.microsoft.com/en-us/help/5027138
https://support.microsoft.com/en-us/help/5027139
https://support.microsoft.com/en-us/help/5027140
https://support.microsoft.com/en-us/help/5027141
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-24895
CVE CVE-2023-24897
CVE CVE-2023-24936
CVE CVE-2023-29326
CVE CVE-2023-29330
CVE CVE-2023-29331
CVE CVE-2023-32030
MSKB 5027107
MSKB 5027108
MSKB 5027109
MSKB 5027110
MSKB 5027111
MSKB 5027112
MSKB 5027113
MSKB 5027114
MSKB 5027115
MSKB 5027116
MSKB 5027117
MSKB 5027118
MSKB 5027119
MSKB 5027121
MSKB 5027122
MSKB 5027123
MSKB 5027124
MSKB 5027125
MSKB 5027126
MSKB 5027127
MSKB 5027128
MSKB 5027129
MSKB 5027131
MSKB 5027132
MSKB 5027133
MSKB 5027134
MSKB 5027138
MSKB 5027139
MSKB 5027140
MSKB 5027141
XREF MSFT:MS23-5027107
XREF MSFT:MS23-5027108
XREF MSFT:MS23-5027109
XREF MSFT:MS23-5027110
XREF MSFT:MS23-5027111
XREF MSFT:MS23-5027112
XREF MSFT:MS23-5027113
XREF MSFT:MS23-5027114
XREF MSFT:MS23-5027115
XREF MSFT:MS23-5027116
XREF MSFT:MS23-5027117
XREF MSFT:MS23-5027118
XREF MSFT:MS23-5027119
XREF MSFT:MS23-5027121
XREF MSFT:MS23-5027122
XREF MSFT:MS23-5027123
XREF MSFT:MS23-5027124
XREF MSFT:MS23-5027125
XREF MSFT:MS23-5027126
XREF MSFT:MS23-5027127
XREF MSFT:MS23-5027128
XREF MSFT:MS23-5027129
XREF MSFT:MS23-5027131
XREF MSFT:MS23-5027132
XREF MSFT:MS23-5027133
XREF MSFT:MS23-5027134
XREF MSFT:MS23-5027138
XREF MSFT:MS23-5027139
XREF MSFT:MS23-5027140
XREF MSFT:MS23-5027141
XREF IAVA:2023-A-0291-S
Plugin Information
Published: 2023/06/16, Modified: 2023/08/11
Plugin Output

tcp/445/cifs


Microsoft .NET Framework 4.7.2
The remote host is missing one of the following rollup KBs :

Cumulative
- 5027131

C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.core.dll has not been patched.
Remote version : 4.7.3468.0
Should be : 4.7.4050.0

136564 - Security Updates for Microsoft .NET Framework (May 2020)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is affected by multiple vulnerabilities.
Description
The Microsoft .NET Framework installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

- A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Core or .NET Framework web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Core or .NET Framework application. The update addresses the vulnerability by correcting how the .NET Core or .NET Framework web application handles web requests. (CVE-2020-1108)

- An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level. (CVE-2020-1066)
See Also
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
4.6 (CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
4.0 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2020-1066
CVE CVE-2020-1108
MSKB 4556812
MSKB 4556826
MSKB 4556807
MSKB 4556813
MSKB 4556406
MSKB 4556405
MSKB 4556404
MSKB 4556403
MSKB 4556402
MSKB 4556401
MSKB 4556400
MSKB 4556441
MSKB 4552926
MSKB 4552931
MSKB 4556399
MSKB 4552928
MSKB 4552929
XREF MSFT:MS20-4556812
XREF MSFT:MS20-4556826
XREF MSFT:MS20-4556807
XREF MSFT:MS20-4556813
XREF MSFT:MS20-4556406
XREF MSFT:MS20-4556405
XREF MSFT:MS20-4556404
XREF MSFT:MS20-4556403
XREF MSFT:MS20-4556402
XREF MSFT:MS20-4556401
XREF MSFT:MS20-4556400
XREF MSFT:MS20-4556441
XREF MSFT:MS20-4552926
XREF MSFT:MS20-4552931
XREF MSFT:MS20-4556399
XREF MSFT:MS20-4552928
XREF MSFT:MS20-4552929
XREF IAVA:2020-A-0207-S
Exploitable With
Core Impact (true)
Plugin Information
Published: 2020/05/13, Modified: 2023/01/30
Plugin Output

tcp/445/cifs


Microsoft .NET Framework 4.7.2
The remote host is missing one of the following rollup KBs :

Cumulative
- 4552924

C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.runtime.serialization.dll has not been patched.
Remote version : 4.7.3440.0
Should be : 4.7.3620.0

181375 - Security Updates for Microsoft .NET Framework (September 2023)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.
Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows:

- Multiple vulnerabilities in DiaSymReader.dll where parsing an corrupted PDB can result in remote code execution. (CVE-2023-36792, CVE-2023-36793, CVE-2023-36794 CVE-2023-36796)

- A vulnerability in the WPF XML parser where an unsandboxed parser can lead to remote code execution.
(CVE-2023-36788)
See Also
http://www.nessus.org/u?3bbdfd35
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36788
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36793
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36796
https://support.microsoft.com/en-us/help/5029915
https://support.microsoft.com/en-us/help/5029916
https://support.microsoft.com/en-us/help/5029917
https://support.microsoft.com/en-us/help/5029919
https://support.microsoft.com/en-us/help/5029920
https://support.microsoft.com/en-us/help/5029921
https://support.microsoft.com/en-us/help/5029922
https://support.microsoft.com/en-us/help/5029923
https://support.microsoft.com/en-us/help/5029924
https://support.microsoft.com/en-us/help/5029925
https://support.microsoft.com/en-us/help/5029926
https://support.microsoft.com/en-us/help/5029927
https://support.microsoft.com/en-us/help/5029928
https://support.microsoft.com/en-us/help/5029929
https://support.microsoft.com/en-us/help/5029931
https://support.microsoft.com/en-us/help/5029932
https://support.microsoft.com/en-us/help/5029933
https://support.microsoft.com/en-us/help/5029937
https://support.microsoft.com/en-us/help/5029938
https://support.microsoft.com/en-us/help/5029940
https://support.microsoft.com/en-us/help/5029941
https://support.microsoft.com/en-us/help/5029942
https://support.microsoft.com/en-us/help/5029943
https://support.microsoft.com/en-us/help/5029944
https://support.microsoft.com/en-us/help/5029945
https://support.microsoft.com/en-us/help/5029946
https://support.microsoft.com/en-us/help/5029947
https://support.microsoft.com/en-us/help/5029948
https://support.microsoft.com/en-us/help/5030030
https://support.microsoft.com/en-us/help/5030160
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36788
CVE CVE-2023-36792
CVE CVE-2023-36793
CVE CVE-2023-36794
CVE CVE-2023-36796
MSKB 5029915
MSKB 5029916
MSKB 5029917
MSKB 5029919
MSKB 5029920
MSKB 5029921
MSKB 5029922
MSKB 5029923
MSKB 5029924
MSKB 5029925
MSKB 5029926
MSKB 5029927
MSKB 5029928
MSKB 5029929
MSKB 5029931
MSKB 5029932
MSKB 5029933
MSKB 5029937
MSKB 5029938
MSKB 5029940
MSKB 5029941
MSKB 5029942
MSKB 5029943
MSKB 5029944
MSKB 5029945
MSKB 5029946
MSKB 5029947
MSKB 5029948
MSKB 5030030
MSKB 5030160
XREF MSFT:MS23-5029916
XREF MSFT:MS23-5029917
XREF MSFT:MS23-5029919
XREF MSFT:MS23-5029920
XREF MSFT:MS23-5029921
XREF MSFT:MS23-5029922
XREF MSFT:MS23-5029923
XREF MSFT:MS23-5029924
XREF MSFT:MS23-5029925
XREF MSFT:MS23-5029926
XREF MSFT:MS23-5029927
XREF MSFT:MS23-5029928
XREF MSFT:MS23-5029929
XREF MSFT:MS23-5029931
XREF MSFT:MS23-5029932
XREF MSFT:MS23-5029933
XREF MSFT:MS23-5029937
XREF MSFT:MS23-5029938
XREF MSFT:MS23-5029940
XREF MSFT:MS23-5029941
XREF MSFT:MS23-5029942
XREF MSFT:MS23-5029943
XREF MSFT:MS23-5029944
XREF MSFT:MS23-5029945
XREF MSFT:MS23-5029946
XREF MSFT:MS23-5029947
XREF MSFT:MS23-5029948
XREF MSFT:MS23-5030030
XREF MSFT:MS23-5030160
XREF IAVA:2023-A-0470-S
Plugin Information
Published: 2023/09/13, Modified: 2023/11/16
Plugin Output

tcp/445/cifs


Microsoft .NET Framework 4.7.2
The remote host is missing one of the following rollup KBs :

Cumulative
- 5029931

C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll has not been patched.
Remote version : 14.7.3190.0
Should be : 14.7.4063.0

175450 - Security Updates for Microsoft SQL Server (April 2023)
-
Synopsis
The Microsoft SQL Server installation on the remote host is missing a security update.
Description
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2023-23384) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for Microsoft SQL Server.
Risk Factor
High
CVSS v3.0 Base Score
7.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVSS v3.0 Temporal Score
6.4 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-23384
MSKB 5020863
MSKB 5021037
MSKB 5021045
MSKB 5021112
MSKB 5021123
MSKB 5021124
MSKB 5021125
MSKB 5021126
MSKB 5021127
MSKB 5021128
MSKB 5021129
MSKB 5021522
XREF MSFT:MS23-5020863
XREF MSFT:MS23-5021037
XREF MSFT:MS23-5021045
XREF MSFT:MS23-5021112
XREF MSFT:MS23-5021123
XREF MSFT:MS23-5021124
XREF MSFT:MS23-5021125
XREF MSFT:MS23-5021126
XREF MSFT:MS23-5021127
XREF MSFT:MS23-5021128
XREF MSFT:MS23-5021129
XREF MSFT:MS23-5021522
XREF IAVA:2023-A-0189-S
Plugin Information
Published: 2023/05/12, Modified: 2023/08/11
Plugin Output

tcp/445/cifs



KB : 5021522
- C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe has not been patched.
Remote version : 2022.160.1000.6
Should be : 2022.160.1050.5

SQL Server Version : 16.0.1000.6 Standard Edition
SQL Server Instance : MSSQLSERVER
171604 - Security Updates for Microsoft SQL Server (February 2023)
-
Synopsis
The Microsoft SQL Server installation on the remote host is affected by multiple vulnerabilities.
Description
The Microsoft SQL Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2023-21528, CVE-2023-21568, CVE-2023-21704, CVE-2023-21705, CVE-2023-21713, CVE-2023-21718)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB5021126
-KB5021129
-KB5021522
-KB5021127
-KB5021045
-KB5021037
-KB5021128
-KB5021124
-KB5021125
-KB5020863
-KB5021112
-KB5021123
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:F/RL:O/RC:C)
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-21528
CVE CVE-2023-21568
CVE CVE-2023-21704
CVE CVE-2023-21705
CVE CVE-2023-21713
CVE CVE-2023-21718
MSKB 5020863
MSKB 5021112
MSKB 5021126
MSKB 5021129
MSKB 5021522
MSKB 5021127
MSKB 5021045
MSKB 5021037
MSKB 5021128
MSKB 5021123
MSKB 5021124
MSKB 5021125
XREF MSFT:MS23-5020863
XREF MSFT:MS23-5021112
XREF MSFT:MS23-5021126
XREF MSFT:MS23-5021129
XREF MSFT:MS23-5021522
XREF MSFT:MS23-5021127
XREF MSFT:MS23-5021045
XREF MSFT:MS23-5021037
XREF MSFT:MS23-5021128
XREF MSFT:MS23-5021124
XREF MSFT:MS23-5021125
XREF IAVA:2023-A-0086
Plugin Information
Published: 2023/02/17, Modified: 2023/09/04
Plugin Output

tcp/445/cifs



KB : 5021522
- C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe has not been patched.
Remote version : 2022.160.1000.6
Should be : 2022.160.1050.5

SQL Server Version : 16.0.1000.6 Standard Edition
SQL Server Instance : MSSQLSERVER
187792 - Security Updates for Microsoft SQL Server (January 2024)
-
Synopsis
The Microsoft SQL Server installation on the remote host is missing a security update.
Description
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability:

- A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application. (CVE-2024-0056)
See Also
Solution
Microsoft has released security updates for Microsoft SQL Server.
Risk Factor
High
CVSS v3.0 Base Score
8.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N)
CVSS v3.0 Temporal Score
7.6 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
7.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:N)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-0056
MSKB 5032968
MSKB 5033592
XREF MSFT:MS24-5032968
XREF MSFT:MS24-5033592
XREF IAVA:2024-A-0014-S
Plugin Information
Published: 2024/01/09, Modified: 2024/04/11
Plugin Output

tcp/445/cifs



KB : 5032968
- C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe has not been patched.
Remote version : 2022.160.1000.6
Should be : 2022.160.1110.1

SQL Server Version : 16.0.1000.6 Standard Edition
SQL Server Instance : MSSQLSERVER

193160 - Security Updates for Microsoft SQL Server ODBC Driver (April 2024)
-
Synopsis
The Microsoft SQL Server installation on the remote host is missing a security update.
Description
The Microsoft SQL Server driver installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2024-28929)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2024-28930)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2024-28931)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for the Microsoft SQL Driver.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2024/04/10, Modified: 2024/04/12
Plugin Output

tcp/0


Path : C:\Windows\System32\msodbcsql17.dll
Installed version : 17.10.4.1
Fixed version : 17.10.6
183036 - Security Updates for Microsoft SQL Server ODBC Driver (October 2023)
-
Synopsis
The Microsoft SQL Server ODBC Driver installed on the remote host is missing a security update.
Description
The Microsoft SQL Server ODBC Driver installed on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities.

- An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2023-36417, CVE-2023-36420, CVE-2023-36730, CVE-2023-36785)

- An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2023-36728)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for the Microsoft SQL ODBC Driver.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2023/10/13, Modified: 2023/10/16
Plugin Output

tcp/0


Path : C:\Windows\System32\msodbcsql17.dll
Installed version : 17.10.4.1
Fixed version : 17.10.5.1

193161 - Security Updates for Microsoft SQL Server OLE DB Driver (April 2024)
-
Synopsis
The Microsoft SQL Server OLE DB Driver installed on the remote host is missing a security update.
Description
The Microsoft SQL Server OLE DB Driver installed on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2024-28906)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2024-28908)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2024-28909)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for the Microsoft SQL OLE DB Driver.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2024/04/10, Modified: 2024/04/12
Plugin Output

tcp/445/cifs


Path : C:\Windows\System32\msoledbsql.dll
Installed version : 18.6.5.0
Fixed version : 18.7.2
178852 - Security Updates for Microsoft SQL Server OLE DB Driver (June 2023)
-
Synopsis
The Microsoft SQL Server installation on the remote host is missing a security update.
Description
The Microsoft SQL Server driver installation on the remote host is missing a security update. It is, therefore, affected by remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for the Microsoft SQL Driver.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-29349
CVE CVE-2023-32028
CVE CVE-2023-38169
XREF IAVA:2023-A-0410-S
Plugin Information
Published: 2023/07/26, Modified: 2023/10/12
Plugin Output

tcp/445/cifs


Path : C:\Windows\System32\msoledbsql.dll
Installed version : 18.6.5.0
Fixed version : 18.6.6
182968 - Security Updates for Microsoft SQL Server OLE DB Driver (October 2023)
-
Synopsis
The Microsoft SQL Server OLE DB Driver installed on the remote host is missing a security update.
Description
The Microsoft SQL Server OLE DB Driver installed on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities.

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2023-36417)

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2023-36728) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for the Microsoft SQL OLE DB Driver.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36417
CVE CVE-2023-36728
XREF IAVA:2023-A-0541-S
Plugin Information
Published: 2023/10/12, Modified: 2024/01/12
Plugin Output

tcp/445/cifs


Path : C:\Windows\System32\msoledbsql.dll
Installed version : 18.6.5.0
Fixed version : 18.6.7
166555 - WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation (EnableCertPaddingCheck)
-
Synopsis
The remote Windows host is potentially missing a mitigation for a remote code execution vulnerability.
Description
The remote system may be in a vulnerable state to CVE-2013-3900 due to a missing or misconfigured registry keys:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck
- HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck An unauthenticated, remote attacker could exploit this, by sending specially crafted requests, to execute arbitrary code on an affected host.
See Also
Solution
Add and enable registry value EnableCertPaddingCheck:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck

Additionally, on 64 Bit OS systems, Add and enable registry value EnableCertPaddingCheck:

- HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.6 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2013-3900
XREF CISA-KNOWN-EXPLOITED:2022/07/10
XREF IAVA:2013-A-0227
Plugin Information
Published: 2022/10/26, Modified: 2023/12/26
Plugin Output

tcp/445/cifs



Nessus detected the following potentially insecure registry key configuration:
- Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the registry.
- Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the registry.
171859 - Curl Use-After-Free < 7.87 (CVE-2022-43552)
-
Synopsis
The remote Windows host has a program that is affected by a use-after-free vulnerability.
Description
The version of Curl installed on the remote host is prior to 7.87.0. It is therefore affected by a use-after-free vulnerability. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade Curl to version 7.87.0 or later
Risk Factor
Medium
CVSS v3.0 Base Score
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
5.3 (CVSS:3.0/E:P/RL:O/RC:C)
CVSS v2.0 Base Score
5.4 (CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
4.2 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-43552
XREF IAVA:2023-A-0008-S
Plugin Information
Published: 2023/02/23, Modified: 2023/09/01
Plugin Output

tcp/445/cifs


Path : C:\Windows\SysWOW64\curl.exe
Installed version : 7.55.1.0
Fixed version : 7.87.0

tcp/445/cifs


Path : C:\Windows\System32\curl.exe
Installed version : 7.55.1.0
Fixed version : 7.87.0

31705 - SSL Anonymous Cipher Suites Supported
-
Synopsis
The remote service supports the use of anonymous SSL ciphers.
Description
The remote host supports the use of anonymous SSL ciphers. While this enables an administrator to set up a service that encrypts traffic without having to generate and configure SSL certificates, it offers no way to verify the remote host's identity and renders the service vulnerable to a man-in-the-middle attack.

Note: This is considerably easier to exploit if the attacker is on the same physical network.
See Also
Solution
Reconfigure the affected application if possible to avoid use of weak ciphers.
Risk Factor
Low
CVSS v3.0 Base Score
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
5.2 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVSS v2.0 Temporal Score
1.9 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2008/03/28, Modified: 2023/10/27
Plugin Output

tcp/10024


The following is a list of SSL anonymous ciphers supported by the remote TCP server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
AECDH-AES128-SHA 0xC0, 0x18 ECDH None AES-CBC(128) SHA1
AECDH-AES256-SHA 0xC0, 0x19 ECDH None AES-CBC(256) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2020/04/27
Plugin Output

tcp/443


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : O=McAfee/OU=ePO/CN=AH_masked_hostname
|-Issuer : O=McAfee/OU=AH/CN=AH_CA_masked_hostname

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2020/04/27
Plugin Output

tcp/636/ldap


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=masked_hostname.gcc.EMSOCCS.gsdf.mods.go.jp
|-Issuer : DC=jp/DC=go/DC=mods/DC=gsdf/DC=EMSOCCS/DC=gcc/CN=gcc-masked_hostname-CA

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2020/04/27
Plugin Output

tcp/1433/mssql


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=SSL_Self_Signed_Fallback
|-Issuer : CN=SSL_Self_Signed_Fallback

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2020/04/27
Plugin Output

tcp/3269/ldap


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=masked_hostname.gcc.EMSOCCS.gsdf.mods.go.jp
|-Issuer : DC=jp/DC=go/DC=mods/DC=gsdf/DC=EMSOCCS/DC=gcc/CN=gcc-masked_hostname-CA

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2020/04/27
Plugin Output

tcp/3389/msrdp


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=masked_hostname.gcc.EMSOCCS.gsdf.mods.go.jp
|-Issuer : CN=masked_hostname.gcc.EMSOCCS.gsdf.mods.go.jp

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2020/04/27
Plugin Output

tcp/8443/www


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : O=McAfee/OU=Orion/CN=Orion_CA_masked_hostname
|-Issuer : O=McAfee/OU=Orion/CN=Orion_CA_masked_hostname

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2020/04/27
Plugin Output

tcp/8444/www


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : O=McAfee/OU=Orion/CN=Orion_CA_masked_hostname
|-Issuer : O=McAfee/OU=Orion/CN=Orion_CA_masked_hostname

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2020/04/27
Plugin Output

tcp/10024


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=EVEMA_CA
|-Issuer : CN=EVEMA_CA

45411 - SSL Certificate with Wrong Hostname
-
Synopsis
The SSL certificate for this service is for a different host.
Description
The 'commonName' (CN) attribute of the SSL certificate presented for this service is for a different machine.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
Plugin Information
Published: 2010/04/03, Modified: 2020/04/27
Plugin Output

tcp/443


The identities known by Nessus are :

ipaddr
masked_hostname
masked_hostname.gcc.emsoccs.gsdf.mods.go.jp
fd01:e2e2:0:e0c0::1
fd01:e2e2:0:e0c0:d879:25c2:c57b:1511
fe80::d879:25c2:c57b:1511
masked_hostname

The Common Name in the certificate is :

AH_masked_hostname

The Subject Alternate Name in the certificate is :

AH_masked_hostname

45411 - SSL Certificate with Wrong Hostname
-
Synopsis
The SSL certificate for this service is for a different host.
Description
The 'commonName' (CN) attribute of the SSL certificate presented for this service is for a different machine.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
Plugin Information
Published: 2010/04/03, Modified: 2020/04/27
Plugin Output

tcp/1433/mssql


The identities known by Nessus are :

ipaddr
masked_hostname
masked_hostname.gcc.emsoccs.gsdf.mods.go.jp
fd01:e2e2:0:e0c0::1
fd01:e2e2:0:e0c0:d879:25c2:c57b:1511
fe80::d879:25c2:c57b:1511
masked_hostname

The Common Name in the certificate is :

SSL_Self_Signed_Fallback

45411 - SSL Certificate with Wrong Hostname
-
Synopsis
The SSL certificate for this service is for a different host.
Description
The 'commonName' (CN) attribute of the SSL certificate presented for this service is for a different machine.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
Plugin Information
Published: 2010/04/03, Modified: 2020/04/27
Plugin Output

tcp/8444/www


The identities known by Nessus are :

ipaddr
masked_hostname
masked_hostname.gcc.emsoccs.gsdf.mods.go.jp
fd01:e2e2:0:e0c0::1
fd01:e2e2:0:e0c0:d879:25c2:c57b:1511
fe80::d879:25c2:c57b:1511
masked_hostname

The Common Name in the certificate is :

Orion_ClientAuth_masked_hostname

The Subject Alternate Name in the certificate is :

Orion_ClientAuth_masked_hostname

45411 - SSL Certificate with Wrong Hostname
-
Synopsis
The SSL certificate for this service is for a different host.
Description
The 'commonName' (CN) attribute of the SSL certificate presented for this service is for a different machine.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
Plugin Information
Published: 2010/04/03, Modified: 2020/04/27
Plugin Output

tcp/10024


The identities known by Nessus are :

ipaddr
masked_hostname
masked_hostname.gcc.emsoccs.gsdf.mods.go.jp
fd01:e2e2:0:e0c0::1
fd01:e2e2:0:e0c0:d879:25c2:c57b:1511
fe80::d879:25c2:c57b:1511
masked_hostname

The Common Name in the certificate is :

EVEMA_SERVER

57582 - SSL Self-Signed Certificate
-
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2012/01/17, Modified: 2022/06/14
Plugin Output

tcp/1433/mssql


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : CN=SSL_Self_Signed_Fallback

57582 - SSL Self-Signed Certificate
-
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2012/01/17, Modified: 2022/06/14
Plugin Output

tcp/3389/msrdp


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : CN=masked_hostname.gcc.EMSOCCS.gsdf.mods.go.jp

57582 - SSL Self-Signed Certificate
-
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2012/01/17, Modified: 2022/06/14
Plugin Output

tcp/8443/www


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : O=McAfee/OU=Orion/CN=Orion_CA_masked_hostname

57582 - SSL Self-Signed Certificate
-
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2012/01/17, Modified: 2022/06/14
Plugin Output

tcp/8444/www


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : O=McAfee/OU=Orion/CN=Orion_CA_masked_hostname

57582 - SSL Self-Signed Certificate
-
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2012/01/17, Modified: 2022/06/14
Plugin Output

tcp/10024


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : CN=EVEMA_CA

167254 - Security Updates for Microsoft .NET Framework (November 2022)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.
Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by an information disclosure vulnerability in the System.Data.SqlClient and Microsoft.Data.SqlClient packages. A timeout occurring under high load can cause incorrect data to be returned as the result of an asynchronously executed query.
See Also
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
Medium
CVSS v3.0 Base Score
5.8 (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
5.4 (CVSS:3.0/E:F/RL:O/RC:C)
CVSS v2.0 Base Score
4.3 (CVSS2#AV:A/AC:H/Au:S/C:C/I:N/A:N)
CVSS v2.0 Temporal Score
3.6 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-41064
MSKB 5020606
MSKB 5020608
MSKB 5020609
MSKB 5020610
MSKB 5020611
MSKB 5020612
MSKB 5020613
MSKB 5020614
MSKB 5020615
MSKB 5020617
MSKB 5020618
MSKB 5020619
MSKB 5020620
MSKB 5020621
MSKB 5020622
MSKB 5020623
MSKB 5020624
MSKB 5020627
MSKB 5020628
MSKB 5020629
MSKB 5020630
MSKB 5020632
XREF MSFT:MS22-5020606
XREF MSFT:MS22-5020608
XREF MSFT:MS22-5020609
XREF MSFT:MS22-5020610
XREF MSFT:MS22-5020611
XREF MSFT:MS22-5020612
XREF MSFT:MS22-5020613
XREF MSFT:MS22-5020614
XREF MSFT:MS22-5020615
XREF MSFT:MS22-5020617
XREF MSFT:MS22-5020618
XREF MSFT:MS22-5020619
XREF MSFT:MS22-5020620
XREF MSFT:MS22-5020621
XREF MSFT:MS22-5020622
XREF MSFT:MS22-5020623
XREF MSFT:MS22-5020624
XREF MSFT:MS22-5020627
XREF MSFT:MS22-5020628
XREF MSFT:MS22-5020629
XREF MSFT:MS22-5020630
XREF MSFT:MS22-5020632
XREF IAVA:2022-A-0477-S
Plugin Information
Published: 2022/11/10, Modified: 2023/10/05
Plugin Output

tcp/445/cifs


Microsoft .NET Framework 4.7.2
The remote host is missing one of the following rollup KBs :

Cumulative
- 5020627

C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.core.dll has not been patched.
Remote version : 4.7.3468.0
Should be : 4.7.4005.0

141503 - Security Updates for Microsoft .NET Framework (October 2020)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.
Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability :

- An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory.
(CVE-2020-16937)
See Also
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
Medium
CVSS v3.0 Base Score
4.7 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
4.1 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
4.0 (CVSS2#AV:L/AC:H/Au:N/C:C/I:N/A:N)
CVSS v2.0 Temporal Score
3.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2020-16937
MSKB 4578968
MSKB 4578969
MSKB 4578971
MSKB 4578972
MSKB 4578974
MSKB 4579976
MSKB 4579977
MSKB 4579978
MSKB 4579979
MSKB 4579980
MSKB 4580327
MSKB 4580328
MSKB 4580330
MSKB 4580346
MSKB 4580467
MSKB 4580468
MSKB 4580469
MSKB 4580470
XREF MSFT:MS20-4578968
XREF MSFT:MS20-4578969
XREF MSFT:MS20-4578971
XREF MSFT:MS20-4578972
XREF MSFT:MS20-4578974
XREF MSFT:MS20-4579976
XREF MSFT:MS20-4579977
XREF MSFT:MS20-4579978
XREF MSFT:MS20-4579979
XREF MSFT:MS20-4579980
XREF MSFT:MS20-4580327
XREF MSFT:MS20-4580328
XREF MSFT:MS20-4580330
XREF MSFT:MS20-4580346
XREF MSFT:MS20-4580467
XREF MSFT:MS20-4580468
XREF MSFT:MS20-4580469
XREF MSFT:MS20-4580470
XREF IAVA:2020-A-0456-S
XREF CEA-ID:CEA-2020-0126
Plugin Information
Published: 2020/10/19, Modified: 2022/12/05
Plugin Output

tcp/445/cifs


Microsoft .NET Framework 4.7.2
The remote host is missing one of the following rollup KBs :

Cumulative
- 4578966

C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.security.dll has not been patched.
Remote version : 4.7.3190.0
Should be : 4.7.3701.0

182956 - Security Updates for Microsoft SQL Server (October 2023)
-
Synopsis
The Microsoft SQL Server installation on the remote host is missing a security update.
Description
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability:

- A Denial of Service vulnerability. An attacker could impact availability of the service resulting in Denial of Service (DoS) (CVE-2023-36728) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for Microsoft SQL Server.
Risk Factor
Medium
CVSS v3.0 Base Score
5.5 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
4.8 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
4.6 (CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
3.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36728
MSKB 5029184
MSKB 5029185
MSKB 5029186
MSKB 5029187
MSKB 5029375
MSKB 5029376
MSKB 5029377
MSKB 5029378
MSKB 5029379
MSKB 5029503
XREF MSFT:MS23-5029184
XREF MSFT:MS23-5029185
XREF MSFT:MS23-5029186
XREF MSFT:MS23-5029187
XREF MSFT:MS23-5029375
XREF MSFT:MS23-5029376
XREF MSFT:MS23-5029377
XREF MSFT:MS23-5029378
XREF MSFT:MS23-5029379
XREF MSFT:MS23-5029503
XREF IAVA:2023-A-0541-S
Plugin Information
Published: 2023/10/12, Modified: 2024/01/12
Plugin Output

tcp/445/cifs



KB : 5029379
- C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe has not been patched.
Remote version : 2022.160.1000.6
Should be : 2022.160.1105.1

SQL Server Version : 16.0.1000.6 Standard Edition
SQL Server Instance : MSSQLSERVER

104743 - TLS Version 1.0 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.

As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
See Also
Solution
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2017/11/22, Modified: 2023/04/19
Plugin Output

tcp/636/ldap

TLSv1 is enabled and the server supports at least one cipher.

104743 - TLS Version 1.0 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.

As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
See Also
Solution
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2017/11/22, Modified: 2023/04/19
Plugin Output

tcp/1433/mssql

TLSv1 is enabled and the server supports at least one cipher.

104743 - TLS Version 1.0 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.

As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
See Also
Solution
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2017/11/22, Modified: 2023/04/19
Plugin Output

tcp/3269/ldap

TLSv1 is enabled and the server supports at least one cipher.

104743 - TLS Version 1.0 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.

As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
See Also
Solution
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2017/11/22, Modified: 2023/04/19
Plugin Output

tcp/3389/msrdp

TLSv1 is enabled and the server supports at least one cipher.

157288 - TLS Version 1.1 Protocol Deprecated
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2022/04/04, Modified: 2023/04/19
Plugin Output

tcp/636/ldap

TLSv1.1 is enabled and the server supports at least one cipher.

157288 - TLS Version 1.1 Protocol Deprecated
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2022/04/04, Modified: 2023/04/19
Plugin Output

tcp/1433/mssql

TLSv1.1 is enabled and the server supports at least one cipher.

157288 - TLS Version 1.1 Protocol Deprecated
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2022/04/04, Modified: 2023/04/19
Plugin Output

tcp/3269/ldap

TLSv1.1 is enabled and the server supports at least one cipher.

157288 - TLS Version 1.1 Protocol Deprecated
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2022/04/04, Modified: 2023/04/19
Plugin Output

tcp/3389/msrdp

TLSv1.1 is enabled and the server supports at least one cipher.
58453 - Terminal Services Doesn't Use Network Level Authentication (NLA) Only
-
Synopsis
The remote Terminal Services doesn't use Network Level Authentication only.
Description
The remote Terminal Services is not configured to use Network Level Authentication (NLA) only. NLA uses the Credential Security Support Provider (CredSSP) protocol to perform strong server authentication either through TLS/SSL or Kerberos mechanisms, which protect against man-in-the-middle attacks. In addition to improving authentication, NLA also helps protect the remote computer from malicious users and software by completing user authentication before a full RDP connection is established.
See Also
Solution
Enable Network Level Authentication (NLA) on the remote RDP server. This is generally done on the 'Remote' tab of the 'System' settings on Windows.
Risk Factor
Medium
CVSS v3.0 Base Score
4.0 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N)
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
Plugin Information
Published: 2012/03/23, Modified: 2024/03/19
Plugin Output

tcp/3389/msrdp

Nessus was able to negotiate non-NLA (Network Level Authentication) security.

132101 - Windows Speculative Execution Configuration Check
-
Synopsis
The remote host has not properly mitigated a series of speculative execution vulnerabilities.
Description
The remote host has not properly mitigated a series of known speculative execution vulnerabilities. It, therefore, may be affected by :
- Branch Target Injection (BTI) (CVE-2017-5715)
- Bounds Check Bypass (BCB) (CVE-2017-5753)
- Rogue Data Cache Load (RDCL) (CVE-2017-5754)
- Rogue System Register Read (RSRE) (CVE-2018-3640)
- Speculative Store Bypass (SSB) (CVE-2018-3639)
- L1 Terminal Fault (L1TF) (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646)
- Microarchitectural Data Sampling Uncacheable Memory (MDSUM) (CVE-2019-11091)
- Microarchitectural Store Buffer Data Sampling (MSBDS) (CVE-2018-12126)
- Microarchitectural Load Port Data Sampling (MLPDS) (CVE-2018-12127)
- Microarchitectural Fill Buffer Data Sampling (MFBDS) (CVE-2018-12130)
- TSX Asynchronous Abort (TAA) (CVE-2019-11135)
See Also
Solution
Apply vendor recommended settings.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
6.2 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
5.4 (CVSS2#AV:L/AC:M/Au:N/C:C/I:P/A:N)
CVSS v2.0 Temporal Score
4.7 (CVSS2#E:H/RL:OF/RC:C)
References
BID 102371
BID 102378
BID 104232
BID 105080
BID 108330
CVE CVE-2017-5715
CVE CVE-2017-5753
CVE CVE-2017-5754
CVE CVE-2018-3615
CVE CVE-2018-3620
CVE CVE-2018-3639
CVE CVE-2018-3646
CVE CVE-2018-12126
CVE CVE-2018-12127
CVE CVE-2018-12130
CVE CVE-2019-11135
XREF CEA-ID:CEA-2019-0547
XREF CEA-ID:CEA-2019-0324
Exploitable With
CANVAS (true)
Plugin Information
Published: 2019/12/18, Modified: 2024/03/19
Plugin Output

tcp/445/cifs

Current Settings:
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: Not Set
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: Not Set

-----------------------------------

Recommended Settings 1:
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: 0x00000003 (3)
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: 0x00000048 (72)
CVEs Covered:
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620,
CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11135
Note: Hyper-Threading enabled.

-----------------------------------

Recommended Settings 2:
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: 0x00000003 (3)
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: 0x00002048 (8264)
CVEs Covered:
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620,
CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11135
Note: Hyper-Threading disabled.
167885 - Security Updates for Microsoft .NET Framework (May 2022)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.
Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by a denial of service vulnerability that is caused by a local user opening a specially crafted file.
See Also
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
Medium
CVSS v3.0 Base Score
3.3 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVSS v3.0 Temporal Score
3.1 (CVSS:3.0/E:F/RL:O/RC:C)
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS v2.0 Temporal Score
3.6 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-30130
MSKB 5013612
MSKB 5013615
MSKB 5013616
MSKB 5013617
MSKB 5013618
MSKB 5013619
MSKB 5013620
MSKB 5013621
MSKB 5013622
MSKB 5013623
MSKB 5013624
MSKB 5013625
MSKB 5013626
MSKB 5013627
MSKB 5013628
MSKB 5013629
MSKB 5013630
MSKB 5013631
MSKB 5013632
MSKB 5013635
MSKB 5013636
MSKB 5013637
MSKB 5013638
MSKB 5013641
MSKB 5013642
MSKB 5013643
MSKB 5013644
XREF MSFT:MS22-5013612
XREF MSFT:MS22-5013615
XREF MSFT:MS22-5013616
XREF MSFT:MS22-5013617
XREF MSFT:MS22-5013618
XREF MSFT:MS22-5013619
XREF MSFT:MS22-5013620
XREF MSFT:MS22-5013621
XREF MSFT:MS22-5013622
XREF MSFT:MS22-5013623
XREF MSFT:MS22-5013624
XREF MSFT:MS22-5013625
XREF MSFT:MS22-5013626
XREF MSFT:MS22-5013627
XREF MSFT:MS22-5013628
XREF MSFT:MS22-5013629
XREF MSFT:MS22-5013630
XREF MSFT:MS22-5013631
XREF MSFT:MS22-5013632
XREF MSFT:MS22-5013635
XREF MSFT:MS22-5013636
XREF MSFT:MS22-5013637
XREF MSFT:MS22-5013638
XREF MSFT:MS22-5013641
XREF MSFT:MS22-5013642
XREF MSFT:MS22-5013643
XREF MSFT:MS22-5013644
XREF IAVA:2022-A-0202-S
Plugin Information
Published: 2022/11/18, Modified: 2023/10/03
Plugin Output

tcp/445/cifs


Microsoft .NET Framework 4.7.2
The remote host is missing one of the following rollup KBs :

Cumulative
- 5013641

C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.directoryservices.dll has not been patched.
Remote version : 4.7.3190.0
Should be : 4.7.3941.0

46180 - Additional DNS Hostnames
-
Synopsis
Nessus has detected potential virtual hosts.
Description
Hostnames different from the current hostname have been collected by miscellaneous plugins. Nessus has generated a list of hostnames that point to the remote host. Note that these are only the alternate hostnames for vhosts discovered on a web server.

Different web servers may be hosted on name-based virtual hosts.
See Also
Solution
If you want to test them, re-scan using the special vhost syntax, such as :

www.example.com[192.0.32.10]
Risk Factor
None
Plugin Information
Published: 2010/04/29, Modified: 2022/08/15
Plugin Output

tcp/0

The following hostnames point to the remote host :
- masked_hostname.gcc.emsoccs.gsdf.mods.go.jp

48204 - Apache HTTP Server Version
-
Synopsis
It is possible to obtain the version number of the remote Apache HTTP server.
Description
The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the version number from the banner.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0030
XREF IAVT:0001-T-0530
Plugin Information
Published: 2010/07/30, Modified: 2023/08/17
Plugin Output

tcp/80/www


URL : http://ipaddr/
Version : unknown
Source : Server: Apache
backported : 0

156001 - Apache Log4j JAR Detection (Windows)
-
Synopsis
Apache Log4j is installed on the remote Windows host.
Description
One or more instances of Apache Log4j, a logging API, are installed on the remote Windows Host.

- Powershell version 5 or greater is required for this plugin.

- If the 'Perform thorough tests' setting is enabled, this plugin will inspect the manifest and properties files of the detected Java archive files.

- The plugin timeout can be set to a custom value other than the plugin's default of 60 minutes via the 'timeout.156001' scanner setting in Nessus 8.15.1 or later.

Please see https://docs.tenable.com/nessus/Content/SettingsAdvanced.htm#Custom for more information.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVA:0001-A-0650
XREF IAVT:0001-T-0941
Plugin Information
Published: 2021/12/10, Modified: 2024/03/27
Plugin Output

tcp/0


Nessus detected 3 installs of Apache Log4j:

Path : C:\tmp\Trellix\ePO_5.10.0_Servicepack1Update1\resources\app\release\tomcat\server\lib\log4j-core-2.17.1.jar
Version : 2.17.1
JMSAppender.class association : Found
JdbcAppender.class association : Found
JndiLookup.class association : Found
Method : log4j-core file search

Path : C:\Program Files (x86)\Trellix\ePolicy Orchestrator\Server\lib\log4j-core-2.17.1.jar
Version : 2.17.1
JMSAppender.class association : Found
JdbcAppender.class association : Found
JndiLookup.class association : Found
Method : log4j-core file search

Path : C:\Program Files (x86)\Trellix\ePolicy Orchestrator\Installer\Core\lib\log4j-core-2.17.1.jar
Version : 2.17.1
JMSAppender.class association : Found
JdbcAppender.class association : Found
JndiLookup.class association : Found
Method : log4j-core file search
92415 - Application Compatibility Cache
-
Synopsis
Nessus was able to gather application compatibility settings on the remote host.
Description
Nessus was able to generate a report on the application compatibility cache on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output

tcp/0

Application compatibility cache report attached.
34096 - BIOS Info (WMI)
-
Synopsis
The BIOS info could be read.
Description
It is possible to get information about the BIOS via the host's WMI interface.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/05, Modified: 2024/03/26
Plugin Output

tcp/0


Vendor : HPE
Version : U30
Release date : 20230420000000.000000+000
UUID : 32303250-3934-4753-4833-3035534A4D51
Secure boot : disabled
92416 - BagMRU Folder History
-
Synopsis
Nessus was able to enumerate folders that were opened in Windows Explorer.
Description
Nessus was able to enumerate folders that were opened in Windows Explorer. Microsoft Windows maintains folder settings using a registry key known as shellbags or BagMRU. The generated folder list report contains folders local to the system, folders from past mounted network drives, and folders from mounted devices.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output

tcp/0

BagMRU report attached.

10761 - COM+ Internet Services (CIS) Server Detection
-
Synopsis
A COM+ Internet Services (CIS) server is listening on this port.
Description
COM+ Internet Services are RPC over HTTP tunneling and require IIS to operate. CIS ports shouldn't be visible on internet but only behind a firewall.
See Also
Solution
If you do not use this service, disable it with DCOMCNFG.

Otherwise, limit access to this port.
Risk Factor
None
Plugin Information
Published: 2001/09/14, Modified: 2019/11/22
Plugin Output

tcp/49671/ncacn_http


Server banner :

ncacn_http/1.0

45590 - Common Platform Enumeration (CPE)
-
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.

Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/04/21, Modified: 2024/04/03
Plugin Output

tcp/0


The remote operating system matched the following CPE :

cpe:/o:microsoft:windows_server_2019 -> Microsoft Windows Server 2019

Following application CPE's matched on the remote system :

cpe:/a:apache:http_server -> Apache Software Foundation Apache HTTP Server
cpe:/a:apache:log4j:2.17.1 -> Apache Software Foundation log4j
cpe:/a:haxx:curl:7.55.1.0 -> Haxx Curl
cpe:/a:mcafee:epolicy_orchestrator:5.10.0 -> McAfee ePolicy Orchestrator
cpe:/a:mcafee:epolicy_orchestrator_agent:5.8.0.161 -> McAfee ePolicy Orchestrator Agent
cpe:/a:microsoft:.net_framework:4.7.2 -> Microsoft .NET Framework
cpe:/a:microsoft:.net_framework:4.7.3460.0 -> Microsoft .NET Framework
cpe:/a:microsoft:ie:11.1790.17763.0 -> Microsoft Internet Explorer
cpe:/a:microsoft:internet_explorer:11.0.17763.2213 -> Microsoft Internet Explorer
cpe:/a:microsoft:remote_desktop_connection:10.0.17763.2213 -> Microsoft Remote Desktop Connection
cpe:/a:microsoft:sql_server:16.0.1000.0 -> Microsoft SQLServer
cpe:/a:microsoft:sql_server:16.0.1000.6 -> Microsoft SQLServer
cpe:/a:microsoft:windows_app_store:1.11.6.17763
cpe:/a:microsoft:windows_app_store:10.0.17763.1
cpe:/a:microsoft:windows_app_store:10.0.2.1000
cpe:/a:microsoft:windows_app_store:1000.17763.1.0
cpe:/a:microsoft:windows_app_store:6.2.1.0
cpe:/a:microsoft:windows_defender:4.18.1807.18075 -> Microsoft Windows Defender
cpe:/a:python:python:3.11.4150.1013 -> Python
x-cpe:/a:hpe:smart_storage_administrator:6.15.11.0
x-cpe:/a:microsoft:azure_data_studio:1.44.0.0
x-cpe:/a:microsoft:odbc_driver_for_sql_server:17.10.4.1
x-cpe:/a:microsoft:ole_db_driver_for_sql_server:18.6.5.0
24270 - Computer Manufacturer Information (WMI)
-
Synopsis
It is possible to obtain the name of the remote computer manufacturer.
Description
By making certain WMI queries, it is possible to obtain the model of the remote computer as well as the name of its manufacturer and its serial number.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/02/02, Modified: 2024/03/26
Plugin Output

tcp/0


Computer Manufacturer : HPE
Computer Model : ProLiant DL380 Gen10
Computer SerialNumber : SGH305SJMQ
Computer Type : Rack Mount Chassis

Computer Physical CPU's : 2
Computer Logical CPU's : 64
CPU0
Architecture : x64
Physical Cores: 16
Logical Cores : 32
CPU1
Architecture : x64
Physical Cores: 16
Logical Cores : 32

Computer Memory : 130729 MB

Form Factor: DIMM
Type : Unknown
Capacity : 32768 MB

Form Factor: DIMM
Type : Unknown
Capacity : 32768 MB

Form Factor: DIMM
Type : Unknown
Capacity : 32768 MB

Form Factor: DIMM
Type : Unknown
Capacity : 32768 MB
171860 - Curl Installed (Windows)
-
Synopsis
Curl is installed on the remote Windows host.
Description
Curl, a command line tool for transferring data with URLs, was detected on the remote Windows host.

Please note, if the installation is located in either the Windows\System32 or Windows\SysWOW64 directory, it will be considered as managed by the OS. In this case, paranoid scanning is require to trigger downstream vulnerabilty checks. Paranoid scanning has no affect on this plugin itself.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/02/23, Modified: 2024/03/26
Plugin Output

tcp/0


Nessus detected 2 installs of Curl:

Path : C:\Windows\SysWOW64\curl.exe
Version : 7.55.1.0
Managed by OS : True

Path : C:\Windows\System32\curl.exe
Version : 7.55.1.0
Managed by OS : True

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/135/epmap


The following DCERPC services are available locally :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc01EEB40

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc01EEB40

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : dabrpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : csebpub

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-acf16cabae3df216c2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a111f1c5-5923-47c0-9a68-d0bafb577901, version 1.0
Description : Unknown RPC service
Annotation : NetSetup API
Type : Local RPC service
Named pipe : LRPC-c8d65f859febd4a90f

Object UUID : 3bdb59a0-d736-4d44-9074-c1ee00000002
UUID : f3f09ffd-fbcf-4291-944d-70ad6e0e73bb, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-64cf79a43b81c6d8bd

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0497b57d-2e66-424f-a0c6-157cd5d41700, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : LRPC-ed3cef6c197e909256

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : LRPC-ed3cef6c197e909256

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : LRPC-ed3cef6c197e909256

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : LRPC-ed3cef6c197e909256

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : LRPC-ed3cef6c197e909256

Object UUID : 3bdb59a0-d736-4d44-9074-c1ee00000003
UUID : f3f09ffd-fbcf-4291-944d-70ad6e0e73bb, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e9d2a9a76baa4f4b72

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000003
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc0481112723

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e8748f69-a2a4-40df-9366-62dbeb696e26, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-69104ced2f23bc1bca

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c8ba73d2-3d55-429c-8e9a-c44f006f69fc, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-69104ced2f23bc1bca

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 43890c94-bfd7-4655-ad6a-b4a68397cdcb, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-69104ced2f23bc1bca

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a4b8d482-80ce-40d6-934d-b22a01a44fe7, version 1.0
Description : Unknown RPC service
Annotation : LicenseManager
Type : Local RPC service
Named pipe : LicenseServiceEndpoint

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : be7f785e-0e3a-4ab7-91de-7e46e443be29, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-30e9e0f4b6a1ace7a7

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 54b4c689-969a-476f-8dc2-990885e9f562, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-30e9e0f4b6a1ace7a7

Object UUID : 00000002-0000-0000-0000-000000000000
UUID : 8ec21e98-b5ce-4916-a3d6-449fa428a007, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE906D3D5E0BEAD9BCB87123E2309D

Object UUID : 00000002-0000-0000-0000-000000000000
UUID : 8ec21e98-b5ce-4916-a3d6-449fa428a007, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-5278b5af2c7dda9699

Object UUID : 00000002-0000-0000-0000-000000000000
UUID : 0fc77b1a-95d8-4a2e-a0c0-cff54237462b, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE906D3D5E0BEAD9BCB87123E2309D

Object UUID : 00000002-0000-0000-0000-000000000000
UUID : 0fc77b1a-95d8-4a2e-a0c0-cff54237462b, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-5278b5af2c7dda9699

Object UUID : 00000002-0000-0000-0000-000000000000
UUID : b1ef227e-dfa5-421e-82bb-67a6a129c496, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE906D3D5E0BEAD9BCB87123E2309D

Object UUID : 00000002-0000-0000-0000-000000000000
UUID : b1ef227e-dfa5-421e-82bb-67a6a129c496, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-5278b5af2c7dda9699

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000002
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc0B3F8D32

Object UUID : 52ef130c-08fd-4388-86b3-6edf00000002
UUID : 12e65dd8-887f-41ef-91bf-8d816c42c2e7, version 1.0
Description : Unknown RPC service
Annotation : Secure Desktop LRPC interface
Type : Local RPC service
Named pipe : WMsgKRpc0B3F8D32

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bf4dc912-e52f-4904-8ebe-9317c1bdd497, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE59E51E0EAAA92C2F8B895763BA46

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bf4dc912-e52f-4904-8ebe-9317c1bdd497, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-a778147b01133ae5ba

Object UUID : c0969170-14d2-435b-ae79-6539b8eaed0f
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-4d28ac37edbef820bc

Object UUID : 2a4c9ab8-a3e4-45cb-bb6e-1c9b951f5cb4
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-4d28ac37edbef820bc

Object UUID : 25f7d192-66af-4792-9ff2-e61cd83bb396
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-4d28ac37edbef820bc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0
Description : Unknown RPC service
Annotation : PcaSvc
Type : Local RPC service
Named pipe : LRPC-62fca95140bdb990c8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 91ae6020-9e3c-11cf-8d7c-00aa00c091be, version 0.0
Description : Certificate Service
Windows process : unknown
Type : Local RPC service
Named pipe : OLED946ADFBB47BB48364FA24C6426E

Object UUID : 5bc1ed07-f5f5-485f-9dfd-6fd0acf9a23c
UUID : 897e2e5f-93f3-4376-9c9c-fd2277495c27, version 1.0
Description : Unknown RPC service
Annotation : Frs2 Service
Type : Local RPC service
Named pipe : OLED82E1CA5F7A894825A8B29B20306

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4c9dbf19-d39e-4bb9-90ee-8f7179b20283, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b2c1eda07dcae3669c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd8be72b-a9cd-4b2c-a9ca-4ded242fbe4d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b2c1eda07dcae3669c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 95095ec8-32ea-4eb0-a3e2-041f97b36168, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b2c1eda07dcae3669c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e38f5360-8572-473e-b696-1b46873beeab, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b2c1eda07dcae3669c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : d22895ef-aff4-42c5-a5b2-b14466d34ab4, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b2c1eda07dcae3669c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98cd761e-e77d-41c8-a3c0-0fb756d90ec2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b2c1eda07dcae3669c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 650a7e26-eab8-5533-ce43-9c1dfce11511, version 1.0
Description : Unknown RPC service
Annotation : Vpn APIs
Type : Local RPC service
Named pipe : RasmanLrpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 650a7e26-eab8-5533-ce43-9c1dfce11511, version 1.0
Description : Unknown RPC service
Annotation : Vpn APIs
Type : Local RPC service
Named pipe : VpnikeRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 650a7e26-eab8-5533-ce43-9c1dfce11511, version 1.0
Description : Unknown RPC service
Annotation : Vpn APIs
Type : Local RPC service
Named pipe : LRPC-8ae21d424f689710e8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Telephony service
Windows process : svchost.exe
Annotation : Unimodem LRPC Endpoint
Type : Local RPC service
Named pipe : tapsrvlpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Telephony service
Windows process : svchost.exe
Annotation : Unimodem LRPC Endpoint
Type : Local RPC service
Named pipe : unimdmsvc

Object UUID : 6eaaea61-159c-4c89-9df1-eff568d437ab
UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0
Description : Active Directory Replication Interface
Windows process : unknown
Annotation : 43553
Type : Local RPC service
Named pipe : OLE95F08E1BD4A7963BC8D21754FB1F

Object UUID : 6eaaea61-159c-4c89-9df1-eff568d437ab
UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0
Description : Active Directory Replication Interface
Windows process : unknown
Annotation : 43553
Type : Local RPC service
Named pipe : ADAM_Madb

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : df4df73a-c52d-4e3a-8003-8437fdf8302a, version 0.0
Description : Unknown RPC service
Annotation : WM_WindowManagerRPC\Server
Type : Local RPC service
Named pipe : LRPC-a350c8513c7db378be

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-a1a10048ca5cbf9df8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0
Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LRPC-69e6394f1ee8b1043b

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-69e6394f1ee8b1043b

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-69e6394f1ee8b1043b

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-69e6394f1ee8b1043b

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-69e6394f1ee8b1043b

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Local RPC service
Named pipe : LRPC-6e354bd1ad142f4015

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0
Description : Unknown RPC service
Annotation : IdSegSrv service
Type : Local RPC service
Named pipe : LRPC-6e354bd1ad142f4015

Object UUID : 7364746e-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : audit

Object UUID : 7364746e-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : securityevent

Object UUID : 7364746e-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 7364746e-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : lsacap

Object UUID : 7364746e-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LSA_EAS_ENDPOINT

Object UUID : 7364746e-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 7364746e-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 7364746e-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 7364746e-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : SidKey Local End Point

Object UUID : 7364746e-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 7364746e-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : OLEC858EB7ACB3D6FCCA9EB0D37B92E

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0
Description : Active Directory Replication Interface
Windows process : unknown
Annotation : MS NT Directory DRS Interface
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0
Description : Active Directory Replication Interface
Windows process : unknown
Annotation : MS NT Directory DRS Interface
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0
Description : Active Directory Replication Interface
Windows process : unknown
Annotation : MS NT Directory DRS Interface
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0
Description : Active Directory Replication Interface
Windows process : unknown
Annotation : MS NT Directory DRS Interface
Type : Local RPC service
Named pipe : lsacap

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0
Description : Active Directory Replication Interface
Windows process : unknown
Annotation : MS NT Directory DRS Interface
Type : Local RPC service
Named pipe : LSA_EAS_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0
Description : Active Directory Replication Interface
Windows process : unknown
Annotation : MS NT Directory DRS Interface
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0
Description : Active Directory Replication Interface
Windows process : unknown
Annotation : MS NT Directory DRS Interface
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0
Description : Active Directory Replication Interface
Windows process : unknown
Annotation : MS NT Directory DRS Interface
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0
Description : Active Directory Replication Interface
Windows process : unknown
Annotation : MS NT Directory DRS Interface
Type : Local RPC service
Named pipe : SidKey Local End Point

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0
Description : Active Directory Replication Interface
Windows process : unknown
Annotation : MS NT Directory DRS Interface
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0
Description : Active Directory Replication Interface
Windows process : unknown
Annotation : MS NT Directory DRS Interface
Type : Local RPC service
Named pipe : OLEC858EB7ACB3D6FCCA9EB0D37B92E

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0
Description : Active Directory Replication Interface
Windows process : unknown
Annotation : MS NT Directory DRS Interface
Type : Local RPC service
Named pipe : NTDS_LPC

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0
Description : Local Security Authority
Windows process : lsass.exe
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0
Description : Local Security Authority
Windows process : lsass.exe
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0
Description : Local Security Authority
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0
Description : Local Security Authority
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsacap

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0
Description : Local Security Authority
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LSA_EAS_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0
Description : Local Security Authority
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0
Description : Local Security Authority
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0
Description : Local Security Authority
Windows process : lsass.exe
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0
Description : Local Security Authority
Windows process : lsass.exe
Type : Local RPC service
Named pipe : SidKey Local End Point

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0
Description : Local Security Authority
Windows process : lsass.exe
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0
Description : Local Security Authority
Windows process : lsass.exe
Type : Local RPC service
Named pipe : OLEC858EB7ACB3D6FCCA9EB0D37B92E

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0
Description : Local Security Authority
Windows process : lsass.exe
Type : Local RPC service
Named pipe : NTDS_LPC

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsacap

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LSA_EAS_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : SidKey Local End Point

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : OLEC858EB7ACB3D6FCCA9EB0D37B92E

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : NTDS_LPC

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : lsacap

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : LSA_EAS_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : SidKey Local End Point

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : OLEC858EB7ACB3D6FCCA9EB0D37B92E

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : NTDS_LPC

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsacap

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSA_EAS_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : SidKey Local End Point

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : OLEC858EB7ACB3D6FCCA9EB0D37B92E

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : NTDS_LPC

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsacap

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSA_EAS_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : SidKey Local End Point

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : OLEC858EB7ACB3D6FCCA9EB0D37B92E

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : NTDS_LPC

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : audit

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : securityevent

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : lsacap

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : LSA_EAS_ENDPOINT

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : SidKey Local End Point

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : OLEC858EB7ACB3D6FCCA9EB0D37B92E

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : NTDS_LPC

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : NETLOGON_LRPC

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : audit

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : securityevent

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : lsacap

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : LSA_EAS_ENDPOINT

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : SidKey Local End Point

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : OLEC858EB7ACB3D6FCCA9EB0D37B92E

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : NTDS_LPC

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : NETLOGON_LRPC

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0
Description : Network Logon Service
Windows process : lsass.exe
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0
Description : Network Logon Service
Windows process : lsass.exe
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0
Description : Network Logon Service
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0
Description : Network Logon Service
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsacap

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0
Description : Network Logon Service
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LSA_EAS_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0
Description : Network Logon Service
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0
Description : Network Logon Service
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0
Description : Network Logon Service
Windows process : lsass.exe
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0
Description : Network Logon Service
Windows process : lsass.exe
Type : Local RPC service
Named pipe : SidKey Local End Point

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0
Description : Network Logon Service
Windows process : lsass.exe
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0
Description : Network Logon Service
Windows process : lsass.exe
Type : Local RPC service
Named pipe : OLEC858EB7ACB3D6FCCA9EB0D37B92E

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0
Description : Network Logon Service
Windows process : lsass.exe
Type : Local RPC service
Named pipe : NTDS_LPC

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0
Description : Network Logon Service
Windows process : lsass.exe
Type : Local RPC service
Named pipe : NETLOGON_LRPC

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1.0
Description : Unknown RPC service
Annotation : Remote Fw APIs
Type : Local RPC service
Named pipe : ipsec

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-bea3f937a9a4db9307

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-bea3f937a9a4db9307

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : SessEnvPrivateRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f2c9b409-c1c9-4100-8639-d8ab1486694a, version 1.0
Description : Unknown RPC service
Annotation : Witness Client Upcall Server
Type : Local RPC service
Named pipe : LRPC-9b1fff67aad375d2dc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : eb081a0d-10ee-478a-a1dd-50995283e7a8, version 3.0
Description : Unknown RPC service
Annotation : Witness Client Test Interface
Type : Local RPC service
Named pipe : LRPC-9b1fff67aad375d2dc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0
Description : Unknown RPC service
Annotation : DfsDs service
Type : Local RPC service
Named pipe : LRPC-9b1fff67aad375d2dc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-9abf3414faf9cedc3a

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : LRPC-bca758743d1102b469

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Local RPC service
Named pipe : LRPC-bca758743d1102b469

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Local RPC service
Named pipe : TeredoDiagnostics

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Local RPC service
Named pipe : TeredoControl

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Local RPC service
Named pipe : LRPC-bca758743d1102b469

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Local RPC service
Named pipe : TeredoDiagnostics

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Local RPC service
Named pipe : TeredoControl

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : LRPC-bca758743d1102b469

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : TeredoDiagnostics

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : TeredoControl

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : OLE455BCD90F033B1BA338E227A5256

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE8EAD2C41409AD7FD0ED6D1C5F3FD

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-c5d057ccb2c485b74d

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b37f900a-eae4-4304-a2ab-12bb668c0188, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE8EAD2C41409AD7FD0ED6D1C5F3FD

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b37f900a-eae4-4304-a2ab-12bb668c0188, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-c5d057ccb2c485b74d

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e7f76134-9ef5-4949-a2d6-3368cc0988f3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE8EAD2C41409AD7FD0ED6D1C5F3FD

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e7f76134-9ef5-4949-a2d6-3368cc0988f3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-c5d057ccb2c485b74d

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7aeb6705-3ae6-471a-882d-f39c109edc12, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE8EAD2C41409AD7FD0ED6D1C5F3FD

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7aeb6705-3ae6-471a-882d-f39c109edc12, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-c5d057ccb2c485b74d

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f44e62af-dab1-44c2-8013-049a9de417d6, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE8EAD2C41409AD7FD0ED6D1C5F3FD

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f44e62af-dab1-44c2-8013-049a9de417d6, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-c5d057ccb2c485b74d

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c2d1b5dd-fa81-4460-9dd6-e7658b85454b, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE8EAD2C41409AD7FD0ED6D1C5F3FD

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c2d1b5dd-fa81-4460-9dd6-e7658b85454b, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-c5d057ccb2c485b74d

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : LRPC-c38906886e4895fd8e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : OLE1A1F15BAF5AF0224D2E676B43CE9

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : LRPC-85333c9a24f4c618de

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : OLE1A1F15BAF5AF0224D2E676B43CE9

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : LRPC-85333c9a24f4c618de

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : LRPC-9b902b72c86c9f4543

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : c67511be-f863-4e82-933f-3b0e9d7794ed

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0
Description : Unknown RPC service
Annotation : Base Firewall Engine API
Type : Local RPC service
Named pipe : LRPC-cf8d60aab646fd5f6b

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-cf8d60aab646fd5f6b

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-944aaa67b0349856d2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-cf8d60aab646fd5f6b

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-944aaa67b0349856d2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-ab5956bf9863007d7e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-cf8d60aab646fd5f6b

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-944aaa67b0349856d2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-ab5956bf9863007d7e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-1b9b7e48cb3f294c63

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : LRPC-ac3f29048a79292073

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : LRPC-ac3f29048a79292073

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : LRPC-ac3f29048a79292073

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ac3f29048a79292073

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-c4a5915dee89dc27da

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ac3f29048a79292073

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-c4a5915dee89dc27da

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ac3f29048a79292073

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-c4a5915dee89dc27da

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : senssvc

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-620d72b484d71e073e

Object UUID : 666f7270-6c69-7365-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 6c637067-6569-746e-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-53e36fec53f8d9087a

Object UUID : 24d1f7c7-76af-4f28-9ccd-7f6cb6468601
UUID : 2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0
Description : Unknown RPC service
Annotation : Group Policy RPC Interface
Type : Local RPC service
Named pipe : LRPC-522a4c27d81c1a66b1

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc

Object UUID : fdd099c6-df06-4904-83b4-a87a27903c70
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-2784c5532918c37a86

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5222821f-d5e2-4885-84f1-5f6185a0ec41, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint for NCB Reset module
Type : Local RPC service
Named pipe : LRPC-2784c5532918c37a86

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5222821f-d5e2-4885-84f1-5f6185a0ec41, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint for NCB Reset module
Type : Local RPC service
Named pipe : LRPC-62a8697673cd6e5acb

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0
Description : Unknown RPC service
Annotation : KAPI Service endpoint
Type : Local RPC service
Named pipe : LRPC-2784c5532918c37a86

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0
Description : Unknown RPC service
Annotation : KAPI Service endpoint
Type : Local RPC service
Named pipe : LRPC-62a8697673cd6e5acb

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0
Description : Unknown RPC service
Annotation : KAPI Service endpoint
Type : Local RPC service
Named pipe : OLEC4C9FF94340C13E5499BB162EBF6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0
Description : Unknown RPC service
Annotation : KAPI Service endpoint
Type : Local RPC service
Named pipe : LRPC-47003ea46f1c738c57

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint
Type : Local RPC service
Named pipe : LRPC-2784c5532918c37a86

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint
Type : Local RPC service
Named pipe : LRPC-62a8697673cd6e5acb

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint
Type : Local RPC service
Named pipe : OLEC4C9FF94340C13E5499BB162EBF6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint
Type : Local RPC service
Named pipe : LRPC-47003ea46f1c738c57

Object UUID : b5ccd5ef-4238-440b-bba0-999f828f1cfe
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-8190b50b7a133551fe

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-8190b50b7a133551fe

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-6c748137785353e496

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : LRPC-2beab0fb4c2f1c9e24

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service
Annotation : NSI server endpoint
Type : Local RPC service
Named pipe : LRPC-5cebee39b44c7cbb3e

Object UUID : 6d726574-7273-0076-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-da1bb37f73b45e510e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4bec6bb8-b5c2-4b6f-b2c1-5da5cf92d0d9, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 085b0334-e454-4d91-9b8c-4134f9e793f3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8782d3b9-ebbd-4644-a3d8-e8725381919b, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3b338d89-6cfa-44b8-847e-531531bc9992, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bdaa0970-413b-4a3e-9e5d-f6dc9d7e0760, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5824833b-3c1a-4ad2-bdfd-c31d19e23ed2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0361ae94-0316-4c6c-8ad8-c594375800e2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-8f757cbcb75b085523

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-8f757cbcb75b085523

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-8f757cbcb75b085523

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-8f757cbcb75b085523

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-8f757cbcb75b085523

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-8f757cbcb75b085523

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE9CF026277B83E99D5478635292E8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b3f02fcdc0484e0c75

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-8f757cbcb75b085523

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE9CF026277B83E99D5478635292E8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b3f02fcdc0484e0c75

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b8cadbaf-e84b-46b9-84f2-6f71c03f9e55, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b8cadbaf-e84b-46b9-84f2-6f71c03f9e55, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b8cadbaf-e84b-46b9-84f2-6f71c03f9e55, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-8f757cbcb75b085523

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b8cadbaf-e84b-46b9-84f2-6f71c03f9e55, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE9CF026277B83E99D5478635292E8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b8cadbaf-e84b-46b9-84f2-6f71c03f9e55, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b3f02fcdc0484e0c75

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-8f757cbcb75b085523

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE9CF026277B83E99D5478635292E8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b3f02fcdc0484e0c75

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-8f757cbcb75b085523

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE9CF026277B83E99D5478635292E8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b3f02fcdc0484e0c75

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-fcf961e7e4aa144f10

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-8f757cbcb75b085523

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE9CF026277B83E99D5478635292E8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b3f02fcdc0484e0c75

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-fcf961e7e4aa144f10

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-8f757cbcb75b085523

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE9CF026277B83E99D5478635292E8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b3f02fcdc0484e0c75

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-fcf961e7e4aa144f10

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2c7fd9ce-e706-4b40-b412-953107ef9bb0, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c521facf-09a9-42c5-b155-72388595cbf0, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1832bcf6-cab8-41d4-85d2-c9410764f75a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4dace966-a243-4450-ae3f-9b7bcb5315b8, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 178d84be-9291-4994-82c6-3f909aca5a03, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e53d94ca-7464-4839-b044-09a2fb8b3ae5, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fae436b0-b864-4a87-9eda-298547cd82f2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 082a3471-31b6-422a-b931-a54401960c62, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 6982a06e-5fe2-46b1-b39c-a2c545bfa069, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0ff1f646-13bb-400a-ab50-9a78f2b7a85a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4ed8abcc-f1e2-438b-981f-bb0e8abc010c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 95406f0b-b239-4318-91bb-cea3a46ff0dc, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d47017b-b33b-46ad-9e18-fe96456c5078, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : dd59071b-3215-4c59-8481-972edadc0f6a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-8f757cbcb75b085523

Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE9CF026277B83E99D5478635292E8

Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b3f02fcdc0484e0c75

Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-fcf961e7e4aa144f10

Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-9130615e7451ee233c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-8f757cbcb75b085523

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE9CF026277B83E99D5478635292E8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b3f02fcdc0484e0c75

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-fcf961e7e4aa144f10

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-9130615e7451ee233c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-0afc64805664c18c83

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-8f757cbcb75b085523

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE9CF026277B83E99D5478635292E8

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b3f02fcdc0484e0c75

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-fcf961e7e4aa144f10

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-9130615e7451ee233c

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-0afc64805664c18c83

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-8f757cbcb75b085523

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE9CF026277B83E99D5478635292E8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b3f02fcdc0484e0c75

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-fcf961e7e4aa144f10

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-9130615e7451ee233c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-0afc64805664c18c83

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-acf16cabae3df216c2

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-8f757cbcb75b085523

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE9CF026277B83E99D5478635292E8

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b3f02fcdc0484e0c75

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-fcf961e7e4aa144f10

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-9130615e7451ee233c

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-0afc64805664c18c83

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-acf16cabae3df216c2

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : csebpub

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-8f757cbcb75b085523

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE9CF026277B83E99D5478635292E8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b3f02fcdc0484e0c75

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-fcf961e7e4aa144f10

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-9130615e7451ee233c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-0afc64805664c18c83

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/445/cifs


The following DCERPC services are available remotely :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\InitShutdown
Netbios name : \\masked_hostname

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\InitShutdown
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 91ae6020-9e3c-11cf-8d7c-00aa00c091be, version 0.0
Description : Certificate Service
Windows process : unknown
Type : Remote RPC service
Named pipe : \pipe\cert
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 650a7e26-eab8-5533-ce43-9c1dfce11511, version 1.0
Description : Unknown RPC service
Annotation : Vpn APIs
Type : Remote RPC service
Named pipe : \PIPE\ROUTER
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Telephony service
Windows process : svchost.exe
Annotation : Unimodem LRPC Endpoint
Type : Remote RPC service
Named pipe : \pipe\tapsrv
Netbios name : \\masked_hostname

Object UUID : 7364746e-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0
Description : Active Directory Replication Interface
Windows process : unknown
Annotation : MS NT Directory DRS Interface
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0
Description : Active Directory Replication Interface
Windows process : unknown
Annotation : MS NT Directory DRS Interface
Type : Remote RPC service
Named pipe : \pipe\0ebc1c5ded8016ea
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0
Description : Local Security Authority
Windows process : lsass.exe
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0
Description : Local Security Authority
Windows process : lsass.exe
Type : Remote RPC service
Named pipe : \pipe\0ebc1c5ded8016ea
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
Named pipe : \pipe\0ebc1c5ded8016ea
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Remote RPC service
Named pipe : \pipe\0ebc1c5ded8016ea
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Remote RPC service
Named pipe : \pipe\0ebc1c5ded8016ea
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Remote RPC service
Named pipe : \pipe\0ebc1c5ded8016ea
Netbios name : \\masked_hostname

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\masked_hostname

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Remote RPC service
Named pipe : \pipe\0ebc1c5ded8016ea
Netbios name : \\masked_hostname

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\masked_hostname

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Remote RPC service
Named pipe : \pipe\0ebc1c5ded8016ea
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0
Description : Network Logon Service
Windows process : lsass.exe
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0
Description : Network Logon Service
Windows process : lsass.exe
Type : Remote RPC service
Named pipe : \pipe\0ebc1c5ded8016ea
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\SessEnvPublicRpc
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0
Description : Unknown RPC service
Annotation : DfsDs service
Type : Remote RPC service
Named pipe : \PIPE\wkssvc
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\masked_hostname

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49664/dce-rpc


The following DCERPC services are available on TCP port 49664 :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49664
IP : ipaddr

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49665/dce-rpc


The following DCERPC services are available on TCP port 49665 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Remote RPC service
TCP Port : 49665
IP : ipaddr

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49666/dce-rpc


The following DCERPC services are available on TCP port 49666 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49666
IP : ipaddr

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49666
IP : ipaddr

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49667/dce-rpc


The following DCERPC services are available on TCP port 49667 :

Object UUID : 7364746e-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Remote RPC service
TCP Port : 49667
IP : ipaddr

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0
Description : Active Directory Replication Interface
Windows process : unknown
Annotation : MS NT Directory DRS Interface
Type : Remote RPC service
TCP Port : 49667
IP : ipaddr

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0
Description : Local Security Authority
Windows process : lsass.exe
Type : Remote RPC service
TCP Port : 49667
IP : ipaddr

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
TCP Port : 49667
IP : ipaddr

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Remote RPC service
TCP Port : 49667
IP : ipaddr

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Remote RPC service
TCP Port : 49667
IP : ipaddr

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Remote RPC service
TCP Port : 49667
IP : ipaddr

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Remote RPC service
TCP Port : 49667
IP : ipaddr

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Remote RPC service
TCP Port : 49667
IP : ipaddr

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0
Description : Network Logon Service
Windows process : lsass.exe
Type : Remote RPC service
TCP Port : 49667
IP : ipaddr

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49669/dce-rpc


The following DCERPC services are available on TCP port 49669 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49669
IP : ipaddr

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49670/dce-rpc


The following DCERPC services are available on TCP port 49670 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1.0
Description : Unknown RPC service
Annotation : Remote Fw APIs
Type : Remote RPC service
TCP Port : 49670
IP : ipaddr

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49672/dce-rpc


The following DCERPC services are available on TCP port 49672 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
TCP Port : 49672
IP : ipaddr

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Remote RPC service
TCP Port : 49672
IP : ipaddr

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Remote RPC service
TCP Port : 49672
IP : ipaddr

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Remote RPC service
TCP Port : 49672
IP : ipaddr

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Remote RPC service
TCP Port : 49672
IP : ipaddr

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Remote RPC service
TCP Port : 49672
IP : ipaddr

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0
Description : Network Logon Service
Windows process : lsass.exe
Type : Remote RPC service
TCP Port : 49672
IP : ipaddr

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49673/dce-rpc


The following DCERPC services are available on TCP port 49673 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0
Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe
Type : Remote RPC service
TCP Port : 49673
IP : ipaddr

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49673
IP : ipaddr

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49673
IP : ipaddr

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49673
IP : ipaddr

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49673
IP : ipaddr

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49677/dce-rpc


The following DCERPC services are available on TCP port 49677 :

Object UUID : 6eaaea61-159c-4c89-9df1-eff568d437ab
UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0
Description : Active Directory Replication Interface
Windows process : unknown
Annotation : 43553
Type : Remote RPC service
TCP Port : 49677
IP : ipaddr

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49698/dce-rpc


The following DCERPC services are available on TCP port 49698 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 50abc2a4-574d-40b3-9d66-ee4fd5fba076, version 5.0
Description : DNS Server
Windows process : dns.exe
Type : Remote RPC service
TCP Port : 49698
IP : ipaddr

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49713/dce-rpc


The following DCERPC services are available on TCP port 49713 :

Object UUID : 5bc1ed07-f5f5-485f-9dfd-6fd0acf9a23c
UUID : 897e2e5f-93f3-4376-9c9c-fd2277495c27, version 1.0
Description : Unknown RPC service
Annotation : Frs2 Service
Type : Remote RPC service
TCP Port : 49713
IP : ipaddr

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49738/dce-rpc


The following DCERPC services are available on TCP port 49738 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0
Description : Service Control Manager
Windows process : svchost.exe
Type : Remote RPC service
TCP Port : 49738
IP : ipaddr

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49742/dce-rpc


The following DCERPC services are available on TCP port 49742 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 91ae6020-9e3c-11cf-8d7c-00aa00c091be, version 0.0
Description : Certificate Service
Windows process : unknown
Type : Remote RPC service
TCP Port : 49742
IP : ipaddr

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53/dns

11002 - DNS Server Detection
-
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

udp/53/dns

55472 - Device Hostname
-
Synopsis
It was possible to determine the remote system hostname.
Description
This plugin reports a device's hostname collected via SSH or WMI.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/06/30, Modified: 2024/03/27
Plugin Output

tcp/0


Hostname : masked_hostname
masked_hostname (WMI)
54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 100
71246 - Enumerate Local Group Memberships
-
Synopsis
Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members.
Description
Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/12/06, Modified: 2024/03/26
Plugin Output

tcp/0

Group Name : Server Operators
Host Name : masked_hostname
Group SID : S-1-5-32-549
Members :

Group Name : Account Operators
Host Name : masked_hostname
Group SID : S-1-5-32-548
Members :

Group Name : Pre-Windows 2000 Compatible Access
Host Name : masked_hostname
Group SID : S-1-5-32-554
Members :
Name : Authenticated Users
Domain : masked_hostname
Class : Win32_SystemAccount
SID : S-1-5-11
Name : masked_hostname$
Domain : EMSOCCS1
Class : Win32_UserAccount
SID :
Name : AD-SERVER-2$
Domain : EMSOCCS1
Class : Win32_UserAccount
SID :

Group Name : Incoming Forest Trust Builders
Host Name : masked_hostname
Group SID : S-1-5-32-557
Members :

Group Name : Windows Authorization Access Group
Host Name : masked_hostname
Group SID : S-1-5-32-560
Members :
Name : ENTERPRISE DOMAIN CONTROLLERS
Domain : masked_hostname
Class : Win32_SystemAccount
SID : S-1-5-9

Group Name : Terminal Server License Servers
Host Name : masked_hostname
Group SID : S-1-5-32-561
Members :

Group Name : Administrators
Host Name : masked_hostname
Group SID : S-1-5-32-544
Members :
Name : Administrator
Domain : EMSOCCS1
Class : Win32_UserAccount
SID : S-1-5-21-3388008032-3793481426-1508724218-500
Name : Enterprise Admins
Domain : EMSOCCS1
Class : Win32_Group
SID : S-1-5-21-3388008032-3793481426-1508724218-519
Name : Domain Admins
Domain : EMSOCCS1
Class : Win32_Group
SID : S-1-5-21-3388008032-3793481426-1508724218-512
Name : EVEMAuser
Domain : EMSOCCS1
Class : Win32_UserAccount
SID : S-1-5-21-3388008032-3793481426-1508724218-1304

Group Name : Users
Host Name : masked_hostname
Group SID : S-1-5-32-545
Members :
Name : INTERACTIVE
Domain : masked_hostname
Class : Win32_SystemAccount
SID : S-1-5-4
Name : Authenticated Users
Domain : masked_hostname
Class : Win32_SystemAccount
SID : S-1-5-11
Name : Domain Users
Domain : EMSOCCS1
Class : Win32_Group
SID : S-1-5-21-3388008032-3793481426-1508724218-513
Name : EVEMAuser
Domain : EMSOCCS1
Class : Win32_UserAccount
SID : S-1-5-21-3388008032-3793481426-1508724218-1304

Group Name : Guests
Host Name : masked_hostname
Group SID : S-1-5-32-546
Members :
Name : Guest
Domain : EMSOCCS1
Class : Win32_UserAccount
SID : S-1-5-21-3388008032-3793481426-1508724218-501
Name : Domain Guests
Domain : EMSOCCS1
Class : Win32_Group
SID : S-1-5-21-3388008032-3793481426-1508724218-514

Group Name : Print Operators
Host Name : masked_hostname
Group SID : S-1-5-32-550
Members :

Group Name : Backup Operators
Host Name : masked_hostname
Group SID : S-1-5-32-551
Members :

Group Name : Replicator
Host Name : masked_hostname
Group SID : S-1-5-32-552
Members :

Group Name : Remote Desktop Users
Host Name : masked_hostname
Group SID : S-1-5-32-555
Members :
Name : testuser1
Domain : EMSOCCS1
Class : Win32_UserAccount
SID : S-1-5-21-3388008032-3793481426-1508724218-1322

Group Name : Network Configuration Operators
Host Name : masked_hostname
Group SID : S-1-5-32-556
Members :

Group Name : Performance Monitor Users
Host Name : masked_hostname
Group SID : S-1-5-32-558
Members :

Group Name : Performance Log Users
Host Name : masked_hostname
Group SID : S-1-5-32-559
Members :

Group Name : Distributed COM Users
Host Name : masked_hostname
Group SID : S-1-5-32-562
Members :

Group Name : IIS_IUSRS
Host Name : masked_hostname
Group SID : S-1-5-32-568
Members :
Name : IUSR
Domain : masked_hostname
Class : Win32_SystemAccount
SID : S-1-5-17

Group Name : Cryptographic Operators
Host Name : masked_hostname
Group SID : S-1-5-32-569
Members :

Group Name : Event Log Readers
Host Name : masked_hostname
Group SID : S-1-5-32-573
Members :

Group Name : Certificate Service DCOM Access
Host Name : masked_hostname
Group SID : S-1-5-32-574
Members :
Name : Authenticated Users
Domain : masked_hostname
Class : Win32_SystemAccount
SID : S-1-5-11

Group Name : RDS Remote Access Servers
Host Name : masked_hostname
Group SID : S-1-5-32-575
Members :

Group Name : RDS Endpoint Servers
Host Name : masked_hostname
Group SID : S-1-5-32-576
Members :

Group Name : RDS Management Servers
Host Name : masked_hostname
Group SID : S-1-5-32-577
Members :

Group Name : Hyper-V Administrators
Host Name : masked_hostname
Group SID : S-1-5-32-578
Members :

Group Name : Access Control Assistance Operators
Host Name : masked_hostname
Group SID : S-1-5-32-579
Members :

Group Name : Remote Management Users
Host Name : masked_hostname
Group SID : S-1-5-32-580
Members :

Group Name : Storage Replica Administrators
Host Name : masked_hostname
Group SID : S-1-5-32-582
Members :

Group Name : Cert Publishers
Host Name : masked_hostname
Group SID : S-1-5-21-3388008032-3793481426-1508724218-517
Members :
Name : masked_hostname$
Domain : EMSOCCS1
Class : Win32_UserAccount
SID :
Name : AD-SERVER-2$
Domain : EMSOCCS1
Class : Win32_UserAccount
SID :

Group Name : RAS and IAS Servers
Host Name : masked_hostname
Group SID : S-1-5-21-3388008032-3793481426-1508724218-553
Members :

Group Name : Allowed RODC Password Replication Group
Host Name : masked_hostname
Group SID : S-1-5-21-3388008032-3793481426-1508724218-571
Members :

Group Name : Denied RODC Password Replication Group
Host Name : masked_hostname
Group SID : S-1-5-21-3388008032-3793481426-1508724218-572
Members :
Name : krbtgt
Domain : EMSOCCS1
Class : Win32_UserAccount
SID : S-1-5-21-3388008032-3793481426-1508724218-502
Name : Domain Controllers
Domain : EMSOCCS1
Class : Win32_Group
SID : S-1-5-21-3388008032-3793481426-1508724218-516
Name : Schema Admins
Domain : EMSOCCS1
Class : Win32_Group
SID : S-1-5-21-3388008032-3793481426-1508724218-518
Name : Enterprise Admins
Domain : EMSOCCS1
Class : Win32_Group
SID : S-1-5-21-3388008032-3793481426-1508724218-519
Name : Cert Publishers
Domain : EMSOCCS1
Class : Win32_Group
SID : S-1-5-21-3388008032-3793481426-1508724218-517
Name : Domain Admins
Domain : EMSOCCS1
Class : Win32_Group
SID : S-1-5-21-3388008032-3793481426-1508724218-512
Name : Group Policy Creator Owners
Domain : EMSOCCS1
Class : Win32_Group
SID : S-1-5-21-3388008032-3793481426-1508724218-520
Name : Read-only Domain Controllers
Domain : EMSOCCS1
Class : Win32_Group
SID : S-1-5-21-3388008032-3793481426-1508724218-521

Group Name : DnsAdmins
Host Name : masked_hostname
Group SID : S-1-5-21-3388008032-3793481426-1508724218-1101
Members :

Group Name : SQLServer2005SQLBrowserUser$masked_hostname
Host Name : masked_hostname
Group SID : S-1-5-21-3388008032-3793481426-1508724218-1235
Members :

Group Name : ePO User Group
Host Name : masked_hostname
Group SID : S-1-5-21-3388008032-3793481426-1508724218-1298
Members :
Name : Administrator
Domain : EMSOCCS1
Class : Win32_UserAccount
SID : S-1-5-21-3388008032-3793481426-1508724218-500
168980 - Enumerate the PATH Variables
-
Synopsis
Enumerates the PATH variable of the current scan user.
Description
Enumerates the PATH variables of the current scan user.
Solution
Ensure that directories listed here are in line with corporate policy.
Risk Factor
None
Plugin Information
Published: 2022/12/21, Modified: 2024/04/02
Plugin Output

tcp/0

Nessus has enumerated the path of the current scan user :

C:\newscp\mac\McnMon\bin
C:\newscp\mac\AppCommon\bin
C:\Windows\system32
C:\Windows
C:\Windows\System32\Wbem
C:\Windows\System32\WindowsPowerShell\v1.0\
C:\Windows\System32\OpenSSH\
C:\Program Files\\SUT\bin
C:\Program Files (x86)\Microsoft SQL Server\160\DTS\Binn\
C:\Program Files\Azure Data Studio\bin
C:\Program Files (x86)\Microsoft SQL Server\160\Tools\Binn\
C:\Program Files\Microsoft SQL Server\160\Tools\Binn\
C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn\
C:\Program Files\Microsoft SQL Server\160\DTS\Binn\
C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Scripts\
C:\Users\Administrator\AppData\Local\Programs\Python\Python311\
C:\Users\Administrator\AppData\Local\Microsoft\WindowsApps

C:\Program Files\Azure Data Studio\bin
C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Scripts\
C:\Users\Administrator\AppData\Local\Programs\Python\Python311\
C:\Users\Administrator\AppData\Local\Microsoft\WindowsApps

C:\Program Files\Azure Data Studio\bin

35716 - Ethernet Card Manufacturer Detection
-
Synopsis
The manufacturer can be identified from the Ethernet OUI.
Description
Each ethernet MAC address starts with a 24-bit Organizationally Unique Identifier (OUI). These OUIs are registered by IEEE.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/02/19, Modified: 2020/05/13
Plugin Output

tcp/0


The following card manufacturers were identified :

D4:F5:EF:9F:F6:38 : Hewlett Packard Enterprise
D4:F5:EF:9F:F6:39 : Hewlett Packard Enterprise
86420 - Ethernet MAC Addresses
-
Synopsis
This plugin gathers MAC addresses from various sources and consolidates them into a list.
Description
This plugin gathers MAC addresses discovered from both remote probing of the host (e.g. SNMP and Netbios) and from running local checks (e.g. ifconfig). It then consolidates the MAC addresses into a single, unique, and uniform list.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2015/10/16, Modified: 2020/05/13
Plugin Output

tcp/0

The following is a consolidated list of detected MAC addresses:
- D4:F5:EF:9F:F6:38
- D4:F5:EF:9F:F6:39
92439 - Explorer Search History
-
Synopsis
Nessus was able to gather a list of items searched for in the Windows UI.
Description
Nessus was able to gather evidence of cached search results from Windows Explorer searches.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output

tcp/0


Explorer search history report attached.

97860 - HPE Smart Storage Administrator Installed
-
Synopsis
An enterprise storage controller management application is installed on the remote Windows host.
Description
HPE Smart Storage Administrator, an enterprise storage controller management application, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0623
Plugin Information
Published: 2017/03/21, Modified: 2024/03/26
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Smart Storage Administrator\ssa\
Version : 6.15.11.0

84502 - HSTS Missing From HTTPS Server
-
Synopsis
The remote web server is not enforcing HSTS.
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
See Also
Solution
Configure the remote web server to use HSTS.
Risk Factor
None
Plugin Information
Published: 2015/07/02, Modified: 2021/05/19
Plugin Output

tcp/8443/www


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.

84502 - HSTS Missing From HTTPS Server
-
Synopsis
The remote web server is not enforcing HSTS.
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
See Also
Solution
Configure the remote web server to use HSTS.
Risk Factor
None
Plugin Information
Published: 2015/07/02, Modified: 2021/05/19
Plugin Output

tcp/8444/www


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.

69826 - HTTP Cookie 'secure' Property Transport Mismatch
-
Synopsis
The remote web server sent out a cookie with a secure property that does not match the transport on which it was sent.
Description
The remote web server sends out cookies to clients with a 'secure'
property that does not match the transport, HTTP or HTTPS, over which they were received. This may occur in two forms :

1. The cookie is sent over HTTP, but has the 'secure'
property set, indicating that it should only be sent over a secure, encrypted transport such as HTTPS.
This should not happen.

2. The cookie is sent over HTTPS, but has no 'secure'
property set, indicating that it may be sent over both HTTP and HTTPS transports. This is common, but care should be taken to ensure that the 'secure' property not being set is deliberate.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/09/10, Modified: 2021/12/20
Plugin Output

tcp/80/www


The following cookies have the 'secure' property enabled, despite being served over HTTP :

Domain :
Path : /EPOCore
Name : JSESSIONID
Value : 2179C227525A201A056532CA22334CC9.route1
Secure : true
HttpOnly : true

Domain :
Path : /console
Name : JSESSIONID
Value : 72B6921E3A136FC36ECEBF6C14FEB120.route1
Secure : true
HttpOnly : true

Domain :
Path : /core
Name : JSESSIONID
Value : B310882051F6B9DC713689000385077D.route1
Secure : true
HttpOnly : true

Domain :
Path : /help
Name : JSESSIONID
Value : CE63297EA91A8A0F7854E45C11624E0C.route1
Secure : true
HttpOnly : true

Domain :
Path : /report
Name : JSESSIONID
Value : A78D13533EF22B628770EA339FD912DE.route1
Secure : true
HttpOnly : true

69826 - HTTP Cookie 'secure' Property Transport Mismatch
-
Synopsis
The remote web server sent out a cookie with a secure property that does not match the transport on which it was sent.
Description
The remote web server sends out cookies to clients with a 'secure'
property that does not match the transport, HTTP or HTTPS, over which they were received. This may occur in two forms :

1. The cookie is sent over HTTP, but has the 'secure'
property set, indicating that it should only be sent over a secure, encrypted transport such as HTTPS.
This should not happen.

2. The cookie is sent over HTTPS, but has no 'secure'
property set, indicating that it may be sent over both HTTP and HTTPS transports. This is common, but care should be taken to ensure that the 'secure' property not being set is deliberate.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/09/10, Modified: 2021/12/20
Plugin Output

tcp/5985/www


The following cookies have the 'secure' property enabled, despite being served over HTTP :

Domain :
Path : /EPOCore
Name : JSESSIONID
Value : 2179C227525A201A056532CA22334CC9.route1
Secure : true
HttpOnly : true

Domain :
Path : /console
Name : JSESSIONID
Value : 72B6921E3A136FC36ECEBF6C14FEB120.route1
Secure : true
HttpOnly : true

Domain :
Path : /core
Name : JSESSIONID
Value : B310882051F6B9DC713689000385077D.route1
Secure : true
HttpOnly : true

Domain :
Path : /help
Name : JSESSIONID
Value : CE63297EA91A8A0F7854E45C11624E0C.route1
Secure : true
HttpOnly : true

Domain :
Path : /report
Name : JSESSIONID
Value : A78D13533EF22B628770EA339FD912DE.route1
Secure : true
HttpOnly : true

69826 - HTTP Cookie 'secure' Property Transport Mismatch
-
Synopsis
The remote web server sent out a cookie with a secure property that does not match the transport on which it was sent.
Description
The remote web server sends out cookies to clients with a 'secure'
property that does not match the transport, HTTP or HTTPS, over which they were received. This may occur in two forms :

1. The cookie is sent over HTTP, but has the 'secure'
property set, indicating that it should only be sent over a secure, encrypted transport such as HTTPS.
This should not happen.

2. The cookie is sent over HTTPS, but has no 'secure'
property set, indicating that it may be sent over both HTTP and HTTPS transports. This is common, but care should be taken to ensure that the 'secure' property not being set is deliberate.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/09/10, Modified: 2021/12/20
Plugin Output

tcp/47001/www


The following cookies have the 'secure' property enabled, despite being served over HTTP :

Domain :
Path : /EPOCore
Name : JSESSIONID
Value : 2179C227525A201A056532CA22334CC9.route1
Secure : true
HttpOnly : true

Domain :
Path : /console
Name : JSESSIONID
Value : 72B6921E3A136FC36ECEBF6C14FEB120.route1
Secure : true
HttpOnly : true

Domain :
Path : /core
Name : JSESSIONID
Value : B310882051F6B9DC713689000385077D.route1
Secure : true
HttpOnly : true

Domain :
Path : /help
Name : JSESSIONID
Value : CE63297EA91A8A0F7854E45C11624E0C.route1
Secure : true
HttpOnly : true

Domain :
Path : /report
Name : JSESSIONID
Value : A78D13533EF22B628770EA339FD912DE.route1
Secure : true
HttpOnly : true

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/80/www

The remote web server type is :

Apache

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/5985/www

The remote web server type is :

Microsoft-HTTPAPI/2.0

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/8443/www

The remote web server type is :

Undefined

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/8444/www

The remote web server type is :

Undefined

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/47001/www

The remote web server type is :

Microsoft-HTTPAPI/2.0

170631 - Host Active Directory Configuration (Windows)
-
Synopsis
The Windows host is joined to an Active Directory domain.
Description
The Windows host is joined to an Active Directory domain and it was possible to retrieve certain Active Directory configuration attributes, including:

Computer information in AD:
- Common Name
- DNS Name
- Distinguished Name
- Domain Role
- Object SID
- SamAccountName

AD domain and forest information:
- Domain FQDN
- Domain GUID
- Domain NetBIOS Name
- Domain SID
- Forest FQDN
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/01/25, Modified: 2024/03/27
Plugin Output

tcp/0


Computer information in AD:
Common Name : CN=masked_hostname
DNS Name : masked_hostname
Distinguished Name : CN=masked_hostname,OU=Domain Controllers,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
Domain Role : PrimaryDomainController
Object SID : S-1-5-21-3388008032-3793481426-1508724218-1000
SamAccountName : masked_hostname$

AD domain and forest information:
Domain FQDN : gcc.EMSOCCS.gsdf.mods.go.jp
Domain GUID : 029f9307-7bb9-460b-9070-e7c4affaa256
Domain NetBIOS Name : EMSOCCS1
Domain SID : S-1-5-21-3388008032-3793481426-1508724218
Forest FQDN : gcc.EMSOCCS.gsdf.mods.go.jp
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


ipaddr resolves as masked_hostname.
88145 - Host Unique Identifiers
-
Synopsis
The remote host has one or more unique identifiers used by various endpoint management systems.
Description
Nessus has discovered one or more unique identifiers used to tag or track the remote system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/01/25, Modified: 2016/01/27
Plugin Output

tcp/0

The following Identifiers were discovered :

Product : McAfee ePO
Identity : {c70cf23f-e075-4311-801e-3c54f1cec65b}

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2024/02/26
Plugin Output

tcp/80/www


Response Code : HTTP/1.1 403 Forbidden

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : no
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :

Date: Mon, 22 Apr 2024 06:02:12 GMT
Server: Apache
Content-Length: 61
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

Response Body :

You don't have permission to access this page on this server.

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2024/02/26
Plugin Output

tcp/5985/www


Response Code : HTTP/1.1 404 Not Found

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Mon, 22 Apr 2024 06:02:12 GMT
Connection: close
Content-Length: 315

Response Body :

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2024/02/26
Plugin Output

tcp/8443/www


Response Code : HTTP/1.1 200

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : yes
Keep-Alive : yes
Options allowed : GET, HEAD, POST, PUT, DELETE, OPTIONS
Headers :

X-FRAME-OPTIONS: SAMEORIGIN
cache-control: no-cache,no-store
Accept-Ranges: bytes
ETag: W/"1195-1679313128000"
Last-Modified: Mon, 20 Mar 2023 11:52:08 GMT
Content-Type: text/html
Content-Length: 1195
Date: Mon, 22 Apr 2024 06:02:11 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Server: Undefined

Response Body :

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="refresh" content="0;URL=/core/orionSplashScreen.do" />
<link rel="stylesheet" type="text/css" href="/core/core.css" />
<link rel="stylesheet" type="text/css" href="/core/tag/component/infobox/infobox.css" />
</head>

<body>
<table style="height:100%; width:100%;">
<tr>
<td>
<div class="loading">
<a href="/core/orionSplashScreen.do" style="text-decoration:none;">
<img class="logo" src="/core/images/trellix-logo.png" height="24px" />
<svg class="lsg-spinner" viewBox="0 0 69 69" version="1.1" width="27px" height="27px">
<g transform="translate(3 3)" stroke-width="6" fill="none" fill-rule="evenodd">
<circle stroke="#E6E7E8" opacity=".404" cx="31.5" cy="31.5" r="31.5"></circle>
<path d="M31.5 63c7.495 0 14.38-2.618 19.788-6.99C58.432 50.237 63 41.402 63 31.5c0-6.887-2.21-13.258-5.96-18.442C51.317 5.147 42.01 0 31.5 0 14.103 0 0 14.103 0 31.5" stroke="#006A92"></path>
</g>
</svg>
</a>
</div>
</td>
</tr>
</table>
</body>
</html>

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2024/02/26
Plugin Output

tcp/8444/www


Response Code : HTTP/1.1 200

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : yes
Keep-Alive : yes
Options allowed : GET, HEAD, POST, PUT, DELETE, OPTIONS
Headers :

X-FRAME-OPTIONS: SAMEORIGIN
cache-control: no-cache,no-store
Accept-Ranges: bytes
ETag: W/"1195-1679313128000"
Last-Modified: Mon, 20 Mar 2023 11:52:08 GMT
Content-Type: text/html
Content-Length: 1195
Date: Mon, 22 Apr 2024 06:02:12 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Server: Undefined

Response Body :

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="refresh" content="0;URL=/core/orionSplashScreen.do" />
<link rel="stylesheet" type="text/css" href="/core/core.css" />
<link rel="stylesheet" type="text/css" href="/core/tag/component/infobox/infobox.css" />
</head>

<body>
<table style="height:100%; width:100%;">
<tr>
<td>
<div class="loading">
<a href="/core/orionSplashScreen.do" style="text-decoration:none;">
<img class="logo" src="/core/images/trellix-logo.png" height="24px" />
<svg class="lsg-spinner" viewBox="0 0 69 69" version="1.1" width="27px" height="27px">
<g transform="translate(3 3)" stroke-width="6" fill="none" fill-rule="evenodd">
<circle stroke="#E6E7E8" opacity=".404" cx="31.5" cy="31.5" r="31.5"></circle>
<path d="M31.5 63c7.495 0 14.38-2.618 19.788-6.99C58.432 50.237 63 41.402 63 31.5c0-6.887-2.21-13.258-5.96-18.442C51.317 5.147 42.01 0 31.5 0 14.103 0 0 14.103 0 31.5" stroke="#006A92"></path>
</g>
</svg>
</a>
</div>
</td>
</tr>
</table>
</body>
</html>

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2024/02/26
Plugin Output

tcp/47001/www


Response Code : HTTP/1.1 404 Not Found

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Mon, 22 Apr 2024 06:02:12 GMT
Connection: close
Content-Length: 315

Response Body :

91634 - HyperText Transfer Protocol (HTTP) Redirect Information
-
Synopsis
The remote web server redirects requests to the root directory.
Description
The remote web server issues an HTTP redirect when requesting the root directory of the web server.

This plugin is informational only and does not denote a security problem.
Solution
Analyze the redirect(s) to verify that this is valid operation for your web server and/or application.
Risk Factor
None
Plugin Information
Published: 2016/06/16, Modified: 2017/10/12
Plugin Output

tcp/8443/www


Request : https://ipaddr:8443/
HTTP response : HTTP/1.1 200
Redirect to : https://ipaddr:8443/core/orionSplashScreen.do
Redirect type : meta redirect


Note that Nessus did not receive a 200 OK response from the
last examined redirect.

91634 - HyperText Transfer Protocol (HTTP) Redirect Information
-
Synopsis
The remote web server redirects requests to the root directory.
Description
The remote web server issues an HTTP redirect when requesting the root directory of the web server.

This plugin is informational only and does not denote a security problem.
Solution
Analyze the redirect(s) to verify that this is valid operation for your web server and/or application.
Risk Factor
None
Plugin Information
Published: 2016/06/16, Modified: 2017/10/12
Plugin Output

tcp/8444/www


Request : https://ipaddr:8444/
HTTP response : HTTP/1.1 200
Redirect to : https://ipaddr:8444/core/orionSplashScreen.do
Redirect type : meta redirect

Final page : https://ipaddr:8444/core/orionSplashScreen.do
HTTP response : HTTP/1.1 401



Note that Nessus did not receive a 200 OK response from the
last examined redirect.

10114 - ICMP Timestamp Request Remote Date Disclosure
-
Synopsis
It is possible to determine the exact time set on the remote host.
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authentication protocols.

Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, but usually within 1000 seconds of the actual system time.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
CVSS v3.0 Base Score
0.0 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N)
CVSS v2.0 Base Score
0.0 (CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:N)
References
Plugin Information
Published: 1999/08/01, Modified: 2023/04/27
Plugin Output

icmp/0

This host returns non-standard timestamps (high bit is set)
The ICMP timestamps might be in little endian format (not in network format)
The difference between the local and remote clocks is 1 second.

171410 - IP Assignment Method Detection
-
Synopsis
Enumerates the IP address assignment method(static/dynamic).
Description
Enumerates the IP address assignment method(static/dynamic).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/02/14, Modified: 2024/03/26
Plugin Output

tcp/0

+ Embedded FlexibleLOM 1 Port 1
+ IPv4
- Address : ipaddr
Assign Method : static
+ Loopback Pseudo-Interface 1
+ IPv4
- Address : 127.0.0.1
Assign Method : static
+ IPv6
- Address : ::1
Assign Method : static
+ Embedded FlexibleLOM 1 Port 2
+ IPv6
- Address : fe80::d879:25c2:c57b:1511%2
Assign Method : dynamic
- Address : fd01:e2e2:0:e0c0:d879:25c2:c57b:1511
Assign Method : dynamic
- Address : fd01:e2e2:0:e0c0::1
Assign Method : static
46215 - Inconsistent Hostname and IP Address
-
Synopsis
The remote host's hostname is not consistent with DNS information.
Description
The name of this machine either does not resolve or resolves to a different IP address.

This may come from a badly configured reverse DNS or from a host file in use on the Nessus scanning host.

As a result, URLs in plugin output may not be directly usable in a web browser and some web tests may be incomplete.
Solution
Fix the reverse DNS or host file.
Risk Factor
None
Plugin Information
Published: 2010/05/03, Modified: 2016/08/05
Plugin Output

tcp/0

The host name 'masked_hostname' does not resolve to an IP address

179947 - Intel CPUID detection
-
Synopsis
The processor CPUID was detected on the remote host.
Description
The CPUID of the Intel processor was detected on the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/08/18, Modified: 2024/03/26
Plugin Output

tcp/135/epmap

Nessus was able to extract the following cpuid: 50657

92421 - Internet Explorer Typed URLs
-
Synopsis
Nessus was able to enumerate URLs that were manually typed into the Internet Explorer address bar.
Description
Nessus was able to generate a list URLs that were manually typed into the Internet Explorer address bar.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/16
Plugin Output

tcp/0

http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
https://masked_hostname:8443/core
https://masked_hostname.gcc.emsoccs.gsdf.mods.go.jp:8443/ComputerMgmt/agentPackage.get?token=4d188d0a16446e9720d929843073c723b191bd05
https://ipaddr01/
http://ipaddr01/
https://masked_hostname:8443/core/
https://cld-conn-app/
https://cld-conn-app.gcc.emsoccs.gsdf.mods.go.jp/
http://ipaddr21/
http://192.168.100.251/
http://ipaddr02/

Internet Explorer typed URL report attached.

43829 - Kerberos Information Disclosure
-
Synopsis
The remote Kerberos server is leaking information.
Description
Nessus was able to retrieve the realm name and/or server time of the remote Kerberos server.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/01/08, Modified: 2015/09/24
Plugin Output

tcp/88


Nessus gathered the following information :

Server time : 2024-04-22 06:06:37 UTC
Realm : GCC.EMSOCCS.GSDF.MODS.GO.JP

25701 - LDAP Crafted Search Request Server Information Disclosure
-
Synopsis
It is possible to discover information about the remote LDAP server.
Description
By sending a search request with a filter set to 'objectClass=*', it is possible to extract information about the remote LDAP server.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/07/12, Modified: 2022/09/28
Plugin Output

tcp/389/ldap

[+]-namingContexts:
| DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
| CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
| CN=Schema,CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
| DC=DomainDnsZones,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
| DC=ForestDnsZones,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
[+]-domainFunctionality:
| 7
[+]-forestFunctionality:
| 7
[+]-domainControllerFunctionality:
| 7
[+]-rootDomainNamingContext:
| DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
[+]-ldapServiceName:
| gcc.EMSOCCS.gsdf.mods.go.jp:masked_hostname$@GCC.EMSOCCS.GSDF.MODS.GO.JP
[+]-isGlobalCatalogReady:
| TRUE
[+]-supportedSASLMechanisms:
| GSSAPI
| GSS-SPNEGO
| EXTERNAL
| DIGEST-MD5
[+]-supportedLDAPVersion:
| 3
| 2
[+]-supportedLDAPPolicies:
| MaxPoolThreads
| MaxPercentDirSyncRequests
| MaxDatagramRecv
| MaxReceiveBuffer
| InitRecvTimeout
| MaxConnections
| MaxConnIdleTime
| MaxPageSize
| MaxBatchReturnMessages
| MaxQueryDuration
| MaxDirSyncDuration
| MaxTempTableSize
| MaxResultSetSize
| MinResultSets
| MaxResultSetsPerConn
| MaxNotificationPerConn
| MaxValRange
| MaxValRangeTransitive
| ThreadMemoryLimit
| SystemMemoryLimitPercent
[+]-supportedControl:
| 1.2.840.113556.1.4.319
| 1.2.840.113556.1.4.801
| 1.2.840.113556.1.4.473
| 1.2.840.113556.1.4.528
| 1.2.840.113556.1.4.417
| 1.2.840.113556.1.4.619
| 1.2.840.113556.1.4.841
| 1.2.840.113556.1.4.529
| 1.2.840.113556.1.4.805
| 1.2.840.113556.1.4.521
| 1.2.840.113556.1.4.970
| 1.2.840.113556.1.4.1338
| 1.2.840.113556.1.4.474
| 1.2.840.113556.1.4.1339
| 1.2.840.113556.1.4.1340
| 1.2.840.113556.1.4.1413
| 2.16.840.1.113730.3.4.9
| 2.16.840.1.113730.3.4.10
| 1.2.840.113556.1.4.1504
| 1.2.840.113556.1.4.1852
| 1.2.840.113556.1.4.802
| 1.2.840.113556.1.4.1907
| 1.2.840.113556.1.4.1948
| 1.2.840.113556.1.4.1974
| 1.2.840.113556.1.4.1341
| 1.2.840.113556.1.4.2026
| 1.2.840.113556.1.4.2064
| 1.2.840.113556.1.4.2065
| 1.2.840.113556.1.4.2066
| 1.2.840.113556.1.4.2090
| 1.2.840.113556.1.4.2205
| 1.2.840.113556.1.4.2204
| 1.2.840.113556.1.4.2206
| 1.2.840.113556.1.4.2211
| 1.2.840.113556.1.4.2239
| 1.2.840.113556.1.4.2255
| 1.2.840.113556.1.4.2256
| 1.2.840.113556.1.4.2309
| 1.2.840.113556.1.4.2330
| 1.2.840.113556.1.4.2354
[+]-supportedCapabilities:
| 1.2.840.113556.1.4.800
| 1.2.840.113556.1.4.1670
| 1.2.840.113556.1.4.1791
| 1.2.840.113556.1.4.1935
| 1.2.840.113556.1.4.2080
| 1.2.840.113556.1.4.2237
[+]-subschemaSubentry:
| CN=Aggregate,CN=Schema,CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
[+]-serverName:
| CN=masked_hostname,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
[+]-schemaNamingContext:
| CN=Schema,CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
[+]-namingContexts:
| DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
| CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
| CN=Schema,CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
| DC=DomainDnsZones,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
| DC=ForestDnsZones,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
[+]-isSynchronized:
| TRUE
[+]-highestCommittedUSN:
| 3007717
[+]-dsServiceName:
| CN=NTDS Settings,CN=masked_hostname,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
[+]-dnsHostName:
| masked_hostname.gcc.EMSOCCS.gsdf.mods.go.jp
[+]-defaultNamingContext:
| DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
[+]-currentTime:
| 20240422055654.0Z
[+]-configurationNamingContext:
| CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp

25701 - LDAP Crafted Search Request Server Information Disclosure
-
Synopsis
It is possible to discover information about the remote LDAP server.
Description
By sending a search request with a filter set to 'objectClass=*', it is possible to extract information about the remote LDAP server.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/07/12, Modified: 2022/09/28
Plugin Output

tcp/636/ldap

[+]-namingContexts:
| DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
| CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
| CN=Schema,CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
| DC=DomainDnsZones,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
| DC=ForestDnsZones,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
[+]-domainFunctionality:
| 7
[+]-forestFunctionality:
| 7
[+]-domainControllerFunctionality:
| 7
[+]-rootDomainNamingContext:
| DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
[+]-ldapServiceName:
| gcc.EMSOCCS.gsdf.mods.go.jp:masked_hostname$@GCC.EMSOCCS.GSDF.MODS.GO.JP
[+]-isGlobalCatalogReady:
| TRUE
[+]-supportedSASLMechanisms:
| GSSAPI
| GSS-SPNEGO
| EXTERNAL
| DIGEST-MD5
[+]-supportedLDAPVersion:
| 3
| 2
[+]-supportedLDAPPolicies:
| MaxPoolThreads
| MaxPercentDirSyncRequests
| MaxDatagramRecv
| MaxReceiveBuffer
| InitRecvTimeout
| MaxConnections
| MaxConnIdleTime
| MaxPageSize
| MaxBatchReturnMessages
| MaxQueryDuration
| MaxDirSyncDuration
| MaxTempTableSize
| MaxResultSetSize
| MinResultSets
| MaxResultSetsPerConn
| MaxNotificationPerConn
| MaxValRange
| MaxValRangeTransitive
| ThreadMemoryLimit
| SystemMemoryLimitPercent
[+]-supportedControl:
| 1.2.840.113556.1.4.319
| 1.2.840.113556.1.4.801
| 1.2.840.113556.1.4.473
| 1.2.840.113556.1.4.528
| 1.2.840.113556.1.4.417
| 1.2.840.113556.1.4.619
| 1.2.840.113556.1.4.841
| 1.2.840.113556.1.4.529
| 1.2.840.113556.1.4.805
| 1.2.840.113556.1.4.521
| 1.2.840.113556.1.4.970
| 1.2.840.113556.1.4.1338
| 1.2.840.113556.1.4.474
| 1.2.840.113556.1.4.1339
| 1.2.840.113556.1.4.1340
| 1.2.840.113556.1.4.1413
| 2.16.840.1.113730.3.4.9
| 2.16.840.1.113730.3.4.10
| 1.2.840.113556.1.4.1504
| 1.2.840.113556.1.4.1852
| 1.2.840.113556.1.4.802
| 1.2.840.113556.1.4.1907
| 1.2.840.113556.1.4.1948
| 1.2.840.113556.1.4.1974
| 1.2.840.113556.1.4.1341
| 1.2.840.113556.1.4.2026
| 1.2.840.113556.1.4.2064
| 1.2.840.113556.1.4.2065
| 1.2.840.113556.1.4.2066
| 1.2.840.113556.1.4.2090
| 1.2.840.113556.1.4.2205
| 1.2.840.113556.1.4.2204
| 1.2.840.113556.1.4.2206
| 1.2.840.113556.1.4.2211
| 1.2.840.113556.1.4.2239
| 1.2.840.113556.1.4.2255
| 1.2.840.113556.1.4.2256
| 1.2.840.113556.1.4.2309
| 1.2.840.113556.1.4.2330
| 1.2.840.113556.1.4.2354
[+]-supportedCapabilities:
| 1.2.840.113556.1.4.800
| 1.2.840.113556.1.4.1670
| 1.2.840.113556.1.4.1791
| 1.2.840.113556.1.4.1935
| 1.2.840.113556.1.4.2080
| 1.2.840.113556.1.4.2237
[+]-subschemaSubentry:
| CN=Aggregate,CN=Schema,CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
[+]-serverName:
| CN=masked_hostname,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
[+]-schemaNamingContext:
| CN=Schema,CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
[+]-namingContexts:
| DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
| CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
| CN=Schema,CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
| DC=DomainDnsZones,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
| DC=ForestDnsZones,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
[+]-isSynchronized:
| TRUE
[+]-highestCommittedUSN:
| 3007717
[+]-dsServiceName:
| CN=NTDS Settings,CN=masked_hostname,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
[+]-dnsHostName:
| masked_hostname.gcc.EMSOCCS.gsdf.mods.go.jp
[+]-defaultNamingContext:
| DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
[+]-currentTime:
| 20240422055654.0Z
[+]-configurationNamingContext:
| CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp

25701 - LDAP Crafted Search Request Server Information Disclosure
-
Synopsis
It is possible to discover information about the remote LDAP server.
Description
By sending a search request with a filter set to 'objectClass=*', it is possible to extract information about the remote LDAP server.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/07/12, Modified: 2022/09/28
Plugin Output

tcp/3268/ldap

[+]-namingContexts:
| DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
| CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
| CN=Schema,CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
| DC=DomainDnsZones,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
| DC=ForestDnsZones,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
[+]-domainFunctionality:
| 7
[+]-forestFunctionality:
| 7
[+]-domainControllerFunctionality:
| 7
[+]-rootDomainNamingContext:
| DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
[+]-ldapServiceName:
| gcc.EMSOCCS.gsdf.mods.go.jp:masked_hostname$@GCC.EMSOCCS.GSDF.MODS.GO.JP
[+]-isGlobalCatalogReady:
| TRUE
[+]-supportedSASLMechanisms:
| GSSAPI
| GSS-SPNEGO
| EXTERNAL
| DIGEST-MD5
[+]-supportedLDAPVersion:
| 3
| 2
[+]-supportedLDAPPolicies:
| MaxPoolThreads
| MaxPercentDirSyncRequests
| MaxDatagramRecv
| MaxReceiveBuffer
| InitRecvTimeout
| MaxConnections
| MaxConnIdleTime
| MaxPageSize
| MaxBatchReturnMessages
| MaxQueryDuration
| MaxDirSyncDuration
| MaxTempTableSize
| MaxResultSetSize
| MinResultSets
| MaxResultSetsPerConn
| MaxNotificationPerConn
| MaxValRange
| MaxValRangeTransitive
| ThreadMemoryLimit
| SystemMemoryLimitPercent
[+]-supportedControl:
| 1.2.840.113556.1.4.319
| 1.2.840.113556.1.4.801
| 1.2.840.113556.1.4.473
| 1.2.840.113556.1.4.528
| 1.2.840.113556.1.4.417
| 1.2.840.113556.1.4.619
| 1.2.840.113556.1.4.841
| 1.2.840.113556.1.4.529
| 1.2.840.113556.1.4.805
| 1.2.840.113556.1.4.521
| 1.2.840.113556.1.4.970
| 1.2.840.113556.1.4.1338
| 1.2.840.113556.1.4.474
| 1.2.840.113556.1.4.1339
| 1.2.840.113556.1.4.1340
| 1.2.840.113556.1.4.1413
| 2.16.840.1.113730.3.4.9
| 2.16.840.1.113730.3.4.10
| 1.2.840.113556.1.4.1504
| 1.2.840.113556.1.4.1852
| 1.2.840.113556.1.4.802
| 1.2.840.113556.1.4.1907
| 1.2.840.113556.1.4.1948
| 1.2.840.113556.1.4.1974
| 1.2.840.113556.1.4.1341
| 1.2.840.113556.1.4.2026
| 1.2.840.113556.1.4.2064
| 1.2.840.113556.1.4.2065
| 1.2.840.113556.1.4.2066
| 1.2.840.113556.1.4.2090
| 1.2.840.113556.1.4.2205
| 1.2.840.113556.1.4.2204
| 1.2.840.113556.1.4.2206
| 1.2.840.113556.1.4.2211
| 1.2.840.113556.1.4.2239
| 1.2.840.113556.1.4.2255
| 1.2.840.113556.1.4.2256
| 1.2.840.113556.1.4.2309
| 1.2.840.113556.1.4.2330
| 1.2.840.113556.1.4.2354
[+]-supportedCapabilities:
| 1.2.840.113556.1.4.800
| 1.2.840.113556.1.4.1670
| 1.2.840.113556.1.4.1791
| 1.2.840.113556.1.4.1935
| 1.2.840.113556.1.4.2080
| 1.2.840.113556.1.4.2237
[+]-subschemaSubentry:
| CN=Aggregate,CN=Schema,CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
[+]-serverName:
| CN=masked_hostname,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
[+]-schemaNamingContext:
| CN=Schema,CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
[+]-namingContexts:
| DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
| CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
| CN=Schema,CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
| DC=DomainDnsZones,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
| DC=ForestDnsZones,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
[+]-isSynchronized:
| TRUE
[+]-highestCommittedUSN:
| 3007717
[+]-dsServiceName:
| CN=NTDS Settings,CN=masked_hostname,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
[+]-dnsHostName:
| masked_hostname.gcc.EMSOCCS.gsdf.mods.go.jp
[+]-defaultNamingContext:
| DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
[+]-currentTime:
| 20240422055655.0Z
[+]-configurationNamingContext:
| CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp

25701 - LDAP Crafted Search Request Server Information Disclosure
-
Synopsis
It is possible to discover information about the remote LDAP server.
Description
By sending a search request with a filter set to 'objectClass=*', it is possible to extract information about the remote LDAP server.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/07/12, Modified: 2022/09/28
Plugin Output

tcp/3269/ldap

[+]-namingContexts:
| DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
| CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
| CN=Schema,CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
| DC=DomainDnsZones,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
| DC=ForestDnsZones,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
[+]-domainFunctionality:
| 7
[+]-forestFunctionality:
| 7
[+]-domainControllerFunctionality:
| 7
[+]-rootDomainNamingContext:
| DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
[+]-ldapServiceName:
| gcc.EMSOCCS.gsdf.mods.go.jp:masked_hostname$@GCC.EMSOCCS.GSDF.MODS.GO.JP
[+]-isGlobalCatalogReady:
| TRUE
[+]-supportedSASLMechanisms:
| GSSAPI
| GSS-SPNEGO
| EXTERNAL
| DIGEST-MD5
[+]-supportedLDAPVersion:
| 3
| 2
[+]-supportedLDAPPolicies:
| MaxPoolThreads
| MaxPercentDirSyncRequests
| MaxDatagramRecv
| MaxReceiveBuffer
| InitRecvTimeout
| MaxConnections
| MaxConnIdleTime
| MaxPageSize
| MaxBatchReturnMessages
| MaxQueryDuration
| MaxDirSyncDuration
| MaxTempTableSize
| MaxResultSetSize
| MinResultSets
| MaxResultSetsPerConn
| MaxNotificationPerConn
| MaxValRange
| MaxValRangeTransitive
| ThreadMemoryLimit
| SystemMemoryLimitPercent
[+]-supportedControl:
| 1.2.840.113556.1.4.319
| 1.2.840.113556.1.4.801
| 1.2.840.113556.1.4.473
| 1.2.840.113556.1.4.528
| 1.2.840.113556.1.4.417
| 1.2.840.113556.1.4.619
| 1.2.840.113556.1.4.841
| 1.2.840.113556.1.4.529
| 1.2.840.113556.1.4.805
| 1.2.840.113556.1.4.521
| 1.2.840.113556.1.4.970
| 1.2.840.113556.1.4.1338
| 1.2.840.113556.1.4.474
| 1.2.840.113556.1.4.1339
| 1.2.840.113556.1.4.1340
| 1.2.840.113556.1.4.1413
| 2.16.840.1.113730.3.4.9
| 2.16.840.1.113730.3.4.10
| 1.2.840.113556.1.4.1504
| 1.2.840.113556.1.4.1852
| 1.2.840.113556.1.4.802
| 1.2.840.113556.1.4.1907
| 1.2.840.113556.1.4.1948
| 1.2.840.113556.1.4.1974
| 1.2.840.113556.1.4.1341
| 1.2.840.113556.1.4.2026
| 1.2.840.113556.1.4.2064
| 1.2.840.113556.1.4.2065
| 1.2.840.113556.1.4.2066
| 1.2.840.113556.1.4.2090
| 1.2.840.113556.1.4.2205
| 1.2.840.113556.1.4.2204
| 1.2.840.113556.1.4.2206
| 1.2.840.113556.1.4.2211
| 1.2.840.113556.1.4.2239
| 1.2.840.113556.1.4.2255
| 1.2.840.113556.1.4.2256
| 1.2.840.113556.1.4.2309
| 1.2.840.113556.1.4.2330
| 1.2.840.113556.1.4.2354
[+]-supportedCapabilities:
| 1.2.840.113556.1.4.800
| 1.2.840.113556.1.4.1670
| 1.2.840.113556.1.4.1791
| 1.2.840.113556.1.4.1935
| 1.2.840.113556.1.4.2080
| 1.2.840.113556.1.4.2237
[+]-subschemaSubentry:
| CN=Aggregate,CN=Schema,CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
[+]-serverName:
| CN=masked_hostname,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
[+]-schemaNamingContext:
| CN=Schema,CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
[+]-namingContexts:
| DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
| CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
| CN=Schema,CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
| DC=DomainDnsZones,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
| DC=ForestDnsZones,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
[+]-isSynchronized:
| TRUE
[+]-highestCommittedUSN:
| 3007717
[+]-dsServiceName:
| CN=NTDS Settings,CN=masked_hostname,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
[+]-dnsHostName:
| masked_hostname.gcc.EMSOCCS.gsdf.mods.go.jp
[+]-defaultNamingContext:
| DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
[+]-currentTime:
| 20240422055655.0Z
[+]-configurationNamingContext:
| CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp

20870 - LDAP Server Detection
-
Synopsis
An LDAP server was detected on the remote host.
Description
The remote host is running a Lightweight Directory Access Protocol (LDAP) server. LDAP is a protocol for providing access to directory services over TCP/IP.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/02/10, Modified: 2022/09/29
Plugin Output

tcp/389/ldap

20870 - LDAP Server Detection
-
Synopsis
An LDAP server was detected on the remote host.
Description
The remote host is running a Lightweight Directory Access Protocol (LDAP) server. LDAP is a protocol for providing access to directory services over TCP/IP.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/02/10, Modified: 2022/09/29
Plugin Output

tcp/636/ldap

20870 - LDAP Server Detection
-
Synopsis
An LDAP server was detected on the remote host.
Description
The remote host is running a Lightweight Directory Access Protocol (LDAP) server. LDAP is a protocol for providing access to directory services over TCP/IP.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/02/10, Modified: 2022/09/29
Plugin Output

tcp/3268/ldap

20870 - LDAP Server Detection
-
Synopsis
An LDAP server was detected on the remote host.
Description
The remote host is running a Lightweight Directory Access Protocol (LDAP) server. LDAP is a protocol for providing access to directory services over TCP/IP.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/02/10, Modified: 2022/09/29
Plugin Output

tcp/3269/ldap

53513 - Link-Local Multicast Name Resolution (LLMNR) Detection
-
Synopsis
The remote device supports LLMNR.
Description
The remote device answered to a Link-local Multicast Name Resolution (LLMNR) request. This protocol provides a name lookup service similar to NetBIOS or DNS. It is enabled by default on modern Windows versions.
See Also
Solution
Make sure that use of this software conforms to your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2011/04/21, Modified: 2023/10/17
Plugin Output

udp/5355/llmnr


According to LLMNR, the name of the remote host is 'masked_hostname'.

160301 - Link-Local Multicast Name Resolution (LLMNR) Service Detection
-
Synopsis
Verify status of the LLMNR service on the remote host.
Description
The Link-Local Multicast Name Resolution (LLMNR) service allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link
See Also
Solution
Make sure that use of this software conforms to your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2022/04/28, Modified: 2022/12/29
Plugin Output

tcp/445/cifs


LLMNR Key SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableMulticast not found.

108761 - MSSQL Host Information in NTLM SSP
-
Synopsis
Nessus can obtain information about the host by examining the NTLM SSP message.
Description
Nessus can obtain information about the host by examining the NTLM SSP challenge issued during NTLM authentication, over MSSQL.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2018/03/30, Modified: 2024/04/10
Plugin Output

tcp/1433/mssql

Nessus was able to obtain the following information about the host, by
parsing the MSSQL server's NTLM SSP message:

Target Name: EMSOCCS1
NetBIOS Domain Name: EMSOCCS1
NetBIOS Computer Name: masked_hostname
DNS Domain Name: gcc.EMSOCCS.gsdf.mods.go.jp
DNS Computer Name: masked_hostname.gcc.EMSOCCS.gsdf.mods.go.jp
DNS Tree Name: gcc.EMSOCCS.gsdf.mods.go.jp
Product Version: 10.0.17763

92424 - MUICache Program Execution History
-
Synopsis
Nessus was able to enumerate recently executed programs on the remote host.
Description
Nessus was able to query the MUIcache registry key to find evidence of program execution.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/16
Plugin Output

tcp/0

@%systemroot%\system32\winhttp.dll,-100 : WinHTTP Web Proxy Auto-Discovery Service
@%systemroot%\system32\themeservice.dll,-8192 : Themes
@%systemroot%\system32\mprmsg.dll,-32011 : Remote Access IP ARP Driver
@%systemroot%\system32\tabsvc.dll,-100 : Touch Keyboard and Handwriting Panel Service
@%systemroot%\system32\windows.devices.picker.dll,-1006 : DevicePicker
@%systemroot%\system32\bfe.dll,-1002 : Ùü¹ Õ£ë¿ü ¨ó¸ó (BFE) o.Õ¡¤¢¦©üëh¤ó¿üÍÃÈ ×íÈ³ë »­åêÆ£ (IPsec) Ýê·ü’¡.W.æü¶ü âüÉ Õ£ë¿üêó°’ŸÅY‹µüÓ¹gY.BFE µüÓ¹’\b~_o!¹kY‹h.·¹Æàn»­åêÆ£L'EkN.Y‹hqk.IPsec ¡.hÕ¡¤¢¦©üë ¢×ê±ü·çónˆ,\rýjÕ\nŸàhjŠ~Y.
@%systemroot%\system32\icsvc.dll,-201 : Hyper-V Data Exchange Service
@%systemroot%\system32\devicesflowbroker.dll,-103 : ÇФ¹ Õíü
@%systemroot%\system32\msimsg.dll,-27 : Windows Installer
@%systemroot%\system32\rmapi.dll,-1001 : !Ú¡.µüÓ¹
@%systemroot%\system32\dfssvc.exe,-102 : pj‹Õ¡¤ë µüÐü\nkB‹qÕ©ëÀü’ 1 d~_o.pnÖ.„kË .UŒ_°ëü×kÆ.W~Y..\rMz“o.æü¶ükþWf

104856 - Malicious Process Detection: Authenticode Not Signed
-
Synopsis
Nessus found processes running on the host that are unsigned.
Description
Running processes that are unsigned.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2017/11/29, Modified: 2024/03/26
Plugin Output

tcp/445/cifs

File Path : c:\newscp\mac\appcommon\bin\datcnvapi.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\datcnvctl.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\fwcommonlib.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\fworderdblib.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\fworderlib.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\libappcommon.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\libcommunication.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\libdatetime.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\libdll.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\libfile.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\libinifile.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\liblog.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\libprocesscommunication.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\libsignal.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\libstring.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\libsystem.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\libthread.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\mcnmon.exe
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\rcond.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\rcsv.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\renv.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\revtworker.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\rexception.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\rfile.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\rfileexception.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\rlibloader.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\rlog.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\rlogcheckoutput.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\rlogcmndataformat.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\rlogoutput.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\rlogsetting.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\rmsgqueue.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\rpath.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\rprivatelog.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\rprocrwlock.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\rringbuffer.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\rsaddrinfo.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\rseccom.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\rshmem.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\rsplitstring.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\rstring.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\rthdlock.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\rthread.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\rtim.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\scomdatalog.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\scomsockcmn.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\scomsockroot.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\scomsocktcp.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\scomsocktcpsrv.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\scomsocktimctl.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\scomsocktrifmngroot.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\scomsocktrifroot.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\sdccdatelement.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\sdccdattype.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\sdccomdata.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\sdcdatacs.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\sdcdatcnv.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\sdcdatfactory.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\sdcdatobj.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\sdcdatpath.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\sdcdattype.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\sdcdattypecnv.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\sdcdatvalidresults.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\sdcdef.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\sdcinit.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\sdctimerec.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\sdcutil.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\appcommon\bin\sdcverinfo.dll
PID(s) during check : 14004

File Path : c:\newscp\mac\mcnmon\bin\libmcnmon.dll
PID(s) during check : 14004

File Path : c:\program files (x86)\trellix\epolicy orchestrator\apache2\modules\mod_authz_core.so
PID(s) during check : 17308,17840

File Path : c:\program files (x86)\trellix\epolicy orchestrator\apache2\modules\mod_authz_host.so
PID(s) during check : 17308,17840

File Path : c:\program files (x86)\trellix\epolicy orchestrator\apache2\modules\mod_headers.so
PID(s) during check : 17308,17840

File Path : c:\program files (x86)\trellix\epolicy orchestrator\apache2\modules\mod_log_config.so
PID(s) during check : 17308,17840

File Path : c:\program files (x86)\trellix\epolicy orchestrator\apache2\modules\mod_mime.so
PID(s) during check : 17308,17840

File Path : c:\program files (x86)\trellix\epolicy orchestrator\apache2\modules\mod_negotiation.so
PID(s) during check : 17308,17840

File Path : c:\program files (x86)\trellix\epolicy orchestrator\apache2\modules\mod_reqtimeout.so
PID(s) during check : 17308,17840

File Path : c:\program files (x86)\trellix\epolicy orchestrator\apache2\modules\mod_setenvif.so
PID(s) during check : 17308,17840

File Path : c:\program files (x86)\trellix\epolicy orchestrator\apache2\modules\mod_ssl.so
PID(s) during check : 17308,17840

File Path : c:\program files\dds\evema\client\libcrypto-3-x64-vs2013.dll
PID(s) during check : 5284

File Path : c:\program files\dds\evema\client\libssl-3-x64-vs2013.dll
PID(s) during check : 5284

File Path : c:\program files\dds\evema\client\mapwdnotifier.exe
PID(s) during check : 5284

File Path : c:\program files\dds\evema\client\ossl-modules\legacy.dll
PID(s) during check : 5284

File Path : c:\program files\dds\evema\server\hbfaceprosdk.dll
PID(s) during check : 5420

File Path : c:\program files\dds\evema\server\idfaceserver.dll
PID(s) during check : 5420

File Path : c:\program files\dds\evema\server\legacy.dll
PID(s) during check : 5420

File Path : c:\program files\dds\evema\server\libcrypto-3-x64.dll
PID(s) during check : 5420,15220

File Path : c:\program files\dds\evema\server\libssl-3-x64.dll
PID(s) during check : 5420,15220

File Path : c:\program files\dds\evema\server\maserver.exe
PID(s) during check : 5420,15220

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\smdiagnostics\ffd047a0f1115bf37fea27a3d2ba6c01\smdiagnostics.ni.dll
PID(s) during check : 2544

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.configuration\7282bd23a31c27aa55c91aa5052c3064\system.configuration.ni.dll
PID(s) during check : 2544,4312

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.core\8a2e4703eae7e8c0a6c8ed2ec4157688\system.core.ni.dll
PID(s) during check : 2544,4312

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.data\71947cb9ed640b559293bf0e3ff8b757\system.data.ni.dll
PID(s) during check : 4312

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.dire573b08f5#\393706a2ca0584f0aeeccc2c6a282d75\system.directoryservices.accountmanagement.ni.dll
PID(s) during check : 2544

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.dire5d62f0a2#\3ba6860ff65d8ced7df7eed6675a1f73\system.directoryservices.protocols.ni.dll
PID(s) during check : 2544

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.dired13b18a9#\c0a0dbfc5c06841050620fb8b4a9bb9d\system.directoryservices.ni.dll
PID(s) during check : 2544

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.ente96d83b35#\f35a40277c2faa3dc59bac94e76320d7\system.enterpriseservices.ni.dll
PID(s) during check : 4312

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.ente96d83b35#\f35a40277c2faa3dc59bac94e76320d7\system.enterpriseservices.wrapper.dll
PID(s) during check : 4312

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.identitymodel\6651bd178fff628330d1591bebac7254\system.identitymodel.ni.dll
PID(s) during check : 2544

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.management\73496546f3a58248ed016e15397486ed\system.management.ni.dll
PID(s) during check : 4312

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.net.http\8f8ee5d662a9f9d5adbee4e1901db7f8\system.net.http.ni.dll
PID(s) during check : 4312

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.runteb92aa12#\e3c8e6ffc2e2f39bd1639c40e3af85f3\system.runtime.serialization.ni.dll
PID(s) during check : 2544

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.serv30e99c02#\4d5ce1510b6d92261e250e52de38dbde\system.servicemodel.channels.ni.dll
PID(s) during check : 2544

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.serv759bfb78#\a28d3858e69a94fea570a8b3e80e8ff0\system.serviceprocess.ni.dll
PID(s) during check : 2544,4312

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.servd1dec626#\0469d020cb468ee51d9b4c619fe95459\system.servicemodel.internals.ni.dll
PID(s) during check : 2544

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.servf73e6522#\1595d4b07931b319574b321063973e7c\system.servicemodel.web.ni.dll
PID(s) during check : 2544

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.servicemodel\8112b6face983523c0ebb2f1bf6a6da0\system.servicemodel.ni.dll
PID(s) during check : 2544

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.transactions\89c5726dacb5408ab4d064465eb549eb\system.transactions.ni.dll
PID(s) during check : 4312

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.web.28b9ef5a#\a480731597ae012103a9257996650ab3\system.web.extensions.ni.dll
PID(s) during check : 4312

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.web.services\0e011812eb76929f7e5c1fb4594494e0\system.web.services.ni.dll
PID(s) during check : 2544

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.web\48e085cb64d75a162c14cc1e4a5cb8d4\system.web.ni.dll
PID(s) during check : 4312

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.xaml\904da4d97c26c29a96ad8f458bdc82fe\system.xaml.ni.dll
PID(s) during check : 2544

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.xml.linq\7e354bdee896e2f4213a08239d21d03d\system.xml.linq.ni.dll
PID(s) during check : 4312

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.xml\f58bcb1d98c88dc2c1fcdf12c329fe47\system.xml.ni.dll
PID(s) during check : 2544,4312

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system\12f61e3a15a903def0bce11cfcee51bc\system.ni.dll
PID(s) during check : 2544,4312

File Path : c:\windows\tenable_mw_scan_142a90001fb65e0beb1751cc8c63edd0.exe
PID(s) during check : 2012
105045 - Malicious Process Detection: Authenticode Not Verified
-
Synopsis
Nessus found signed processes on the remote host that couldn't be verified.
Description
Running processes that are signed but couldn't be verified.
See Also
Solution
This software couldn't be verified and should be investigated as to why the trust couldn't be verified.
Risk Factor
None
Plugin Information
Published: 2017/12/06, Modified: 2024/03/26
Plugin Output

tcp/445/cifs

File Path : c:\program files (x86)\trellix\epolicy orchestrator\ccme_asym.dll
PID(s) during check : 16296,17840
Verification Status : 2148204810
Status Description : A certificate chain could not be built to a trusted root authority.
1 :
Subject : C=US, S=Texas, L=Round Rock, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, O=Dell Technologies Inc., OID.2.5.4.15=Private Organization, OU=BSAFE, SERIALNUMBER=5280394, CN=Dell Technologies Inc.
Issuer : C=US, O="Entrust, Inc.", OU=See www.entrust.net/legal-terms, OU="(c) 2015 Entrust, Inc. - for authorized use only", CN=Entrust Extended Validation Code Signing CA - EVCS1
Serial : 2cdfc730581ba1925222206a766a581b
Thumbprint : 40be337c0e9b27813bf8f89723cd67dfcebbbde0
Not Before : 2020-09-29
Not After : 2021-09-29

File Path : c:\program files (x86)\trellix\epolicy orchestrator\ccme_aux_entropy.dll
PID(s) during check : 16296,17840
Verification Status : 2148204810
Status Description : A certificate chain could not be built to a trusted root authority.
1 :
Subject : C=US, S=Texas, L=Round Rock, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, O=Dell Technologies Inc., OID.2.5.4.15=Private Organization, OU=BSAFE, SERIALNUMBER=5280394, CN=Dell Technologies Inc.
Issuer : C=US, O="Entrust, Inc.", OU=See www.entrust.net/legal-terms, OU="(c) 2015 Entrust, Inc. - for authorized use only", CN=Entrust Extended Validation Code Signing CA - EVCS1
Serial : 2cdfc730581ba1925222206a766a581b
Thumbprint : 40be337c0e9b27813bf8f89723cd67dfcebbbde0
Not Before : 2020-09-29
Not After : 2021-09-29

File Path : c:\program files (x86)\trellix\epolicy orchestrator\ccme_base.dll
PID(s) during check : 16296,17840
Verification Status : 2148204810
Status Description : A certificate chain could not be built to a trusted root authority.
1 :
Subject : C=US, S=Texas, L=Round Rock, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, O=Dell Technologies Inc., OID.2.5.4.15=Private Organization, OU=BSAFE, SERIALNUMBER=5280394, CN=Dell Technologies Inc.
Issuer : C=US, O="Entrust, Inc.", OU=See www.entrust.net/legal-terms, OU="(c) 2015 Entrust, Inc. - for authorized use only", CN=Entrust Extended Validation Code Signing CA - EVCS1
Serial : 2cdfc730581ba1925222206a766a581b
Thumbprint : 40be337c0e9b27813bf8f89723cd67dfcebbbde0
Not Before : 2020-09-29
Not After : 2021-09-29

File Path : c:\program files (x86)\trellix\epolicy orchestrator\ccme_base_non_fips.dll
PID(s) during check : 16296,17840
Verification Status : 2148204810
Status Description : A certificate chain could not be built to a trusted root authority.
1 :
Subject : C=US, S=Texas, L=Round Rock, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, O=Dell Technologies Inc., OID.2.5.4.15=Private Organization, OU=BSAFE, SERIALNUMBER=5280394, CN=Dell Technologies Inc.
Issuer : C=US, O="Entrust, Inc.", OU=See www.entrust.net/legal-terms, OU="(c) 2015 Entrust, Inc. - for authorized use only", CN=Entrust Extended Validation Code Signing CA - EVCS1
Serial : 2cdfc730581ba1925222206a766a581b
Thumbprint : 40be337c0e9b27813bf8f89723cd67dfcebbbde0
Not Before : 2020-09-29
Not After : 2021-09-29

File Path : c:\program files (x86)\trellix\epolicy orchestrator\ccme_ecc.dll
PID(s) during check : 16296,17840
Verification Status : 2148204810
Status Description : A certificate chain could not be built to a trusted root authority.
1 :
Subject : C=US, S=Texas, L=Round Rock, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, O=Dell Technologies Inc., OID.2.5.4.15=Private Organization, OU=BSAFE, SERIALNUMBER=5280394, CN=Dell Technologies Inc.
Issuer : C=US, O="Entrust, Inc.", OU=See www.entrust.net/legal-terms, OU="(c) 2015 Entrust, Inc. - for authorized use only", CN=Entrust Extended Validation Code Signing CA - EVCS1
Serial : 2cdfc730581ba1925222206a766a581b
Thumbprint : 40be337c0e9b27813bf8f89723cd67dfcebbbde0
Not Before : 2020-09-29
Not After : 2021-09-29

File Path : c:\program files (x86)\trellix\epolicy orchestrator\ccme_ecc_non_fips.dll
PID(s) during check : 16296,17840
Verification Status : 2148204810
Status Description : A certificate chain could not be built to a trusted root authority.
1 :
Subject : C=US, S=Texas, L=Round Rock, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, O=Dell Technologies Inc., OID.2.5.4.15=Private Organization, OU=BSAFE, SERIALNUMBER=5280394, CN=Dell Technologies Inc.
Issuer : C=US, O="Entrust, Inc.", OU=See www.entrust.net/legal-terms, OU="(c) 2015 Entrust, Inc. - for authorized use only", CN=Entrust Extended Validation Code Signing CA - EVCS1
Serial : 2cdfc730581ba1925222206a766a581b
Thumbprint : 40be337c0e9b27813bf8f89723cd67dfcebbbde0
Not Before : 2020-09-29
Not After : 2021-09-29

File Path : c:\program files (x86)\trellix\epolicy orchestrator\ccme_error_info.dll
PID(s) during check : 16296,17840
Verification Status : 2148204810
Status Description : A certificate chain could not be built to a trusted root authority.
1 :
Subject : C=US, S=Texas, L=Round Rock, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, O=Dell Technologies Inc., OID.2.5.4.15=Private Organization, OU=BSAFE, SERIALNUMBER=5280394, CN=Dell Technologies Inc.
Issuer : C=US, O="Entrust, Inc.", OU=See www.entrust.net/legal-terms, OU="(c) 2015 Entrust, Inc. - for authorized use only", CN=Entrust Extended Validation Code Signing CA - EVCS1
Serial : 2cdfc730581ba1925222206a766a581b
Thumbprint : 40be337c0e9b27813bf8f89723cd67dfcebbbde0
Not Before : 2020-09-29
Not After : 2021-09-29

File Path : c:\program files (x86)\trellix\epolicy orchestrator\cryptocme.dll
PID(s) during check : 16296,17840
Verification Status : 2148204810
Status Description : A certificate chain could not be built to a trusted root authority.
1 :
Subject : C=US, S=Texas, L=Round Rock, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, O=Dell Technologies Inc., OID.2.5.4.15=Private Organization, OU=BSAFE, SERIALNUMBER=5280394, CN=Dell Technologies Inc.
Issuer : C=US, O="Entrust, Inc.", OU=See www.entrust.net/legal-terms, OU="(c) 2015 Entrust, Inc. - for authorized use only", CN=Entrust Extended Validation Code Signing CA - EVCS1
Serial : 2cdfc730581ba1925222206a766a581b
Thumbprint : 40be337c0e9b27813bf8f89723cd67dfcebbbde0
Not Before : 2020-09-29
Not After : 2021-09-29

File Path : c:\program files (x86)\trellix\epolicy orchestrator\x64\ccme_asym.dll
PID(s) during check : 16304
Verification Status : 2148204810
Status Description : A certificate chain could not be built to a trusted root authority.
1 :
Subject : C=US, S=Texas, L=Round Rock, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, O=Dell Technologies Inc., OID.2.5.4.15=Private Organization, OU=BSAFE, SERIALNUMBER=5280394, CN=Dell Technologies Inc.
Issuer : C=US, O="Entrust, Inc.", OU=See www.entrust.net/legal-terms, OU="(c) 2015 Entrust, Inc. - for authorized use only", CN=Entrust Extended Validation Code Signing CA - EVCS1
Serial : 2cdfc730581ba1925222206a766a581b
Thumbprint : 40be337c0e9b27813bf8f89723cd67dfcebbbde0
Not Before : 2020-09-29
Not After : 2021-09-29

File Path : c:\program files (x86)\trellix\epolicy orchestrator\x64\ccme_aux_entropy.dll
PID(s) during check : 16304
Verification Status : 2148204810
Status Description : A certificate chain could not be built to a trusted root authority.
1 :
Subject : C=US, S=Texas, L=Round Rock, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, O=Dell Technologies Inc., OID.2.5.4.15=Private Organization, OU=BSAFE, SERIALNUMBER=5280394, CN=Dell Technologies Inc.
Issuer : C=US, O="Entrust, Inc.", OU=See www.entrust.net/legal-terms, OU="(c) 2015 Entrust, Inc. - for authorized use only", CN=Entrust Extended Validation Code Signing CA - EVCS1
Serial : 2cdfc730581ba1925222206a766a581b
Thumbprint : 40be337c0e9b27813bf8f89723cd67dfcebbbde0
Not Before : 2020-09-29
Not After : 2021-09-29

File Path : c:\program files (x86)\trellix\epolicy orchestrator\x64\ccme_base.dll
PID(s) during check : 16304
Verification Status : 2148204810
Status Description : A certificate chain could not be built to a trusted root authority.
1 :
Subject : C=US, S=Texas, L=Round Rock, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, O=Dell Technologies Inc., OID.2.5.4.15=Private Organization, OU=BSAFE, SERIALNUMBER=5280394, CN=Dell Technologies Inc.
Issuer : C=US, O="Entrust, Inc.", OU=See www.entrust.net/legal-terms, OU="(c) 2015 Entrust, Inc. - for authorized use only", CN=Entrust Extended Validation Code Signing CA - EVCS1
Serial : 2cdfc730581ba1925222206a766a581b
Thumbprint : 40be337c0e9b27813bf8f89723cd67dfcebbbde0
Not Before : 2020-09-29
Not After : 2021-09-29

File Path : c:\program files (x86)\trellix\epolicy orchestrator\x64\ccme_base_non_fips.dll
PID(s) during check : 16304
Verification Status : 2148204810
Status Description : A certificate chain could not be built to a trusted root authority.
1 :
Subject : C=US, S=Texas, L=Round Rock, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, O=Dell Technologies Inc., OID.2.5.4.15=Private Organization, OU=BSAFE, SERIALNUMBER=5280394, CN=Dell Technologies Inc.
Issuer : C=US, O="Entrust, Inc.", OU=See www.entrust.net/legal-terms, OU="(c) 2015 Entrust, Inc. - for authorized use only", CN=Entrust Extended Validation Code Signing CA - EVCS1
Serial : 2cdfc730581ba1925222206a766a581b
Thumbprint : 40be337c0e9b27813bf8f89723cd67dfcebbbde0
Not Before : 2020-09-29
Not After : 2021-09-29

File Path : c:\program files (x86)\trellix\epolicy orchestrator\x64\ccme_ecc.dll
PID(s) during check : 16304
Verification Status : 2148204810
Status Description : A certificate chain could not be built to a trusted root authority.
1 :
Subject : C=US, S=Texas, L=Round Rock, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, O=Dell Technologies Inc., OID.2.5.4.15=Private Organization, OU=BSAFE, SERIALNUMBER=5280394, CN=Dell Technologies Inc.
Issuer : C=US, O="Entrust, Inc.", OU=See www.entrust.net/legal-terms, OU="(c) 2015 Entrust, Inc. - for authorized use only", CN=Entrust Extended Validation Code Signing CA - EVCS1
Serial : 2cdfc730581ba1925222206a766a581b
Thumbprint : 40be337c0e9b27813bf8f89723cd67dfcebbbde0
Not Before : 2020-09-29
Not After : 2021-09-29

File Path : c:\program files (x86)\trellix\epolicy orchestrator\x64\ccme_ecc_non_fips.dll
PID(s) during check : 16304
Verification Status : 2148204810
Status Description : A certificate chain could not be built to a trusted root authority.
1 :
Subject : C=US, S=Texas, L=Round Rock, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, O=Dell Technologies Inc., OID.2.5.4.15=Private Organization, OU=BSAFE, SERIALNUMBER=5280394, CN=Dell Technologies Inc.
Issuer : C=US, O="Entrust, Inc.", OU=See www.entrust.net/legal-terms, OU="(c) 2015 Entrust, Inc. - for authorized use only", CN=Entrust Extended Validation Code Signing CA - EVCS1
Serial : 2cdfc730581ba1925222206a766a581b
Thumbprint : 40be337c0e9b27813bf8f89723cd67dfcebbbde0
Not Before : 2020-09-29
Not After : 2021-09-29

File Path : c:\program files (x86)\trellix\epolicy orchestrator\x64\ccme_error_info.dll
PID(s) during check : 16304
Verification Status : 2148204810
Status Description : A certificate chain could not be built to a trusted root authority.
1 :
Subject : C=US, S=Texas, L=Round Rock, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, O=Dell Technologies Inc., OID.2.5.4.15=Private Organization, OU=BSAFE, SERIALNUMBER=5280394, CN=Dell Technologies Inc.
Issuer : C=US, O="Entrust, Inc.", OU=See www.entrust.net/legal-terms, OU="(c) 2015 Entrust, Inc. - for authorized use only", CN=Entrust Extended Validation Code Signing CA - EVCS1
Serial : 2cdfc730581ba1925222206a766a581b
Thumbprint : 40be337c0e9b27813bf8f89723cd67dfcebbbde0
Not Before : 2020-09-29
Not After : 2021-09-29

File Path : c:\program files (x86)\trellix\epolicy orchestrator\x64\cryptocme.dll
PID(s) during check : 16304
Verification Status : 2148204810
Status Description : A certificate chain could not be built to a trusted root authority.
1 :
Subject : C=US, S=Texas, L=Round Rock, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, O=Dell Technologies Inc., OID.2.5.4.15=Private Organization, OU=BSAFE, SERIALNUMBER=5280394, CN=Dell Technologies Inc.
Issuer : C=US, O="Entrust, Inc.", OU=See www.entrust.net/legal-terms, OU="(c) 2015 Entrust, Inc. - for authorized use only", CN=Entrust Extended Validation Code Signing CA - EVCS1
Serial : 2cdfc730581ba1925222206a766a581b
Thumbprint : 40be337c0e9b27813bf8f89723cd67dfcebbbde0
Not Before : 2020-09-29
Not After : 2021-09-29
104857 - Malicious Process Detection: Authenticode Signed
-
Synopsis
Nessus found trusted signed processes on the remote host.
Description
Running processes that are signed and trusted and today's date falls in the Not Before and Not After range on the certificate.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2017/11/29, Modified: 2024/03/26
Plugin Output

tcp/445/cifs

report output too big - ending list here

104854 - Malicious Process Detection: Authenticode Signed Bad Date
-
Synopsis
Nessus found trusted signed processes for which today's date falls outside of the Not Before and Not After certificate dates on the remote host.
Description
Running processes that are signed and trusted but today's date falls outside of the Not Before and Not After certificate dates. These processes still validate as trusted.
See Also
Solution
Obtain an updated version from the vendor that has been signed with a newer certificate.
Risk Factor
None
Plugin Information
Published: 2017/11/29, Modified: 2024/03/26
Plugin Output

tcp/445/cifs

report output too big - ending list here

87955 - McAfee Agent Detection
-
Synopsis
A security management agent is installed on the remote host.
Description
The McAfee Agent, formerly McAfee ePolicy Orchestrator (ePO) Agent, is installed on the remote host. This agent facilitates remote security management of the host via McAfee ePO.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-873
Plugin Information
Published: 2016/01/15, Modified: 2024/03/26
Plugin Output

tcp/0


Path : C:\Program Files\McAfee\Agent\x86
Version : 5.8.0.161
Agent GUID : {c70cf23f-e075-4311-801e-3c54f1cec65b}
Server list : masked_hostname.gcc.EMSOCCS.gsdf.mods.go.jp|ipaddr|443;

51351 - Microsoft .NET Framework Detection
-
Synopsis
A software framework is installed on the remote host.
Description
Microsoft .NET Framework, a software framework for Microsoft Windows operating systems, is installed on the remote host.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0655
Plugin Information
Published: 2010/12/20, Modified: 2022/10/18
Plugin Output

tcp/445/cifs


Nessus detected 2 installs of Microsoft .NET Framework:

Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Version : 4.7.2
Full Version : 4.7.03190
Install Type : Full
Release : 461814

Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Version : 4.7.2
Full Version : 4.7.03190
Install Type : Client
Release : 461814
99364 - Microsoft .NET Security Rollup Enumeration
-
Synopsis
This plugin enumerates installed Microsoft .NET security rollups.
Description
Nessus was able to enumerate the Microsoft .NET security rollups installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2017/04/14, Modified: 2024/04/11
Plugin Output

tcp/445/cifs


Path : C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
Version : 4.7.3460.0
.NET Version : 4.7.2
Associated KB : 4514366
Latest effective update level : 09_2019

192148 - Microsoft Azure Data Studio Installed (Windows)
-
Synopsis
Microsoft Azure Data Studio is installed on the remote Windows host.
Description
Microsoft Azure Data Studio is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2024/03/15, Modified: 2024/03/27
Plugin Output

tcp/0


Path : C:\Program Files\Azure Data Studio\
Version : 1.44.0.0

72879 - Microsoft Internet Explorer Enhanced Security Configuration Detection
-
Synopsis
The remote host supports IE Enhanced Security Configuration.
Description
Nessus detects if the remote Windows host supports IE Enhanced Security Configuration (ESC) and if IE ESC features are enabled or disabled.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2014/03/07, Modified: 2024/03/26
Plugin Output

tcp/445/cifs


Type : Admin Groups
Is Enabled : True

Type : User Groups
Is Enabled : True

162560 - Microsoft Internet Explorer Installed
-
Synopsis
A web browser is installed on the remote Windows host.
Description
Microsoft Internet Explorer, a web browser bundled with Microsoft Windows, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2022/06/28, Modified: 2024/03/26
Plugin Output

tcp/0


Path : C:\Windows\system32\mshtml.dll
Version : 11.0.17763.2213

72367 - Microsoft Internet Explorer Version Detection
-
Synopsis
Internet Explorer is installed on the remote host.
Description
The remote Windows host contains Internet Explorer, a web browser created by Microsoft.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0509
Plugin Information
Published: 2014/02/06, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


Version : 11.1790.17763.0
174413 - Microsoft ODBC Driver for SQL Server Installed (Windows)
-
Synopsis
Microsoft ODBC Driver for SQL Server is installed on the remote Windows host.
Description
Microsoft ODBC Driver for SQL Server is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/04/17, Modified: 2024/03/26
Plugin Output

tcp/445/cifs


Path : C:\Windows\System32\msodbcsql17.dll
Version : 17.10.4.1
174405 - Microsoft OLE DB Driver for SQL Server Installed (Windows)
-
Synopsis
Microsoft OLE DB Driver for SQL Server is installed on the remote Windows host.
Description
Microsoft OLE DB Driver for SQL Server is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/04/17, Modified: 2024/03/26
Plugin Output

tcp/445/cifs


Path : C:\Windows\System32\msoledbsql.dll
Version : 18.6.5.0

92427 - Microsoft Paint Recent File History
-
Synopsis
Nessus was able to enumerate files opened in Microsoft Paint on the remote host.
Description
Nessus was able to generate a list of files opened using the Microsoft Paint program.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output

tcp/0

GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- C:\Users\Administrator\Pictures\231226\78-1.png
- C:\Users\Administrator\Pictures\Screenshots\¹¯êüó·çÃÈ (83).png
- C:\Users\Administrator\Pictures\Screenshots\82-4.png
- C:\Users\Administrator\Desktop\EVEMA\-šK.\39.PNG
- C:\Users\Administrator\Pictures\Screenshots\41-1.png
- C:\Users\Administrator\Pictures\Screenshots\1-2.png
- C:\Users\Administrator\Pictures\231226\76.png
- C:\Users\Administrator\Desktop\¨ÓÇó¹\¹¯êüó·çÃÈ (22).png
- C:\Users\Administrator\Desktop\ï+1_EWCPÝ¡«_¹¯êüó·çÃÈ 2024-02-28 111248.png

57033 - Microsoft Patch Bulletin Feasibility Check
-
Synopsis
Nessus is able to check for Microsoft patch bulletins.
Description
Using credentials supplied in the scan policy, Nessus is able to collect information about the software and patches installed on the remote Windows host and will use that information to check for missing Microsoft security updates.

Note that this plugin is purely informational.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/06, Modified: 2021/07/12
Plugin Output

tcp/445/cifs



Nessus is able to test for missing patches using :
Nessus

125835 - Microsoft Remote Desktop Connection Installed
-
Synopsis
A graphical interface connection utility is installed on the remote Windows host
Description
Microsoft Remote Desktop Connection (also known as Remote Desktop Protocol or Terminal Services Client) is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2019/06/12, Modified: 2022/10/10
Plugin Output

tcp/0


Path : C:\Windows\\System32\\mstsc.exe
Version : 10.0.17763.2213

11217 - Microsoft SQL Server Detection (credentialed check)
-
Synopsis
The remote host has a database server installed.
Description
Nessus has detected one or more installs of Microsoft SQL server by examining the registry and file systems on the remote host.
See Also
Solution
Ensure the latest service pack and hotfixes are installed.
Risk Factor
None
References
XREF IAVT:0001-T-0800
Plugin Information
Published: 2003/01/26, Modified: 2023/06/29
Plugin Output

tcp/445/cifs

Version : 16.0.1000.6
Edition : Standard Edition
Path : C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn
Named Instance : MSSQLSERVER

69482 - Microsoft SQL Server STARTTLS Support
-
Synopsis
The remote service supports encrypting traffic.
Description
The remote Microsoft SQL Server service supports the use of encryption initiated during pre-login to switch from a cleartext to an encrypted communications channel.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/07/04, Modified: 2022/04/11
Plugin Output

tcp/1433/mssql


Here is the Microsoft SQL Server's SSL certificate that Nessus
was able to collect after sending a pre-login packet :

------------------------------ snip ------------------------------
Subject Name:

Common Name: SSL_Self_Signed_Fallback

Issuer Name:

Common Name: SSL_Self_Signed_Fallback

Serial Number: 5A 2E F5 B1 72 82 07 BB 42 60 31 9B C3 EF 7B 32

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Mar 22 06:25:16 2024 GMT
Not Valid After: Mar 22 06:25:16 2054 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 3072 bits
Public Key: 00 BE A2 5A 2D FD C7 3E 66 E3 DA 2A 8F 04 D5 95 D1 42 B1 45
C5 67 98 87 89 2B 8B 2E 55 30 C0 7B F9 51 BF 51 BD 1E 69 5B
DD 37 B0 A4 78 06 89 BF 4F 8E CB D4 E1 61 46 EB 0C F4 7F F8
84 CA 10 D7 4E 98 36 87 81 7F 37 E1 72 D0 89 8B 11 F2 E3 3C
2D 34 5D 4A FE 3B 13 0C C3 73 EA 73 AD 85 91 97 CA C5 BA B6
A6 E8 10 06 52 33 16 B7 A0 77 AB FE 54 EA 07 A1 B1 13 E6 63
01 7D 3F BD E4 AB 02 29 24 97 6F 63 E4 31 E3 A6 30 DF B1 E8
FC 90 10 8C 48 E5 92 7B 6B A3 F6 32 0E 97 31 DD 1F 3A EE BE
AC A3 AF 2A 02 86 40 88 FB 84 CD A3 87 9A CB 4F D0 04 32 D5
03 49 14 78 FB DE 67 3E 23 CF 28 E6 5A 96 DC F3 F6 36 DA 40
65 ED 2B 0D 13 45 0C A2 BD 2E 8E C9 1A 65 F0 5D D4 8B B9 5C
22 8B 6B 53 21 FD 49 6C 73 E7 24 A8 8E A1 EF CC 4A 56 A6 93
A3 FF 5B 68 F2 A4 4B B4 D8 92 57 14 84 FD E4 C7 41 E0 53 F1
3D 19 B0 97 E3 65 F3 E8 E8 C6 87 0F C0 F4 E0 2D F5 A9 BA 46
CF 1F 98 0C F6 01 C6 09 E5 25 51 39 D9 DE 36 DF C8 A7 A7 D1
38 8A BE 03 60 48 45 58 F8 B2 F8 0D 8A 50 37 5D 97 9B 3C B8
9F 85 DA 7D B6 69 FC 70 36 76 82 B7 CF F0 F4 96 07 19 62 E4
DD DD 7A C8 F5 20 A7 36 43 76 A3 65 EE D8 AD E5 9E 49 56 B2
95 D4 9F B5 70 C9 E9 37 CF F7 25 EF B0 E8 F7 F1 5C 19 24 AC
B5 0B 1E 59 ED
Exponent: 01 00 01

Signature Length: 384 bytes / 3072 bits
Signature: 00 2B 16 78 40 C5 9A 0C 7C 69 2A 49 B4 05 3B 1B C1 8B 57 B0
12 0E 24 01 A0 C5 C7 D4 E3 92 FB 88 77 74 33 EA 6C 5B CA C4
73 4A BB C9 CA 1B 2E 2D 58 EC F5 9E 37 29 75 50 ED 38 8F 13
14 DC ED 36 A8 08 2B 43 4E B5 B9 72 42 94 F7 9E 43 93 B2 95
F7 FB 98 AD 67 63 72 8D 39 08 BD 2F 96 95 B4 55 DB CB 4E 17
A7 40 F3 5E 33 2D 51 7F 36 74 56 36 D9 EF 41 71 59 3F 0E D8
1C 59 6B E8 1F 19 B0 2A 48 A9 5E 4B 2E B2 38 0E 38 D1 8A 8C
D3 76 6F 11 BE 29 4F 0D CA 4C 1D FD 2E BD 0B 73 28 25 5A 1F
11 1C 49 0C 0B 41 EC 98 39 40 72 EB C4 06 BA EE 6B 64 3D 70
F8 C5 FE 64 C1 7E B2 3B E8 43 88 D0 AE 33 FB 57 BE FD 17 A6
2D 90 D3 FA D3 54 53 9B F1 B7 D7 A7 FC B7 1C 37 5E C4 8A B6
5F E7 04 A7 91 54 F1 74 3E 2C 32 53 3E 91 17 B5 EB 31 F1 25
F4 43 7C ED C6 37 87 95 60 8E 80 A8 FA 2B 53 6C A9 71 02 F6
4E C5 9F AA 8D A9 20 F9 8B 39 AB 93 AD B7 21 B3 C5 E7 3A CD
FD 6F 48 E1 62 EA E5 88 B3 7D 94 49 A8 92 62 07 53 8A E8 AB
1E 4A AF B6 62 A3 82 E3 37 51 81 C3 12 B7 87 B4 18 04 60 35
21 E2 FD 8B 8C 36 0F 07 07 AF B0 B5 64 C4 4F 04 1A 74 D1 38
6E 83 7E DB BD C1 01 40 5A 6B 39 3C 93 AB E6 E3 E1 46 76 20
AA 77 56 C5 33 64 3B 98 43 92 AF 03 EA 87 79 6B BB 76 53 D7
47 8C B4 3C 19


------------------------------ snip ------------------------------


SQL Server Version : 16.0.1000.0
SQL Server Instance : MSSQLSERVER
10144 - Microsoft SQL Server TCP/IP Listener Detection
-
Synopsis
A database server is listening on the remote port.
Description
The remote host is running MSSQL, a database server from Microsoft. It is possible to extract the version number of the remote installation from the server pre-login response.
Solution
Restrict access to the database to allowed IPs only.
Risk Factor
None
References
XREF IAVT:0001-T-0800
Plugin Information
Published: 1999/10/12, Modified: 2023/06/26
Plugin Output

tcp/1433/mssql


Service : mssql-MSSQLSERVER
Version : 16.0.1000.0
InstanceName : MSSQLSERVER
Note : The remote MSSQL server accepts cleartext logins.

10674 - Microsoft SQL Server UDP Query Remote Version Disclosure
-
Synopsis
It is possible to determine the remote SQL server version.
Description
Microsoft SQL server has a function wherein remote users can query the database server for the version that is being run. The query takes place over the same UDP port that handles the mapping of multiple SQL server instances on the same machine.

It is important to note that, after Version 8.00.194, Microsoft decided not to update this function. This means that the data returned by the SQL ping is inaccurate for newer releases of SQL Server.
Solution
If there is only a single SQL instance installed on the remote host, consider filter incoming traffic to this port.
Risk Factor
None
Plugin Information
Published: 2001/05/25, Modified: 2018/03/13
Plugin Output

udp/1434


A 'ping' request returned the following information about the remote
SQL instance :

ServerName : masked_hostname
InstanceName : MSSQLSERVER
IsClustered : No
Version : 16.0.1000.6
tcp : 1433

93962 - Microsoft Security Rollup Enumeration
-
Synopsis
This plugin enumerates installed Microsoft security rollups.
Description
Nessus was able to enumerate the Microsoft security rollups installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/10/11, Modified: 2023/06/26
Plugin Output

tcp/445/cifs


Cumulative Rollup : 09_2021
Cumulative Rollup : 08_2021
Cumulative Rollup : 07_2021
Cumulative Rollup : 06_2021_07_01
Cumulative Rollup : 06_2021
Cumulative Rollup : 05_2021
Cumulative Rollup : 04_2021
Cumulative Rollup : 03_2021
Cumulative Rollup : 02_2021
Cumulative Rollup : 01_2021
Cumulative Rollup : 12_2020
Cumulative Rollup : 11_2020
Cumulative Rollup : 10_2020
Cumulative Rollup : 09_2020
Cumulative Rollup : 08_2020
Cumulative Rollup : 07_2020
Cumulative Rollup : 06_2020
Cumulative Rollup : 05_2020
Cumulative Rollup : 04_2020
Cumulative Rollup : 03_2020
Cumulative Rollup : 02_2020
Cumulative Rollup : 01_2020
Cumulative Rollup : 12_2019
Cumulative Rollup : 11_2019
Cumulative Rollup : 10_2019 [KB4519338]
Cumulative Rollup : 09_2019
Cumulative Rollup : 08_2019
Cumulative Rollup : 07_2019
Cumulative Rollup : 06_2019
Cumulative Rollup : 05_2019
Cumulative Rollup : 04_2019
Cumulative Rollup : 03_2019
Cumulative Rollup : 02_2019
Cumulative Rollup : 01_2019
Cumulative Rollup : 12_2018
Cumulative Rollup : 11_2018
Cumulative Rollup : 10_2018

Latest effective update level : 09_2021
File checked : C:\Windows\system32\ntoskrnl.exe
File version : 10.0.17763.2213
Associated KB : 5005568
10902 - Microsoft Windows 'Administrators' Group User List
-
Synopsis
There is at least one user in the 'Administrators' group.
Description
Using the supplied credentials, it is possible to extract the member list of the 'Administrators' group. Members of this group have complete access to the remote system.
Solution
Verify that each member of the group should have this type of access.
Risk Factor
None
Plugin Information
Published: 2002/03/15, Modified: 2018/05/16
Plugin Output

tcp/445/cifs


The following users are members of the 'Administrators' group :

- EMSOCCS1\Administrator (User)
- EMSOCCS1\Enterprise Admins (Group)
- EMSOCCS1\Domain Admins (Group)
- EMSOCCS1\EVEMAuser (User)
48763 - Microsoft Windows 'CWDIllegalInDllSearch' Registry Setting
-
Synopsis
CWDIllegalInDllSearch Settings: Improper settings could allow code execution attacks.
Description
Windows Hosts can be hardened against DLL hijacking attacks by setting the The 'CWDIllegalInDllSearch' registry entry in to one of the following settings:

- 0xFFFFFFFF (Removes the current working directory from the default DLL search order)

- 1 (Blocks a DLL Load from the current working directory if the current working directory is set to a WebDAV folder)

- 2 (Blocks a DLL Load from the current working directory if the current working directory is set to a remote folder)
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/08/26, Modified: 2019/12/20
Plugin Output

tcp/445/cifs


Name : SYSTEM\CurrentControlSet\Control\Session Manager\CWDIllegalInDllSearch
Value : Registry Key Empty or Missing

70615 - Microsoft Windows AutoRuns Boot Execute
-
Synopsis
Report programs that startup associates with session manager subsystem.
Description
Report registry startup locations associated with the session manager subsystem during boot time.

These registry keys start-up with the smss.exe service during boot time and perform system tasks that cannot be performed while Windows is running.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2024/03/26
Plugin Output

tcp/0

+ HKLM\System\CurrentControlSet\Control\Session Manager\bootexecute
- autocheck autochk /q /v *

70616 - Microsoft Windows AutoRuns Codecs
-
Synopsis
Report programs set to normally start with multimedia.
Description
Codecs are encoders and decoders for digital data streams commonly associated with video and audio playback.

The following keys are codecs that are set to start automatically to control different types of digital media encoding and decoding.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2024/03/26
Plugin Output

tcp/0


+ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
- vidc.yvu9 : tsbyuv.dll
- vidc.mrle : msrle32.dll
- vidc.iyuv : iyuv_32.dll
- wavemapper : msacm32.drv
- msacm.msadpcm : msadp32.acm
- vidc.yuy2 : msyuv.dll
- vidc.uyvy : msyuv.dll
- vidc.msvc : msvidc32.dll
- msacm.imaadpcm : imaadp32.acm
- msacm.msg711 : msg711.acm
- msacm.msgsm610 : msgsm32.acm
- msacm.l3acm : C:\Windows\System32\l3codeca.acm
- vidc.yvyu : msyuv.dll
- midimapper : midimap.dll
- vidc.i420 : iyuv_32.dll


+ HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
- vidc.yvu9 : tsbyuv.dll
- vidc.mrle : msrle32.dll
- vidc.iyuv : iyuv_32.dll
- wavemapper : msacm32.drv
- msacm.msadpcm : msadp32.acm
- vidc.yuy2 : msyuv.dll
- vidc.uyvy : msyuv.dll
- vidc.msvc : msvidc32.dll
- msacm.imaadpcm : imaadp32.acm
- msacm.msg711 : msg711.acm
- msacm.msgsm610 : msgsm32.acm
- msacm.l3acm : C:\Windows\SysWOW64\l3codeca.acm
- vidc.cvid : iccvid.dll
- vidc.yvyu : msyuv.dll
- midimapper : midimap.dll
- vidc.i420 : iyuv_32.dll


+ HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance
+ CLSID : {129D7E40-C10D-11D0-AFB9-00AA00B67A42}
- Name : DV Muxer
- Value : C:\Windows\System32\qdv.dll

+ CLSID : {1643E180-90F5-11CE-97D5-00AA0055595A}
- Name : Color Space Converter
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {187463A0-5BB7-11D3-ACBE-0080C75E246E}
- Name : WM ASF Reader
- Value : C:\Windows\System32\qasf.dll

+ CLSID : {1B544C20-FD0B-11CE-8C63-00AA0044B51E}
- Name : AVI Splitter
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {1DA08500-9EDC-11CF-BC10-00AA00AC74F6}
- Name : VGA 16 Color Ditherer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {1f26a602-2b5c-4b63-b8e8-9ea5c1a7dc2e}
- Name : SBE2MediaTypeProfile
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {212690FB-83E5-4526-8FD7-74478B7939CD}
- Name : Microsoft DTV-DVD Video Decoder
- Value : C:\Windows\System32\msmpeg2vdec.dll

+ CLSID : {280A3020-86CF-11D1-ABE6-00A0C905F375}
- Name : AC3 Parser Filter
- Value : C:\Windows\System32\mpg2splt.ax

+ CLSID : {2DB47AE5-CF39-43C2-B4D6-0CD8D90946F4}
- Name : StreamBufferSink
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {301056D0-6DFF-11D2-9EEB-006008039E37}
- Name : MJPEG Decompressor
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {336475D0-942A-11CE-A870-00AA002FEAB5}
- Name : MPEG-I Stream Splitter
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {33FACFE0-A9BE-11D0-A520-00A0D10129C0}
- Name : SAMI (CC) Parser
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {370A1D5D-DDEB-418C-81CD-189E0D4FA443}
- Name : VBI Codec
- Value : C:\Windows\System32\VBICodec.ax

+ CLSID : {3AE86B20-7BE8-11D1-ABE6-00A0C905F375}
- Name : MPEG-2 Splitter
- Value : C:\Windows\System32\mpg2splt.ax

+ CLSID : {3D07A539-35CA-447C-9B05-8D85CE924F9E}
- Name : Closed Captions Analysis Filter
- Value : C:\Windows\System32\cca.dll

+ CLSID : {3E458037-0CA6-41aa-A594-2AA6C02D709B}
- Name : SBE2FileScan
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {42150CD9-CA9A-4EA5-9939-30EE037F6E74}
- Name : Microsoft MPEG-2 Video Encoder
- Value : C:\Windows\System32\msmpeg2enc.dll

+ CLSID : {48025243-2D39-11CE-875D-00608CB78066}
- Name : Internal Script Command Renderer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {4A2286E0-7BEF-11CE-9BD9-0000E202599C}
- Name : MPEG Audio Decoder
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {4EB31670-9FC6-11CF-AF6E-00AA00B67A42}
- Name : DV Splitter
- Value : C:\Windows\System32\qdv.dll

+ CLSID : {51B4ABF3-748F-4E3B-A276-C828330E926A}
- Name : Video Mixing Renderer 9
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {5F5AFF4A-2F7F-4279-88C2-CD88EB39D144}
- Name : Microsoft MPEG-2 Encoder
- Value : C:\Windows\System32\msmpeg2enc.dll

+ CLSID : {6A08CF80-0E18-11CF-A24D-0020AFD79767}
- Name : ACM Wrapper
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}
- Name : Video Renderer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {6CFAD761-735D-4AA5-8AFC-AF91A7D61EBA}
- Name : MPEG-2 Video Stream Analyzer
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {6E8D4A20-310C-11D0-B79A-00AA003767A7}
- Name : Line 21 Decoder
- Value : CLSID is not set in HKCR\CLSID\

+ CLSID : {6F26A6CD-967B-47FD-874A-7AED2C9D25A2}
- Name : Video Port Manager
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {70E102B0-5556-11CE-97C0-00AA0055595A}
- Name : Video Renderer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {7B3BC2A0-AA50-4ae7-BD44-B03649EC87C2}
- Name : VPS Decoder
- Value : C:\Windows\System32\WSTPager.ax

+ CLSID : {7C23220E-55BB-11D3-8B16-00C04FB6BD3D}
- Name : WM ASF Writer
- Value : C:\Windows\System32\qasf.dll

+ CLSID : {814B9800-1C88-11D1-BAD9-00609744111A}
- Name : VBI Surface Allocator
- Value : %SystemRoot%\System32\vbisurf.ax

+ CLSID : {8596E5F0-0DA5-11D0-BD21-00A0C911CE86}
- Name : File writer
- Value : C:\Windows\System32\qcap.dll

+ CLSID : {9B8C4620-2C1A-11D0-8493-00A02438AD48}
- Name : DVD Navigator
- Value : C:\Windows\System32\qdvd.dll

+ CLSID : {A0025E90-E45B-11D1-ABE9-00A0C905F375}
- Name : Overlay Mixer2
- Value : CLSID is not set in HKCR\CLSID\

+ CLSID : {A888DF60-1E90-11CF-AC98-00AA004C0FA9}
- Name : AVI Draw
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {ACD453BC-C58A-44D1-BBF5-BFB325BE2D78}
- Name : Microsoft MPEG-2 Audio Encoder
- Value : C:\Windows\System32\msmpeg2enc.dll

+ CLSID : {AD6C8934-F31B-4F43-B5E4-0541C1452F6F}
- Name : WST Pager
- Value : C:\Windows\System32\WSTPager.ax

+ CLSID : {AFB6C280-2C41-11D3-8A60-0000F81E0E4A}
- Name : MPEG-2 Demultiplexer
- Value : C:\Windows\System32\mpg2splt.ax

+ CLSID : {B1B77C00-C3E4-11CF-AF79-00AA00B67A42}
- Name : DV Video Decoder
- Value : C:\Windows\System32\qdv.dll

+ CLSID : {C1F400A0-3F08-11D3-9F0B-006008039E37}
- Name : SampleGrabber
- Value : C:\Windows\System32\qedit.dll

+ CLSID : {C1F400A4-3F08-11D3-9F0B-006008039E37}
- Name : Null Renderer
- Value : C:\Windows\System32\qedit.dll

+ CLSID : {C666E115-BB62-4027-A113-82D643FE2D99}
- Name : MPEG-2 Sections and Tables
- Value : C:\Windows\System32\Mpeg2Data.ax

+ CLSID : {C9F5FE02-F851-4EB5-99EE-AD602AF1E619}
- Name : StreamBufferSource
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {CC58E280-8AA1-11D1-B3F1-00AA003761C5}
- Name : Smart Tee
- Value : C:\Windows\System32\qcap.dll

+ CLSID : {CD8743A1-3736-11D0-9E69-00C04FD7C15B}
- Name : Overlay Mixer
- Value : CLSID is not set in HKCR\CLSID\

+ CLSID : {CF49D4E0-1115-11CE-B03A-0020AF0BA770}
- Name : AVI Decompressor
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D3588AB0-0781-11CE-B03A-0020AF0BA770}
- Name : AVI/WAV File Source
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D51BD5A1-7548-11CF-A520-0080C77EF58A}
- Name : Wave Parser
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D51BD5A2-7548-11CF-A520-0080C77EF58A}
- Name : MIDI Parser
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D51BD5A3-7548-11CF-A520-0080C77EF58A}
- Name : Multi-file Parser
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D51BD5A5-7548-11CF-A520-0080C77EF58A}
- Name : File stream renderer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {E2448508-95DA-4205-9A27-7EC81E723B1A}
- Name : StreamBufferSink2
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {E2510970-F137-11CE-8B67-00AA00A3F1A6}
- Name : AVI Mux
- Value : C:\Windows\System32\qcap.dll

+ CLSID : {E4206432-01A1-4BEE-B3E1-3702C8EDC574}
- Name : Line 21 Decoder 2
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {E436EBB5-524F-11CE-9F53-0020AF0BA770}
- Name : File Source (Async.)
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {E436EBB6-524F-11CE-9F53-0020AF0BA770}
- Name : File Source (URL)
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {F8388A40-D5BB-11D0-BE5A-0080C706568E}
- Name : Infinite Pin Tee Filter
- Value : C:\Windows\System32\qcap.dll

+ CLSID : {FA10746C-9B63-4B6C-BC49-FC300EA5F256}
- Name : Enhanced Video Renderer
- Value : C:\Windows\System32\evr.dll

+ CLSID : {FC772AB0-0C7F-11D3-8FF2-00A0C9224CF4}
- Name : BDA MPEG2 Transport Information Filter
- Value : C:\Windows\System32\psisrndr.ax

+ CLSID : {FEB50740-7BEF-11CE-9BD9-0000E202599C}
- Name : MPEG Video Decoder
- Value : C:\Windows\System32\quartz.dll


+ HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance
+ CLSID : {129D7E40-C10D-11D0-AFB9-00AA00B67A42}
- Name : DV Muxer
- Value : C:\Windows\System32\qdv.dll

+ CLSID : {1643E180-90F5-11CE-97D5-00AA0055595A}
- Name : Color Space Converter
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {187463A0-5BB7-11D3-ACBE-0080C75E246E}
- Name : WM ASF Reader
- Value : C:\Windows\System32\qasf.dll

+ CLSID : {1B544C20-FD0B-11CE-8C63-00AA0044B51E}
- Name : AVI Splitter
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {1DA08500-9EDC-11CF-BC10-00AA00AC74F6}
- Name : VGA 16 Color Ditherer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {1f26a602-2b5c-4b63-b8e8-9ea5c1a7dc2e}
- Name : SBE2MediaTypeProfile
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {212690FB-83E5-4526-8FD7-74478B7939CD}
- Name : Microsoft DTV-DVD Video Decoder
- Value : C:\Windows\System32\msmpeg2vdec.dll

+ CLSID : {280A3020-86CF-11D1-ABE6-00A0C905F375}
- Name : AC3 Parser Filter
- Value : C:\Windows\System32\mpg2splt.ax

+ CLSID : {2DB47AE5-CF39-43C2-B4D6-0CD8D90946F4}
- Name : StreamBufferSink
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {301056D0-6DFF-11D2-9EEB-006008039E37}
- Name : MJPEG Decompressor
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {336475D0-942A-11CE-A870-00AA002FEAB5}
- Name : MPEG-I Stream Splitter
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {33FACFE0-A9BE-11D0-A520-00A0D10129C0}
- Name : SAMI (CC) Parser
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {370A1D5D-DDEB-418C-81CD-189E0D4FA443}
- Name : VBI Codec
- Value : C:\Windows\System32\VBICodec.ax

+ CLSID : {3AE86B20-7BE8-11D1-ABE6-00A0C905F375}
- Name : MPEG-2 Splitter
- Value : C:\Windows\System32\mpg2splt.ax

+ CLSID : {3D07A539-35CA-447C-9B05-8D85CE924F9E}
- Name : Closed Captions Analysis Filter
- Value : C:\Windows\System32\cca.dll

+ CLSID : {3E458037-0CA6-41aa-A594-2AA6C02D709B}
- Name : SBE2FileScan
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {42150CD9-CA9A-4EA5-9939-30EE037F6E74}
- Name : Microsoft MPEG-2 Video Encoder
- Value : C:\Windows\System32\msmpeg2enc.dll

+ CLSID : {48025243-2D39-11CE-875D-00608CB78066}
- Name : Internal Script Command Renderer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {4A2286E0-7BEF-11CE-9BD9-0000E202599C}
- Name : MPEG Audio Decoder
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {4EB31670-9FC6-11CF-AF6E-00AA00B67A42}
- Name : DV Splitter
- Value : C:\Windows\System32\qdv.dll

+ CLSID : {51B4ABF3-748F-4E3B-A276-C828330E926A}
- Name : Video Mixing Renderer 9
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {5F5AFF4A-2F7F-4279-88C2-CD88EB39D144}
- Name : Microsoft MPEG-2 Encoder
- Value : C:\Windows\System32\msmpeg2enc.dll

+ CLSID : {6A08CF80-0E18-11CF-A24D-0020AFD79767}
- Name : ACM Wrapper
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}
- Name : Video Renderer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {6CFAD761-735D-4AA5-8AFC-AF91A7D61EBA}
- Name : MPEG-2 Video Stream Analyzer
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {6E8D4A20-310C-11D0-B79A-00AA003767A7}
- Name : Line 21 Decoder
- Value : CLSID is not set in HKCR\CLSID\

+ CLSID : {6F26A6CD-967B-47FD-874A-7AED2C9D25A2}
- Name : Video Port Manager
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {70E102B0-5556-11CE-97C0-00AA0055595A}
- Name : Video Renderer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {7B3BC2A0-AA50-4ae7-BD44-B03649EC87C2}
- Name : VPS Decoder
- Value : C:\Windows\System32\WSTPager.ax

+ CLSID : {7C23220E-55BB-11D3-8B16-00C04FB6BD3D}
- Name : WM ASF Writer
- Value : C:\Windows\System32\qasf.dll

+ CLSID : {814B9800-1C88-11D1-BAD9-00609744111A}
- Name : VBI Surface Allocator
- Value : %SystemRoot%\System32\vbisurf.ax

+ CLSID : {8596E5F0-0DA5-11D0-BD21-00A0C911CE86}
- Name : File writer
- Value : C:\Windows\System32\qcap.dll

+ CLSID : {9B8C4620-2C1A-11D0-8493-00A02438AD48}
- Name : DVD Navigator
- Value : C:\Windows\System32\qdvd.dll

+ CLSID : {A0025E90-E45B-11D1-ABE9-00A0C905F375}
- Name : Overlay Mixer2
- Value : CLSID is not set in HKCR\CLSID\

+ CLSID : {A888DF60-1E90-11CF-AC98-00AA004C0FA9}
- Name : AVI Draw
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {ACD453BC-C58A-44D1-BBF5-BFB325BE2D78}
- Name : Microsoft MPEG-2 Audio Encoder
- Value : C:\Windows\System32\msmpeg2enc.dll

+ CLSID : {AD6C8934-F31B-4F43-B5E4-0541C1452F6F}
- Name : WST Pager
- Value : C:\Windows\System32\WSTPager.ax

+ CLSID : {AFB6C280-2C41-11D3-8A60-0000F81E0E4A}
- Name : MPEG-2 Demultiplexer
- Value : C:\Windows\System32\mpg2splt.ax

+ CLSID : {B1B77C00-C3E4-11CF-AF79-00AA00B67A42}
- Name : DV Video Decoder
- Value : C:\Windows\System32\qdv.dll

+ CLSID : {C1F400A0-3F08-11D3-9F0B-006008039E37}
- Name : SampleGrabber
- Value : C:\Windows\System32\qedit.dll

+ CLSID : {C1F400A4-3F08-11D3-9F0B-006008039E37}
- Name : Null Renderer
- Value : C:\Windows\System32\qedit.dll

+ CLSID : {C666E115-BB62-4027-A113-82D643FE2D99}
- Name : MPEG-2 Sections and Tables
- Value : C:\Windows\System32\Mpeg2Data.ax

+ CLSID : {C9F5FE02-F851-4EB5-99EE-AD602AF1E619}
- Name : StreamBufferSource
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {CC58E280-8AA1-11D1-B3F1-00AA003761C5}
- Name : Smart Tee
- Value : C:\Windows\System32\qcap.dll

+ CLSID : {CD8743A1-3736-11D0-9E69-00C04FD7C15B}
- Name : Overlay Mixer
- Value : CLSID is not set in HKCR\CLSID\

+ CLSID : {CF49D4E0-1115-11CE-B03A-0020AF0BA770}
- Name : AVI Decompressor
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D3588AB0-0781-11CE-B03A-0020AF0BA770}
- Name : AVI/WAV File Source
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D51BD5A1-7548-11CF-A520-0080C77EF58A}
- Name : Wave Parser
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D51BD5A2-7548-11CF-A520-0080C77EF58A}
- Name : MIDI Parser
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D51BD5A3-7548-11CF-A520-0080C77EF58A}
- Name : Multi-file Parser
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D51BD5A5-7548-11CF-A520-0080C77EF58A}
- Name : File stream renderer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {E2448508-95DA-4205-9A27-7EC81E723B1A}
- Name : StreamBufferSink2
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {E2510970-F137-11CE-8B67-00AA00A3F1A6}
- Name : AVI Mux
- Value : C:\Windows\System32\qcap.dll

+ CLSID : {E4206432-01A1-4BEE-B3E1-3702C8EDC574}
- Name : Line 21 Decoder 2
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {E436EBB5-524F-11CE-9F53-0020AF0BA770}
- Name : File Source (Async.)
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {E436EBB6-524F-11CE-9F53-0020AF0BA770}
- Name : File Source (URL)
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {F8388A40-D5BB-11D0-BE5A-0080C706568E}
- Name : Infinite Pin Tee Filter
- Value : C:\Windows\System32\qcap.dll

+ CLSID : {FA10746C-9B63-4B6C-BC49-FC300EA5F256}
- Name : Enhanced Video Renderer
- Value : C:\Windows\System32\evr.dll

+ CLSID : {FC772AB0-0C7F-11D3-8FF2-00A0C9224CF4}
- Name : BDA MPEG2 Transport Information Filter
- Value : C:\Windows\System32\psisrndr.ax

+ CLSID : {FEB50740-7BEF-11CE-9BD9-0000E202599C}
- Name : MPEG Video Decoder
- Value : C:\Windows\System32\quartz.dll


+ HKLM\Software\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance
+ CLSID : {5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}
- Name : Microsoft Camera Raw Decoder
- Value : C:\Windows\System32\WindowsCodecsRaw.dll


+ HKLM\Software\Wow6432Node\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance
+ CLSID : {5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}
- Name : Microsoft Camera Raw Decoder
- Value : C:\Windows\System32\WindowsCodecsRaw.dll


70617 - Microsoft Windows AutoRuns Explorer
-
Synopsis
Reports programs that startup associates with the explorer process.
Description
Report the startup locations associated with the explorer.exe process.

These items could add controls to menus, add extensions for common protocols such as HTTP or FTP, or set control user activity with the desktop and control panels.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2024/03/26
Plugin Output

tcp/0


+ HKLM\SOFTWARE\Classes\Protocols\Handler
+ CLSID : {3050F406-98B5-11CF-BB82-00AA00BDCE0B}
- Name : about
- Value : C:\Windows\System32\mshtml.dll

+ CLSID : {3dd53d40-7b8b-11D0-b013-00aa0059ce02}
- Name : cdl
- Value : C:\Windows\System32\urlmon.dll

+ CLSID : {5513F07E-936B-4E52-9B00-067394E91CC5}
- Name : dssrequest
- Value : C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll

+ CLSID : {12D51199-0DB5-46FE-A120-47A3D7D937CC}
- Name : dvd
- Value : C:\Windows\System32\msvidctl.dll

+ CLSID : {79eac9e7-baf9-11ce-8c82-00aa004ba90b}
- Name : file
- Value : C:\Windows\System32\urlmon.dll

+ CLSID : {79eac9e3-baf9-11ce-8c82-00aa004ba90b}
- Name : ftp
- Value : C:\Windows\System32\urlmon.dll

+ CLSID : {79eac9e2-baf9-11ce-8c82-00aa004ba90b}
- Name : http
- Value : C:\Windows\System32\urlmon.dll

+ CLSID : {79eac9e5-baf9-11ce-8c82-00aa004ba90b}
- Name : https
- Value : C:\Windows\System32\urlmon.dll

+ CLSID : {9D148291-B9C8-11D0-A4CC-0000F80149F6}
- Name : its
- Value : C:\Windows\System32\itss.dll

+ CLSID : {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}
- Name : javascript
- Value : C:\Windows\System32\mshtml.dll

+ CLSID : {79eac9e7-baf9-11ce-8c82-00aa004ba90b}
- Name : local
- Value : C:\Windows\System32\urlmon.dll

+ CLSID : {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}
- Name : mailto
- Value : C:\Windows\System32\mshtml.dll

+ CLSID : {05300401-BCBC-11d0-85E3-00C04FD85AB4}
- Name : mhtml
- Value : C:\Windows\System32\inetcomm.dll

+ CLSID : {79eac9e6-baf9-11ce-8c82-00aa004ba90b}
- Name : mk
- Value : C:\Windows\System32\urlmon.dll

+ CLSID : {9D148291-B9C8-11D0-A4CC-0000F80149F6}
- Name : ms-its
- Value : C:\Windows\System32\itss.dll

+ CLSID : {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}
- Name : res
- Value : C:\Windows\System32\mshtml.dll

+ CLSID : {5513F07E-936B-4E52-9B00-067394E91CC5}
- Name : sacore
- Value : C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll

+ CLSID : {14654CA6-5711-491D-B89A-58E571679951}
- Name : tbauth
- Value : C:\Windows\System32\tbauth.dll

+ CLSID : {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}
- Name : tv
- Value : C:\Windows\System32\msvidctl.dll

+ CLSID : {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}
- Name : vbscript
- Value : C:\Windows\System32\mshtml.dll

+ CLSID : {14654CA6-5711-491D-B89A-58E571679951}
- Name : windows.tbauth
- Value : C:\Windows\System32\tbauth.dll


+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
+ CLSID : {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
- Name : webcheck
- Value :


+ HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
+ CLSID : {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
- Name : webcheck
- Value :


+ HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
+ CLSID : {09A47860-11B0-4DA5-AFA5-26D86198A780}
- Name : EPP
- Value :

+ CLSID : {e2bf9676-5f8f-435c-97eb-11607a5bedf7}
- Name : ModernSharing
- Value : %SystemRoot%\system32\ntshrui.dll

+ CLSID : {09799AFB-AD67-11d1-ABCD-00C04FC30936}
- Name : Open With
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {A470F8CF-A1E8-4f65-8335-227475AA5C46}
- Name : Open With EncryptionMenu
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
- Name : Sharing
- Value : %SystemRoot%\system32\ntshrui.dll

+ CLSID : {90AA3A4E-1CBA-4233-B8BB-535773D48449}
- Name : Taskband Pin
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
- Name : Start Menu Pin
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {EA485C0C-93BB-48C3-AE57-6399F85F0F7E}
- Name : rcScanMenuHandler.RCContextMenuExt
- Value : C:\Program Files\McAfee\Endpoint Security\Threat Prevention\rcScanMenuHandler.dll


+ HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers
+ CLSID : {7444C719-39BF-11D1-8CD9-00C04FC29D45}
- Name : CryptoSignMenu
- Value : %SystemRoot%\system32\cryptext.dll

+ CLSID : {748F920F-FB24-4D09-B360-BAF6F199AD6D}
- Name : FCI Properties
- Value : C:\Windows\System32\srmshell.dll

+ CLSID : {1f2e5c40-9550-11ce-99d2-00aa006e086c}
- Name :
- Value : %SystemRoot%\system32\rshx32.dll

+ CLSID : {3EA48300-8CF6-101B-84FB-666CCB9BCD32}
- Name : OLE DocFile Property Page
- Value : %SystemRoot%\system32\docprop.dll

+ CLSID : {883373C3-BF89-11D1-BE35-080036B11A03}
- Name : Summary Properties Page
- Value : %SystemRoot%\system32\shell32.dll


+ HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
+ CLSID : {f3d06e7c-1e45-4a26-847e-f9fcdee59be0}
- Name : CopyAsPathMenu
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {7BA4C740-9E81-11CF-99D3-00AA004AE837}
- Name : SendTo
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {474C98EE-CF3D-41f5-80E3-4AAB0AB04301}
- Name :
- Value : %SystemRoot%\System32\cscui.dll

+ CLSID : {596AB062-B4D2-4215-9F74-E9109B0A8153}
- Name :
- Value : %SystemRoot%\system32\twext.dll

+ CLSID : {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
- Name : Start Menu Pin
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {EA485C0C-93BB-48C3-AE57-6399F85F0F7E}
- Name : rcScanMenuHandler.RCContextMenuExt
- Value : C:\Program Files\McAfee\Endpoint Security\Threat Prevention\rcScanMenuHandler.dll


+ HKLM\Software\Classes\AllFileSystemObjects\ShellEx\PropertySheetHandlers
+ CLSID : {596AB062-B4D2-4215-9F74-E9109B0A8153}
- Name :
- Value : %SystemRoot%\system32\twext.dll

+ CLSID : {7EFA68C6-086B-43e1-A2D2-55A113531240}
- Name :
- Value : %SystemRoot%\System32\cscui.dll


+ HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
+ CLSID : {A470F8CF-A1E8-4f65-8335-227475AA5C46}
- Name : EncryptionMenu
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {09A47860-11B0-4DA5-AFA5-26D86198A780}
- Name : EPP
- Value :

+ CLSID : {474C98EE-CF3D-41f5-80E3-4AAB0AB04301}
- Name : Offline Files
- Value : %SystemRoot%\System32\cscui.dll

+ CLSID : {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
- Name : Sharing
- Value : %SystemRoot%\system32\ntshrui.dll

+ CLSID : {596AB062-B4D2-4215-9F74-E9109B0A8153}
- Name :
- Value : %SystemRoot%\system32\twext.dll

+ CLSID : {EA485C0C-93BB-48C3-AE57-6399F85F0F7E}
- Name : rcScanMenuHandler.RCContextMenuExt
- Value : C:\Program Files\McAfee\Endpoint Security\Threat Prevention\rcScanMenuHandler.dll


+ HKLM\Software\Classes\Directory\Shellex\PropertySheetHandlers
+ CLSID : {7EFA68C6-086B-43e1-A2D2-55A113531240}
- Name : Offline Files
- Value : %SystemRoot%\System32\cscui.dll

+ CLSID : {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
- Name : Sharing
- Value : %SystemRoot%\system32\ntshrui.dll

+ CLSID : {1f2e5c40-9550-11ce-99d2-00aa006e086c}
- Name :
- Value : %SystemRoot%\system32\rshx32.dll

+ CLSID : {4a7ded0a-ad25-11d0-98a8-0800361b1103}
- Name :
- Value : %SystemRoot%\system32\mydocs.dll

+ CLSID : {596AB062-B4D2-4215-9F74-E9109B0A8153}
- Name :
- Value : %SystemRoot%\system32\twext.dll

+ CLSID : {ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}
- Name :
- Value : C:\Windows\System32\DfsShlEx.dll

+ CLSID : {ef43ecfe-2ab9-4632-bf21-58909dd177f0}
- Name :
- Value : %SystemRoot%\system32\shell32.dll


+ HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers
+ CLSID : {217FC9C0-3AEA-1069-A2DB-08002B30309D}
- Name : FileSystem
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {40dd6e20-7c17-11ce-a804-00aa003ca9f6}
- Name : Sharing
- Value : %SystemRoot%\system32\ntshrui.dll


+ HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
+ CLSID : {D969A300-E7FF-11d0-A93B-00A0C90F2719}
- Name : New
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
- Name : Sharing
- Value : %SystemRoot%\system32\ntshrui.dll


+ HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
+ CLSID : {3dad6c5d-2167-4cae-9914-f99e41c12cfa}
- Name : Library Location
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {474C98EE-CF3D-41f5-80E3-4AAB0AB04301}
- Name : Offline Files
- Value : %SystemRoot%\System32\cscui.dll

+ CLSID : {470C0EBD-5D73-4d58-9CED-E91E22E23282}
- Name : PintoStartScreen
- Value : C:\Windows\System32\appresolver.dll

+ CLSID : {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
- Name : Start Menu Pin
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {EA485C0C-93BB-48C3-AE57-6399F85F0F7E}
- Name : rcScanMenuHandler.RCContextMenuExt
- Value : C:\Program Files\McAfee\Endpoint Security\Threat Prevention\rcScanMenuHandler.dll


+ HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers
+ CLSID : {BD472F60-27FA-11cf-B8B4-444553540000}
- Name :
- Value : %SystemRoot%\system32\zipfldr.dll


+ HKLM\Software\Classes\Folder\ShellEx\PropertySheetHandlers
+ CLSID : {748F920F-FB24-4D09-B360-BAF6F199AD6D}
- Name : FCI Properties
- Value : C:\Windows\System32\srmshell.dll

+ CLSID : {7EFA68C6-086B-43e1-A2D2-55A113531240}
- Name : Offline Files
- Value : %SystemRoot%\System32\cscui.dll


+ HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
+ CLSID : {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}
- Name : EnhancedStorageShell
- Value : C:\Windows\System32\EhStorShell.dll

+ CLSID : {4E77131D-3629-431c-9818-C5679DC83E81}
- Name : Offline Files
- Value : %SystemRoot%\System32\cscui.dll


70619 - Microsoft Windows AutoRuns Internet Explorer
-
Synopsis
Report programs that startup associates with Internet Explorer.
Description
Report registry startup locations associated with the Internet Explorer (IE) application.

The startup values include Internet Explorer plugins to extend the functionality of IE, browser toolbars, hooks into browser controls, and settings.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2024/03/26
Plugin Output

tcp/0


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ CLSID : {7DB2D5A0-7241-4E79-B68D-6309F01C5231}
- Name : Trellix Endpoint Security ScriptScan
- Value : C:\Program Files\McAfee\Endpoint Security\Threat Prevention\mfeEpSS.Dll

+ CLSID : {B164E929-A1B6-4A06-B104-2CD0E90A88FF}
- Value : C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll


HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ CLSID : {7DB2D5A0-7241-4E79-B68D-6309F01C5231}
- Name : Trellix Endpoint Security ScriptScan
- Value : C:\Program Files\McAfee\Endpoint Security\Threat Prevention\mfeEpSS.Dll

+ CLSID : {B164E929-A1B6-4A06-B104-2CD0E90A88FF}
- Value : C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll


+ HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ CLSID : {0ebbbe48-bad4-4b4c-8e5a-516abecae064}
- Value : C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll

+ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar
+ CLSID : {0ebbbe48-bad4-4b4c-8e5a-516abecae064}
- Value : C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll

70620 - Microsoft Windows AutoRuns Known DLLs
-
Synopsis
DLLs listed to be shared by processes.
Description
The known DLLs registry setting is used to define DLLs that are shared between processes without a process having to search for the DLL location.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2024/03/26
Plugin Output

tcp/0

+ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs
- imagehlp : IMAGEHLP.dll
- shcore : SHCORE.dll
- oleaut32 : OLEAUT32.dll
- normaliz : NORMALIZ.dll
- msvcrt : MSVCRT.dll
- shell32 : SHELL32.dll
- msctf : MSCTF.dll
- gdi32 : gdi32.dll
- nsi : NSI.dll
- advapi32 : advapi32.dll
- coml2 : coml2.dll
- _wowarmhw : wowarmhw.dll
- clbcatq : clbcatq.dll
- wow64win : wow64win.dll
- shlwapi : SHLWAPI.dll
- psapi : PSAPI.DLL
- imm32 : IMM32.dll
- combase : combase.dll
- user32 : user32.dll
- sechost : sechost.dll
- _xtajit : xtajit.dll
- _wow64cpu : wow64cpu.dll
- wow64 : wow64.dll
- rpcrt4 : rpcrt4.dll
- kernel32 : kernel32.dll
- ws2_32 : WS2_32.dll
- wldap32 : WLDAP32.dll
- ole32 : ole32.dll
- difxapi : difxapi.dll
- setupapi : Setupapi.dll
- comdlg32 : COMDLG32.dll
- gdiplus : gdiplus.dll
70613 - Microsoft Windows AutoRuns LSA Providers
-
Synopsis
Programs set to start as Local Security Authority.
Description
An LSA (Local Security Authority) is an application that can be used to authorize users to their systems. The reported autoruns are available to provide this service or features to this service.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2024/03/26
Plugin Output

tcp/0



+ HKLM\SYSTEM\CurrentControlSet\Control\Lsa\authentication packages
- msv1_0


+ HKLM\SYSTEM\CurrentControlSet\Control\Lsa\notification packages
- rassfm
- scecli
- evema_password_filter


+ HKLM\SYSTEM\CurrentControlSet\Control\Lsa\security packages
- ""
70621 - Microsoft Windows AutoRuns Logon
-
Synopsis
Report programs that start-up from the most common registry locations.
Description
Report the most common startup locations used by programs. These are commonly associated with programs that start automatically when the computer is turned on, users log in, users log off, or remote sessions are started.

Such keys can be set from a program install, GPO, or through a malicious process to maintain persistence.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2024/03/26
Plugin Output

tcp/0


+ HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd
- rdpclip


+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit
- C:\Windows\system32\userinit.exe


+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\vmapplet
- SystemPropertiesPerformance.exe /pagefile


+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell
- explorer.exe


+ HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot
- AlternateShell : cmd.exe


+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- Name : securityhealth
- Value : %windir%\system32\SecurityHealthSystray.exe


+ HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
- Name : mcafeeupdaterui
- Value : "C:\Program Files\McAfee\Agent\x86\UpdaterUI.exe" /StartedFromRunKey


+ HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
+ CLSID : >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
- Name : Microsoft Windows Media Player
- Value : %SystemRoot%\system32\unregmp2.exe /ShowWMP

+ CLSID : {2C7339CF-2B09-4501-B3F3-F3508C9228ED}
- Name : Themes Setup
- Value : /UserInstall

+ CLSID : {6BF52A52-394A-11d3-B153-00C04F79FAA6}
- Name : Microsoft Windows Media Player
- Value : %SystemRoot%\system32\unregmp2.exe /FirstLogon

+ CLSID : {89820200-ECBD-11cf-8B85-00AA005B4340}
- Name : Windows Desktop Update
- Value : U

+ CLSID : {89820200-ECBD-11cf-8B85-00AA005B4383}
- Name : Web Platform Customizations
- Value : C:\Windows\System32\ie4uinit.exe -UserConfig

+ CLSID : {89B4C1CD-B018-4511-B0A1-5476DBF70820}
- Name :
- Value : C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install

+ CLSID : {A509B1A7-37EF-4b3f-8CFC-4F3A74704073}
- Name : Applying Enhanced Security Configuration
- Value : "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iesetup.dll",IEHardenAdmin

+ CLSID : {A509B1A8-37EF-4b3f-8CFC-4F3A74704073}
- Name : Applying Enhanced Security Configuration
- Value : "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iesetup.dll",IEHardenUser


+ HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components
+ CLSID : >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
- Name : Microsoft Windows Media Player
- Value : %SystemRoot%\system32\unregmp2.exe /ShowWMP

+ CLSID : {6BF52A52-394A-11d3-B153-00C04F79FAA6}
- Name : Microsoft Windows Media Player
- Value : %SystemRoot%\system32\unregmp2.exe /FirstLogon

+ CLSID : {89B4C1CD-B018-4511-B0A1-5476DBF70820}
- Name :
- Value : C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install


+ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
- iconservicelib : IconCodecService.dll
- Load :


70622 - Microsoft Windows AutoRuns Network Providers
-
Synopsis
Report programs set to automatically start-up as a Network Provider.
Description
The DLLs listed under the registry key are used to provide network services for new protocols.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2024/03/26
Plugin Output

tcp/0


+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order\ProviderOrder
- RDPNP : %SystemRoot%\System32\drprov.dll
- LanmanWorkstation : %SystemRoot%\System32\ntlanman.dll

+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\HwOrder\ProviderOrder
- RDPNP : %SystemRoot%\System32\drprov.dll
- LanmanWorkstation : %SystemRoot%\System32\ntlanman.dll
70623 - Microsoft Windows AutoRuns Print Monitor
-
Synopsis
Report programs set to start automatically as a print monitor.
Description
Report the DLLs that control print monitor functions for multiple programs and systems.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2024/03/26
Plugin Output

tcp/0

+ HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
- Local Port : localspl.dll
- Standard TCP/IP Port : tcpmon.dll
- USB Monitor : usbmon.dll
- WSD Port : APMon.dll
70618 - Microsoft Windows AutoRuns Registry Hijack Possible Locations
-
Synopsis
Report common registry keys used to hijack execution.
Description
Report common registry keys that can be used to hijack system process execution.

These registry keys can be used to either replace execution or shim a process in the middle of execution to hijack control. Confirm that everything listed here is set to the appropriate settings and that it doesn't look like another process is taking control of the process's execution.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2024/03/26
Plugin Output

tcp/0


+ HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command
- Command : "%1" %*


+ HKLM\Software\Classes\.exe : exefile
- open : "%1" %*
- runas : "%1" %*
- runasuser :


+ HKLM\Software\Classes\.cmd : cmdfile
- edit : %SystemRoot%\System32\NOTEPAD.EXE %1
- open : "%1" %*
- print : %SystemRoot%\System32\NOTEPAD.EXE /p %1
- runas : %SystemRoot%\System32\cmd.exe /C "%1" %*
- runasuser :


+ HKLM\Software\Classes\.htm : htmlfile
- open : "C:\Program Files\Internet Explorer\iexplore.exe" %1
- print : "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
- printto : "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4"


+ HKLM\Software\Classes\.html : htmlfile
- open : "C:\Program Files\Internet Explorer\iexplore.exe" %1
- print : "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
- printto : "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4"


+ HKLM\Software\Classes\.docx : docxfile
- open : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
- print : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" /p "%1"
- printto : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" /pt "%1" "%2" "%3" "%4"


+ HKLM\Software\Classes\.vbs : VBSFile
- Edit : "%SystemRoot%\System32\Notepad.exe" %1
- Open : "%SystemRoot%\System32\WScript.exe" "%1" %*
- Open2 : "%SystemRoot%\System32\CScript.exe" "%1" %*
- Print : "%SystemRoot%\System32\Notepad.exe" /p %1


+ HKLM\Software\Classes\.txt : txtfile
- open : %SystemRoot%\system32\NOTEPAD.EXE %1
- print : %SystemRoot%\system32\NOTEPAD.EXE /p %1
- printto : %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"


+ HKLM\Software\Classes\.xml : xmlfile
- Open : "C:\Program Files\Internet Explorer\iexplore.exe" %1


+ HKLM\Software\Classes\.pif : piffile
- open : "%1" %*


+ HKLM\Software\Classes\.txt : txtfile
- open : %SystemRoot%\system32\NOTEPAD.EXE %1
- print : %SystemRoot%\system32\NOTEPAD.EXE /p %1
- printto : %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"



70624 - Microsoft Windows AutoRuns Report
-
Synopsis
Generate a CSV report of all autoruns.
Description
Collect all autoruns listed in the Windows autoruns plugins and report the primary content in a CSV report.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2024/03/26
Plugin Output

tcp/0


+Enabled Autoruns Detection Types
- Boot Execute
- LSA Provider
- Known DLLs
- WinLogon
- Winsock Provider
- Service
- Explorer
- Logon
- Codecs
- Driver
- Image Hijack
- Network Provider
- Scheduled Tasks
- Print Monitor
- Internet Explorer


The attached CSV contains information about Windows autoruns.
70625 - Microsoft Windows AutoRuns Scheduled Tasks
-
Synopsis
Report processes that start-up via the scheduled task manager.
Description
This plugin lists the scheduled tasks for the system. The scheduled tasks are often used to update software, for systems administrators to run processes, and can be used by malware to spread on systems.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2024/03/26
Plugin Output

tcp/0


+ Task
+ RegistrationInfo
- Author : ExplorerShellUnelevated
- URI : ¥CreateExplorerShellUnelevatedTask
+ Principals
+ Principal
- UserId : S-1-5-21-3388008032-3793481426-1508724218-500
- LogonType : InteractiveToken
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
- Priority : 6
- StartWhenAvailable : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ RegistrationTrigger
+ Actions
+ Exec
- Command : C:¥Windows¥explorer.exe
- Arguments : /NOUACCHECK

+ Task
+ RegistrationInfo
- Author : WIN-BR6UR6DVING¥Administrator
- Description : 古いシステム フィードを更新します。
- URI : ¥User_Feed_Synchronization-{8B37A36B-3A93-431C-B24F-51E7D6FBDAB4}
+ Principals
+ Principal
- UserId : S-1-5-21-3388008032-3793481426-1508724218-500
- LogonType : InteractiveToken
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ CalendarTrigger
- StartBoundary : 2024-04-22T15:54:11+09:00
- EndBoundary : 2034-04-22T15:54:11+09:00
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : C:¥Windows¥system32¥msfeedssync.exe
- Arguments : sync

+ Task
+ RegistrationInfo
- Date : 2024-02-27T10:37:17.8032464
- Author : EMSOCCS1¥Administrator
- URI : ¥EMSOCCS¥01_アカウントロックイベント通知
+ Principals
+ Principal
- UserId : S-1-5-21-3388008032-3793481426-1508724218-500
- LogonType : Password
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : Parallel
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ EventTrigger
- Subscription : <QueryList><Query Id="0" Path="Security"><Select Path="Security">*[System[EventID=4740]]</Select></Query></QueryList>
- ValueQueries
- Value : Event/EventData/Data[@Name="TargetDomainName"] : Event/EventData/Data[@Name="TargetUserName"]
+ Actions
+ Exec
- Command : powershell
- Arguments : -ExecutionPolicy Bypass C:¥newscp¥mod-scripts¥01_AccountLockNotify.ps1 $(TargetDomainName) $(TargetUserName)

+ Task
+ RegistrationInfo
- Date : 2024-02-29T16:26:02.2513573
- Author : EMSOCCS1¥Administrator
- URI : ¥EMSOCCS¥02_EventLogサービスの稼働監視
+ Principals
+ Principal
- UserId : S-1-5-21-3388008032-3793481426-1508724218-500
- LogonType : Password
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : Parallel
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ TimeTrigger
- StartBoundary : 2024-02-29T16:21:49
+ Repetition
- Interval : PT1M
+ Actions
+ Exec
- Command : powershell
- Arguments : -ExecutionPolicy Bypass C:¥newscp¥mod-scripts¥02_EventLogServiceStopNotify.ps1

+ Task
+ RegistrationInfo
- Date : 2024-02-29T16:26:02.2513573
- Author : EMSOCCS1¥Administrator
- URI : ¥EMSOCCS¥03_Rsyslogサービスの稼働監視
+ Principals
+ Principal
- UserId : S-1-5-21-3388008032-3793481426-1508724218-500
- LogonType : Password
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : Parallel
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ TimeTrigger
- StartBoundary : 2024-02-29T16:21:49
+ Repetition
- Interval : PT1M
+ Actions
+ Exec
- Command : powershell
- Arguments : -ExecutionPolicy Bypass C:¥newscp¥mod-scripts¥03_RsyslogServiceStopNotify.ps1

+ Task
+ RegistrationInfo
- Date : 2024-02-29T16:26:02.2513573
- Author : EMSOCCS1¥Administrator
- URI : ¥EMSOCCS¥04_相互監視(masked_hostname用)TaskSchedulerサービスの稼働監視
+ Principals
+ Principal
- UserId : S-1-5-21-3388008032-3793481426-1508724218-500
- LogonType : Password
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : Parallel
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ TimeTrigger
- StartBoundary : 2024-02-29T16:21:49
+ Repetition
- Interval : PT1M
+ Actions
+ Exec
- Command : powershell
- Arguments : -ExecutionPolicy Bypass C:¥newscp¥mod-scripts¥04_TaskSchedulerServiceStopNotify.ps1 AD-SERVER-2

+ Task
+ RegistrationInfo
- Author : $(@%systemroot%¥system32¥SrvInitConfig.exe,-100)
- Description : $(@%systemroot%¥system32¥SrvInitConfig.exe,-101)
- URI : ¥Microsoft¥Windows¥Server Initial Configuration Task
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ BootTrigger
+ Actions
+ Exec
- Command : %windir%¥system32¥srvinitconfig.exe
- Arguments : /disableconfigtask

+ Task
+ RegistrationInfo
- Date : 2010-09-30T14:53:37.9516706
- SecurityDescriptor : D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)(A;;FRFX;;;LS)
- URI : ¥Microsoft¥Windows¥.NET Framework¥.NET Framework NGEN v4.0.30319
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT2H
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P2D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {84F0FAE1-C27B-4F6F-807B-28CF6F96287D}
- Data : /RuntimeWide

+ Task
+ RegistrationInfo
- Date : 2010-09-30T14:53:37.9516706
- SecurityDescriptor : D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)(A;;FRFX;;;LS)
- URI : ¥Microsoft¥Windows¥.NET Framework¥.NET Framework NGEN v4.0.30319 64
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT2H
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P2D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {429BC048-379E-45E0-80E4-EB1977941B5C}
- Data : /RuntimeWide

+ Task
+ RegistrationInfo
- Date : 2010-09-30T14:53:37.9516706
- SecurityDescriptor : D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)(A;;FRFX;;;LS)
- URI : ¥Microsoft¥Windows¥.NET Framework¥.NET Framework NGEN v4.0.30319 64 Critical
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT2H
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- WakeToRun : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P2D
+ Triggers
+ IdleTrigger
+ Actions
+ ComHandler
- ClassId : {613FBA38-A3DF-4AB8-9674-5604984A299A}
- Data : /RuntimeWide

+ Task
+ RegistrationInfo
- Date : 2010-09-30T14:53:37.9516706
- SecurityDescriptor : D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)(A;;FRFX;;;LS)
- URI : ¥Microsoft¥Windows¥.NET Framework¥.NET Framework NGEN v4.0.30319 Critical
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT2H
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- WakeToRun : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P2D
+ Triggers
+ IdleTrigger
+ Actions
+ ComHandler
- ClassId : {DE434264-8FE9-4C0B-A83B-89EBEEBFF78E}
- Data : /RuntimeWide

+ Task
+ RegistrationInfo
- Date : 2006-11-10T14:29:55.5851926
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)
- Author : $(@%systemRoot%¥System32¥msdrm.dll,-6001)
- Description : $(@%systemRoot%¥System32¥msdrm.dll,-6002)
- URI : ¥Microsoft¥Windows¥Active Directory Rights Management Services Client¥AD RMS Rights Policy Template Management (Automated)
+ Principals
+ Principal
- GroupId : S-1-1-0
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : Parallel
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ CalendarTrigger
- StartBoundary : 2006-11-09T03:00:00
- RandomDelay : PT1H
+ ScheduleByDay
- DaysInterval : 1
+ LogonTrigger
- Delay : PT1H
+ Actions
+ ComHandler
- ClassId : {CF2CF428-325B-48D3-8CA8-7633E36E5A32}

+ Task
+ RegistrationInfo
- Date : 2006-11-10T14:29:55.5851926
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)
- Author : $(@%systemRoot%¥System32¥msdrm.dll,-6001)
- Description : $(@%systemRoot%¥System32¥msdrm.dll,-6003)
- URI : ¥Microsoft¥Windows¥Active Directory Rights Management Services Client¥AD RMS Rights Policy Template Management (Manual)
+ Principals
+ Principal
- GroupId : S-1-1-0
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : Parallel
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
- Enabled : false
- Delay : PT1H
+ Actions
+ ComHandler
- ClassId : {BF5CB148-7C77-4D8A-A53E-D81C70CF743C}

+ Task
+ RegistrationInfo
- Date : 2015-02-09T10:54:13.9629482
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;S-1-5-87-2978287140-3787137133-1749738600-1988163579-2060695581)
- Source : $(@%SystemRoot%¥system32¥ApplockerCsp.dll,-101)
- Author : $(@%SystemRoot%¥system32¥ApplockerCsp.dll,-100)
- Description : $(@%SystemRoot%¥system32¥ApplockerCsp.dll,-102)
- URI : ¥Microsoft¥Windows¥AppID¥EDP Policy Manager
+ Principals
+ Principal
- UserId : S-1-5-19
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7588BCA328009213
+ WnfStateChangeTrigger
- StateName : 75E0BCA328009213
+ Actions
+ ComHandler
- ClassId : {DECA92E0-AF85-439E-9204-86679978DA08}
- Data : EdpPolicyManager

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)
- Source : $(@%systemroot%¥system32¥appidsvc.dll,-300)
- Author : $(@%systemroot%¥system32¥appidsvc.dll,-301)
- Description : $(@%systemroot%¥system32¥appidsvc.dll,-302)
- URI : ¥Microsoft¥Windows¥AppID¥PolicyConverter
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- MultipleInstancesPolicy : Queue
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ Exec
- Command : %windir%¥system32¥appidpolicyconverter.exe

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)
- Source : $(@%systemroot%¥system32¥appidsvc.dll,-200)
- Author : $(@%systemroot%¥system32¥appidsvc.dll,-201)
- Description : $(@%systemroot%¥system32¥appidsvc.dll,-202)
- URI : ¥Microsoft¥Windows¥AppID¥VerifiedPublisherCertStoreCheck
+ Principals
+ Principal
- UserId : S-1-5-19
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- MultipleInstancesPolicy : Queue
- Priority : 10
- StartWhenAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- Duration : PT3M
- WaitTimeout : PT23H
- StopOnIdleEnd : true
- RestartOnIdle : true
- UseUnifiedSchedulingEngine : true
+ Triggers
+ BootTrigger
- Delay : PT30M
+ Repetition
- Interval : P1D
+ Actions
+ Exec
- Command : %windir%¥system32¥appidcertstorecheck.exe

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FRFX;;;LS)
- Source : $(@%SystemRoot%¥system32¥appraiser.dll,-500)
- Author : $(@%SystemRoot%¥system32¥appraiser.dll,-501)
- Description : $(@%SystemRoot%¥system32¥appraiser.dll,-502)
- URI : ¥Microsoft¥Windows¥Application Experience¥Microsoft Compatibility Appraiser
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : P4D
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2008-09-01T03:00:00
+ Repetition
- Interval : P1D
- RandomDelay : PT2H
+ WnfStateChangeTrigger
- Enabled : false
- StateName : 750CBCA3290B9641
- Data : 01
+ WnfStateChangeTrigger
- Enabled : false
- StateName : 7510BCA323028B41
- Data : 01
+ Actions
+ Exec
- Command : %windir%¥system32¥compattelrunner.exe

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FRFX;;;LS)
- Source : $(@%SystemRoot%¥system32¥invagent.dll,-701)
- Author : $(@%SystemRoot%¥system32¥invagent.dll,-701)
- Description : $(@%SystemRoot%¥system32¥invagent.dll,-702)
- URI : ¥Microsoft¥Windows¥Application Experience¥ProgramDataUpdater
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
- Priority : 4
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P1DT12H
+ Triggers
+ Actions
+ Exec
- Command : %windir%¥system32¥compattelrunner.exe
- Arguments : -maintenance

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;OICI;FA;;;BA)(A;OICI;FA;;;LA)(A;OICI;FA;;;SY)(A;OICI;FRFX;;;AU)(A;;FRFX;;;LS)
- Source : $(@%SystemRoot%¥system32¥Startupscan.dll,-701)
- Author : $(@%SystemRoot%¥system32¥Startupscan.dll,-701)
- Description : $(@%SystemRoot%¥system32¥Startupscan.dll,-702)
- URI : ¥Microsoft¥Windows¥Application Experience¥StartupAppTask
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : Parallel
- Priority : 4
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P2D
- Deadline : P3D
+ Triggers
+ Actions
+ Exec
- Command : %windir%¥system32¥rundll32.exe
- Arguments : Startupscan.dll,SusRunTask

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;SY)(A;;FRFX;;;BA)(A;;FRFX;;;AU)(A;;FRFX;;;IU)
- Source : $(@%systemroot%¥system32¥AppHostRegistrationVerifier.exe,-10005)
- Author : $(@%systemroot%¥system32¥AppHostRegistrationVerifier.exe,-10004)
- Description : $(@%systemroot%¥system32¥AppHostRegistrationVerifier.exe,-10002)
- URI : ¥Microsoft¥Windows¥ApplicationData¥appuriverifierdaily
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT15M
- MultipleInstancesPolicy : Queue
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P7D
+ Triggers
+ Actions
+ Exec
- Command : %windir%¥system32¥AppHostRegistrationVerifier.exe

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;SY)(A;;FRFX;;;BA)(A;;FRFX;;;AU)(A;;FRFX;;;IU)
- Source : $(@%systemroot%¥system32¥AppHostRegistrationVerifier.exe,-10005)
- Author : $(@%systemroot%¥system32¥AppHostRegistrationVerifier.exe,-10004)
- Description : $(@%systemroot%¥system32¥AppHostRegistrationVerifier.exe,-10002)
- URI : ¥Microsoft¥Windows¥ApplicationData¥appuriverifierinstall
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT15M
- MultipleInstancesPolicy : Queue
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- Delay : PT1M
- StateName : 7508BCA32C7C8741
+ Actions
+ Exec
- Command : %windir%¥system32¥AppHostRegistrationVerifier.exe

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FRFX;;;BA)(A;;FA;;;SY)
- Source : $(@%systemroot%¥system32¥Windows.Storage.ApplicationData.dll,-5001)
- Author : $(@%systemroot%¥system32¥Windows.Storage.ApplicationData.dll,-5002)
- Description : $(@%systemroot%¥system32¥Windows.Storage.ApplicationData.dll,-5003)
- URI : ¥Microsoft¥Windows¥ApplicationData¥CleanupTemporaryState
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P7D
- Deadline : P1M
+ Triggers
+ Actions
+ Exec
- Command : %windir%¥system32¥rundll32.exe
- Arguments : Windows.Storage.ApplicationData.dll,CleanupTemporaryState

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FRFX;;;BA)(A;;FA;;;SY)
- Source : $(@%systemroot%¥system32¥dssvc.dll,-10005)
- Author : $(@%systemroot%¥system32¥dssvc.dll,-10004)
- Description : $(@%systemroot%¥system32¥dssvc.dll,-10006)
- URI : ¥Microsoft¥Windows¥ApplicationData¥DsSvcCleanup
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P1M
+ Triggers
+ Actions
+ Exec
- Command : %windir%¥system32¥dstokenclean.exe

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;GA;;;SY)(A;;FRFX;;;LS)(A;;FA;;;BA)
- URI : ¥Microsoft¥Windows¥AppxDeploymentClient¥Pre-staged app cleanup
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- RunOnlyIfIdle : true
+ IdleSettings
- Duration : PT15M
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P7D
+ Triggers
+ LogonTrigger
- Delay : PT1H
+ Actions
+ Exec
- Command : %windir%¥system32¥rundll32.exe
- Arguments : %windir%¥system32¥AppxDeploymentClient.dll,AppxPreStageCleanupRunTask

+ Task
+ RegistrationInfo
- Source : $(@%systemroot%¥system32¥acproxy.dll,-100)
- Author : $(@%systemroot%¥system32¥acproxy.dll,-101)
- Description : $(@%systemroot%¥system32¥acproxy.dll,-102)
- URI : ¥Microsoft¥Windows¥Autochk¥Proxy
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : P365D
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ BootTrigger
- Delay : PT30M
+ Actions
+ Exec
- Command : %windir%¥system32¥rundll32.exe
- Arguments : /d acproxy.dll,PerformAutochkOperations

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FRFX;;;AU)(A;;FA;;;SY)
- URI : ¥Microsoft¥Windows¥BitLocker¥BitLocker Encrypt All Drives
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7568BCA32B188341
+ Actions
+ ComHandler
- ClassId : {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
- Data : BitLockerEncryptAllDrives

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FRFX;;;AU)(A;;FA;;;SY)
- URI : ¥Microsoft¥Windows¥BitLocker¥BitLocker MDM policy Refresh
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7540BCA32B188341
+ Actions
+ ComHandler
- ClassId : {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
- Data : BitLockerPolicy

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)
- Author : $(@%SystemRoot%¥system32¥BthUdTask.exe,-1002)
- Description : $(@%SystemRoot%¥system32¥BthUdTask.exe,-1001)
- URI : ¥Microsoft¥Windows¥Bluetooth¥UninstallDeviceTask
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- MultipleInstancesPolicy : Parallel
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ Exec
- Command : BthUdTask.exe
- Arguments : $(Arg0)

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)
- Author : $(@%systemRoot%¥System32¥bisrv.dll,-102)
- Description : $(@%systemRoot%¥System32¥bisrv.dll,-103)
- URI : ¥Microsoft¥Windows¥BrokerInfrastructure¥BgTaskRegistrationMaintenanceTask
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT6M
- MultipleInstancesPolicy : IgnoreNew
- Priority : 6
- RunOnlyIfIdle : true
+ IdleSettings
- Duration : PT1S
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P7D
- Deadline : P14D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {E984D939-0E00-4DD9-AC3A-7ACA04745521}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FRFX;;;NS)
- Source : $(@%SystemRoot%¥system32¥ngctasks.dll,-101)
- Author : $(@%SystemRoot%¥system32¥ngctasks.dll,-100)
- Description : $(@%SystemRoot%¥system32¥ngctasks.dll,-103)
- URI : ¥Microsoft¥Windows¥CertificateServicesClient¥AikCertEnrollTask
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : Queue
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7510BCA323098541
+ Actions
+ ComHandler
- ClassId : {47E30D54-DAC1-473A-AFF7-2355BF78881F}
- Data : AIKCertEnroll

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FRFX;;;NS)
- Source : $(@%SystemRoot%¥system32¥ngctasks.dll,-101)
- Author : $(@%SystemRoot%¥system32¥ngctasks.dll,-100)
- Description : $(@%SystemRoot%¥system32¥ngctasks.dll,-104)
- URI : ¥Microsoft¥Windows¥CertificateServicesClient¥CryptoPolicyTask
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : Queue
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7530BCA323098541
+ Actions
+ ComHandler
- ClassId : {47E30D54-DAC1-473A-AFF7-2355BF78881F}
- Data : CryptoPolicy

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FRFX;;;NS)
- Source : $(@%SystemRoot%¥system32¥ngctasks.dll,-101)
- Author : $(@%SystemRoot%¥system32¥ngctasks.dll,-100)
- Description : $(@%SystemRoot%¥system32¥ngctasks.dll,-102)
- URI : ¥Microsoft¥Windows¥CertificateServicesClient¥KeyPreGenTask
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : Queue
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7508BCA323098541
+ WnfStateChangeTrigger
- Delay : PT10M
- StateName : 7520BCA323098541
+ WnfStateChangeTrigger
- Delay : PT10M
- StateName : 75C0BCA33E06830D
+ LogonTrigger
- Enabled : false
- Delay : PT10M
+ SessionStateChangeTrigger
- Enabled : false
- Delay : PT10M
- StateChange : ConsoleConnect
+ Actions
+ ComHandler
- ClassId : {47E30D54-DAC1-473A-AFF7-2355BF78881F}
- Data : NGCKeyPregen

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)
- Source : $(@%SystemRoot%¥system32¥dimsjob.dll,-100)
- Author : $(@%SystemRoot%¥system32¥dimsjob.dll,-101)
- Description : $(@%SystemRoot%¥system32¥dimsjob.dll,-102)
- URI : ¥Microsoft¥Windows¥CertificateServicesClient¥SystemTask
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : Parallel
+ RestartOnFailure
- Count : 5
- Interval : PT1M
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7508BCA32A1E890D
+ RegistrationTrigger
+ BootTrigger
- Delay : PT10S
+ Repetition
- Interval : PT8H
+ Actions
+ ComHandler
- ClassId : {58FB76B9-AC85-4E55-AC04-427593B1D060}
- Data : SYSTEM

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)
- Source : $(@%SystemRoot%¥system32¥dimsjob.dll,-100)
- Author : $(@%SystemRoot%¥system32¥dimsjob.dll,-101)
- Description : $(@%SystemRoot%¥system32¥dimsjob.dll,-102)
- URI : ¥Microsoft¥Windows¥CertificateServicesClient¥UserTask
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : Parallel
+ RestartOnFailure
- Count : 5
- Interval : PT1M
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : F510BCA32A1E890D
+ RegistrationTrigger
+ LogonTrigger
+ Repetition
- Interval : PT8H
+ EventTrigger
- ExecutionTimeLimit : PT30M
- Delay : PT25M
+ Repetition
- Interval : PT1H
- Duration : PT4H
- Subscription : <QueryList><Query Id="0" Path="Microsoft-Windows-User Device Registration/Admin"><Select Path="Microsoft-Windows-User Device Registration/Admin">*[System[Provider[@Name='Microsoft-Windows-User Device Registration'] and EventID=300]]</Select></Query></QueryList>
+ Actions
+ ComHandler
- ClassId : {58FB76B9-AC85-4E55-AC04-427593B1D060}
- Data : USER

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFW;;;IU)
- Source : $(@%SystemRoot%¥system32¥dimsjob.dll,-100)
- Author : $(@%SystemRoot%¥system32¥dimsjob.dll,-101)
- Description : $(@%SystemRoot%¥system32¥dimsjob.dll,-102)
- URI : ¥Microsoft¥Windows¥CertificateServicesClient¥UserTask-Roam
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : Parallel
+ RestartOnFailure
- Count : 5
- Interval : PT1M
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ SessionStateChangeTrigger
- StateChange : SessionLock
+ SessionStateChangeTrigger
- StateChange : SessionUnlock
+ Actions
+ ComHandler
- ClassId : {58FB76B9-AC85-4E55-AC04-427593B1D060}
- Data : KEYROAMING

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:AI(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FR;;;AU)
- Source : $(@%systemroot%¥system32¥pstask.dll,-100)
- Author : $(@%systemroot%¥system32¥pstask.dll,-101)
- Description : $(@%systemroot%¥system32¥pstask.dll,-102)
- URI : ¥Microsoft¥Windows¥Chkdsk¥ProactiveScan
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P7D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {CF4270F5-2E43-4468-83B3-A8C45BB33EA1}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FR;;;AU)(A;;FA;;;SY)
- URI : ¥Microsoft¥Windows¥Chkdsk¥SyspartRepair
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7508BCA32C0D8E0A
+ Actions
+ Exec
- Command : %windir%¥system32¥bcdboot.exe
- Arguments : %windir% /sysrepair

+ Task
+ RegistrationInfo
- Date : 2014-01-01T00:00:00
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;GRGX;;;SU)(A;;FA;;;S-1-5-80-65843127-2189646064-2697706863-2125155322-3141006483)(A;;FR;;;S-1-5-87-1452649159-2109950929-2856838567-3638795029-1283063528)
- Source : $(@%SystemRoot%¥system32¥ClipUp.exe,-102)
- Author : $(@%SystemRoot%¥system32¥ClipUp.exe,-100)
- Description : $(@%SystemRoot%¥system32¥ClipUp.exe,-101)
- URI : ¥Microsoft¥Windows¥Clip¥License Validation
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ BootTrigger
- Enabled : false
+ Actions
+ Exec
- Command : %SystemRoot%¥system32¥ClipUp.exe
- Arguments : -p -s -o

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;FA;;;SY)(A;;FRFX;;;IU)
- URI : ¥Microsoft¥Windows¥CloudExperienceHost¥CreateObjectTask
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT1H
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ ComHandler
- ClassId : {E4544ABA-62BF-4C54-AAB2-EC246342626C}

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)
- Source : $(@%systemRoot%¥system32¥wsqmcons.exe,-106)
- Author : $(@%systemRoot%¥system32¥wsqmcons.exe,-108)
- Description : $(@%systemRoot%¥system32¥wsqmcons.exe,-107)
- URI : ¥Microsoft¥Windows¥Customer Experience Improvement Program¥Consolidator
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2004-01-02T00:00:00
+ Repetition
- Interval : PT6H
+ Actions
+ Exec
- Command : %SystemRoot%¥System32¥wsqmcons.exe

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;S-1-5-87-1060603329-121822201-3452730971-4292368946-61207722)(A;;FRFX;;;LS)
- Source : $(@%SystemRoot%¥system32¥usbceip.dll,-601)
- Author : $(@%SystemRoot%¥system32¥usbceip.dll,-600)
- Description : $(@%SystemRoot%¥system32¥usbceip.dll,-602)
- URI : ¥Microsoft¥Windows¥Customer Experience Improvement Program¥UsbCeip
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P7D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {C27F6B1D-FE0B-45E4-9257-38799FA69BC8}
- Data : SYSTEM

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:AI(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FR;;;AU)
- Source : $(@%systemroot%¥system32¥discan.dll,-601)
- Author : $(@%systemroot%¥system32¥discan.dll,-600)
- Description : $(@%systemroot%¥system32¥discan.dll,-602)
- URI : ¥Microsoft¥Windows¥Data Integrity Scan¥Data Integrity Scan
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ CalendarTrigger
- StartBoundary : 2011-01-01T23:00:00
- RandomDelay : P7D
+ ScheduleByWeek
- WeeksInterval : 4
+ DaysOfWeek
+ Saturday
+ BootTrigger
- Enabled : false
- Delay : PT1H
+ Actions
+ ComHandler
- ClassId : {DCFD3EA8-D960-4719-8206-490AE315F94F}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:AI(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FR;;;AU)
- Source : $(@%systemroot%¥system32¥discan.dll,-601)
- Author : $(@%systemroot%¥system32¥discan.dll,-600)
- Description : $(@%systemroot%¥system32¥discan.dll,-603)
- URI : ¥Microsoft¥Windows¥Data Integrity Scan¥Data Integrity Scan for Crash Recovery
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- Priority : 5
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- Delay : PT5M
- StateName : 7508BCA32907950A
+ Actions
+ ComHandler
- ClassId : {DCFD3EA8-D960-4719-8206-490AE315F94F}
- Data : -CrashRecovery

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:AI(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FR;;;AU)
- Source : $(@%systemroot%¥system32¥defragsvc.dll,-800)
- Author : $(@%systemroot%¥system32¥defragsvc.dll,-801)
- Description : $(@%systemroot%¥system32¥defragsvc.dll,-802)
- URI : ¥Microsoft¥Windows¥Defrag¥ScheduledDefrag
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P7D
- Deadline : P1M
+ Triggers
+ Actions
+ Exec
- Command : %windir%¥system32¥defrag.exe
- Arguments : -c -h -k -g -$

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FRFX;;;LS)
- URI : ¥Microsoft¥Windows¥Device Information¥Device
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : P4D
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2008-09-01T03:00:00
+ Repetition
- Interval : P1D
- RandomDelay : PT2H
+ WnfStateChangeTrigger
- Enabled : false
- StateName : 750CBCA3290B9641
- Data : 01
+ Actions
+ Exec
- Command : %windir%¥system32¥devicecensus.exe

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FRFX;;;BA)(A;;FA;;;SY)
- Source : $(@%SystemRoot%¥System32¥DeviceSetupManager.dll,-601)
- Author : $(@%SystemRoot%¥System32¥DeviceSetupManager.dll,-600)
- Description : $(@%SystemRoot%¥System32¥DeviceSetupManager.dll,-602)
- URI : ¥Microsoft¥Windows¥Device Setup¥Metadata Refresh
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Hidden : true
- MultipleInstancesPolicy : Parallel
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P10D
- Deadline : P14D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {23C1F3CF-C110-4512-ACA9-7B6174ECE888}

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)(A;;FRFX;;;LS)
- Source : $(@%systemroot%¥system32¥sdiagschd.dll,-102)
- Author : $(@%systemroot%¥system32¥sdiagschd.dll,-101)
- Description : $(@%systemroot%¥system32¥sdiagschd.dll,-103)
- URI : ¥Microsoft¥Windows¥Diagnosis¥Scheduled
+ Principals
+ Principal
- GroupId : S-1-5-4
- RunLevel : HighestAvailable
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P7D
- Deadline : P1M
+ Triggers
+ Actions
+ ComHandler
- ClassId : {C1F85EF8-BCC2-4606-BB39-70C523715EB3}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)
- URI : ¥Microsoft¥Windows¥DirectX¥DXGIAdapterCache
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- AllowStartOnDemand : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Hidden : true
- MultipleInstancesPolicy : StopExisting
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7580BCA32916C641
+ WnfStateChangeTrigger
- StateName : 7588BCA32916C641
+ Actions
+ Exec
- Command : %windir%¥system32¥dxgiadaptercache.exe

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:AI(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)
- Source : $(@%systemroot%¥system32¥cleanmgr.exe,-1300)
- Author : $(@%systemroot%¥system32¥cleanmgr.exe,-1300)
- Description : $(@%systemroot%¥system32¥cleanmgr.exe,-1301)
- URI : ¥Microsoft¥Windows¥DiskCleanup¥SilentCleanup
+ Principals
+ Principal
- GroupId : S-1-5-32-545
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT15M
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : true
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P1M
+ Triggers
+ Actions
+ Exec
- Command : %windir%¥system32¥cleanmgr.exe
- Arguments : /autoclean /d %systemdrive%

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FRFX;;;LS)
- Source : $(@%SystemRoot%¥System32¥DFDTS.dll,-100)
- Author : $(@%SystemRoot%¥System32¥DFDTS.dll,-101)
- Description : $(@%SystemRoot%¥System32¥DFDTS.dll,-119)
- URI : ¥Microsoft¥Windows¥DiskDiagnostic¥Microsoft-Windows-DiskDiagnosticDataCollector
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : false
- Enabled : false
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P14D
- Deadline : P1M
+ Triggers
+ Actions
+ Exec
- Command : %windir%¥system32¥rundll32.exe
- Arguments : dfdts.dll,DfdGetDefaultPolicyAndSMART

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FR;;;BU)
- Source : $(@%SystemRoot%¥System32¥DFDTS.dll,-100)
- Author : $(@%SystemRoot%¥System32¥DFDTS.dll,-101)
- Description : $(@%SystemRoot%¥System32¥DFDTS.dll,-118)
- URI : ¥Microsoft¥Windows¥DiskDiagnostic¥Microsoft-Windows-DiskDiagnosticResolver
+ Principals
+ Principal
- GroupId : S-1-5-32-545
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- Hidden : true
- MultipleInstancesPolicy : Parallel
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
+ Actions
+ Exec
- Command : %windir%¥system32¥DFDWiz.exe

+ Task
+ RegistrationInfo
- URI : ¥Microsoft¥Windows¥DiskFootprint¥Diagnostics
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : IgnoreNew
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P7D
+ Triggers
+ Actions
+ Exec
- Command : %windir%¥system32¥disksnapshot.exe
- Arguments : -z

+ Task
+ RegistrationInfo
- URI : ¥Microsoft¥Windows¥DiskFootprint¥StorageSense
+ Principals
+ Principal
- GroupId : S-1-5-32-545
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : IgnoreNew
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P7D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {AB2A519B-03B0-43CE-940A-A73DF850B49A}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FRFX;;;AU)(A;;FA;;;SY)
- URI : ¥Microsoft¥Windows¥EDP¥EDP App Launch Task
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 3508BCA3280A9641
+ Actions
+ ComHandler
- ClassId : {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
- Data : AppLaunch

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FRFX;;;AU)(A;;FA;;;SY)
- URI : ¥Microsoft¥Windows¥EDP¥EDP Auth Task
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7538BCA3280A9641
+ Actions
+ ComHandler
- ClassId : {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
- Data : ReAuth

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FRFX;;;AU)(A;;FA;;;SY)
- URI : ¥Microsoft¥Windows¥EDP¥EDP Inaccessible Credentials Task
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7560BCA3280A9641
+ Actions
+ ComHandler
- ClassId : {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
- Data : MissingCredentials

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FRFX;;;AU)(A;;FA;;;SY)
- URI : ¥Microsoft¥Windows¥EDP¥StorageCardEncryption Task
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7548BCA32B188341
+ Actions
+ ComHandler
- ClassId : {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
- Data : SDCardEncryptionPolicy

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FRFX;;;AU)
- Source : $(@%systemroot%¥system32¥mitigationconfiguration.dll,-601)
- Author : $(@%systemroot%¥system32¥mitigationconfiguration.dll,-600)
- Description : $(@%systemroot%¥system32¥mitigationconfiguration.dll,-602)
- URI : ¥Microsoft¥Windows¥ExploitGuard¥ExploitGuard MDM policy Refresh
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7508BEA328009213
+ WnfStateChangeTrigger
- StateName : 7508BCA32A1E890D
+ BootTrigger
+ Actions
+ ComHandler
- ClassId : {711001CD-CC1D-4470-9B7E-1EF73849C79E}
- Data : ExploitGuardPolicy

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(D;;SD;;;AU)(A;;FRFWFX;;;AU)
- Source : $(@%systemroot%¥system32¥srm.dll,-18000)
- Author : $(@%systemroot%¥system32¥srm.dll,-18001)
- Description : $(@%systemroot%¥system32¥srm.dll,-18002)
- URI : ¥Microsoft¥Windows¥File Classification Infrastructure¥Property Definition Sync
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT5M
- MultipleInstancesPolicy : IgnoreNew
- RunOnlyIfNetworkAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- Duration : PT1M
- WaitTimeout : PT1M
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ CalendarTrigger
- StartBoundary : 2006-11-09T03:00:00
- RandomDelay : PT4H
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ ComHandler
- ClassId : {2AE64751-B728-4D6B-97A0-B2DA2E7D2A3B}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FRFX;;;AU)
- Source : $(@%systemroot%¥system32¥fcon.dll,-602)
- Author : $(@%systemroot%¥system32¥fcon.dll,-601)
- Description : $(@%systemroot%¥system32¥fcon.dll,-603)
- URI : ¥Microsoft¥Windows¥Flighting¥FeatureConfig¥ReconcileFeatures
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT5M
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7508BCA32A1E890D
+ Actions
+ ComHandler
- ClassId : {59EECBFE-C2F5-4419-9B99-13FE05FF2675}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FRFX;;;AU)
- Source : $(@%systemroot%¥system32¥wosc.dll,-602)
- Author : $(@%systemroot%¥system32¥wosc.dll,-601)
- Description : $(@%systemroot%¥system32¥wosc.dll,-603)
- URI : ¥Microsoft¥Windows¥Flighting¥OneSettings¥RefreshCache
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT5M
- MultipleInstancesPolicy : IgnoreNew
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2018-01-01T00:00:00
+ Repetition
- Interval : P1D
- RandomDelay : PT1H
+ Actions
+ ComHandler
- ClassId : {E07647F7-AED2-48D9-9720-939BC24A8A3C}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;SY)(A;;FRFX;;;BA)
- URI : ¥Microsoft¥Windows¥InstallService¥ScanForUpdates
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT4H
- MultipleInstancesPolicy : Queue
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2014-01-01T09:00:00+09:00
+ Repetition
- Interval : P1D
- RandomDelay : P1D
+ WnfStateChangeTrigger
- Delay : PT15M
- StateName : 7524BCA33E06830D
+ TimeTrigger
- StartBoundary : 2014-01-01T09:00:00+09:00
- Enabled : false
+ Actions
+ ComHandler
- ClassId : {A558C6A5-B42B-4C98-B610-BF9559143139}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;SY)(A;;FA;;;BA)(A;;FRFX;;;IU)
- URI : ¥Microsoft¥Windows¥InstallService¥ScanForUpdatesAsUser
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT4H
- MultipleInstancesPolicy : Queue
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P3D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {DDAFAEA2-8842-4E96-BADE-D44A8D676FDB}

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;GRGX;;;SU)
- URI : ¥Microsoft¥Windows¥InstallService¥SmartRetry
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : Queue
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- DisallowStartOnRemoteAppSession : true
- UseUnifiedSchedulingEngine : true
+ Triggers
+ BootTrigger
- Enabled : false
- Delay : PT6M
+ TimeTrigger
- StartBoundary : 2014-01-01T09:00:00+09:00
- Enabled : false
+ WnfStateChangeTrigger
- Enabled : false
- StateName : 7538BDA33E06830D
+ WnfStateChangeTrigger
- Enabled : false
- StateName : 7518BCA33E06830D
+ WnfStateChangeTrigger
- Enabled : false
- StateName : 7510BCA33E0B8441
- Data : 03
+ TimeTrigger
- StartBoundary : 2014-01-01T09:00:00+09:00
- Enabled : false
+ Actions
+ ComHandler
- ClassId : {F3A219C3-2698-4CBF-9C07-037EDB8E72E6}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;SY)(A;;FRFX;;;BA)
- URI : ¥Microsoft¥Windows¥InstallService¥WakeUpAndContinueUpdates
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- ExecutionTimeLimit : PT4H
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- WakeToRun : true
- RunOnlyIfNetworkAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ ComHandler
- ClassId : {0DC331EE-8438-49D5-A721-E10B937CE459}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;SY)(A;;FRFX;;;BA)
- URI : ¥Microsoft¥Windows¥InstallService¥WakeUpAndScanForUpdates
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- ExecutionTimeLimit : PT4H
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- WakeToRun : true
- RunOnlyIfNetworkAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2014-01-01T09:00:00+09:00
+ Repetition
- Interval : P1D
- RandomDelay : P1D
+ Actions
+ ComHandler
- ClassId : {D5A04D91-6FE6-4FE4-A98A-FEB4500C5AF7}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;IU)
- Source : $(@%systemRoot%¥System32¥LanguageComponentsInstaller.Dll,-601)
- Author : $(@%systemRoot%¥System32¥LanguageComponentsInstaller.Dll,-600)
- Description : $(@%systemRoot%¥System32¥LanguageComponentsInstaller.Dll,-602)
- URI : ¥Microsoft¥Windows¥LanguageComponentsInstaller¥Installation
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
- Delay : PT15M
+ Repetition
- Interval : P1D
+ IdleTrigger
+ Repetition
- Interval : P1D
+ Actions
+ ComHandler
- ClassId : {6F58F65F-EC0E-4ACA-99FE-FC5A1A25E4BE}
- Data : Install $(Arg0)

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)
- Source : $(@%systemRoot%¥System32¥LanguageComponentsInstaller.Dll,-601)
- Author : $(@%systemRoot%¥System32¥LanguageComponentsInstaller.Dll,-600)
- Description : $(@%systemRoot%¥System32¥LanguageComponentsInstaller.Dll,-603)
- URI : ¥Microsoft¥Windows¥LanguageComponentsInstaller¥Uninstallation
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : Queue
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P7D
- Deadline : P14D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {6F58F65F-EC0E-4ACA-99FE-FC5A1A25E4BE}
- Data : Uninstall

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;GRGX;;;SU)
- Source : $(@%SystemRoot%¥system32¥TempSignedLicenseExchangeTask.dll,-601)
- Author : $(@%SystemRoot%¥system32¥TempSignedLicenseExchangeTask.dll,-600)
- Description : $(@%SystemRoot%¥system32¥TempSignedLicenseExchangeTask.dll,-602)
- URI : ¥Microsoft¥Windows¥License Manager¥TempSignedLicenseExchange
+ Principals
+ Principal
- GroupId : S-1-5-4
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P7D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {77646A68-AD14-4D53-897D-7BE4DDE5F929}

+ Task
+ RegistrationInfo
- Version : 1.3
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)
- Description : $(@%systemRoot%¥system32¥LocationNotificationWindows.exe,-102)
- URI : ¥Microsoft¥Windows¥Location¥Notifications
+ Principals
+ Principal
- GroupId : S-1-5-11
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : Parallel
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7508BCA321089541
- Data : 01
+ Actions
+ Exec
- Command : %windir%¥System32¥LocationNotificationWindows.exe

+ Task
+ RegistrationInfo
- Version : 1.3
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)
- Description : $(@%systemRoot%¥System32¥WindowsActionDialog.exe,-102)
- URI : ¥Microsoft¥Windows¥Location¥WindowsActionDialog
+ Principals
+ Principal
- GroupId : S-1-5-11
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : Parallel
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7548BCA321089541
+ Actions
+ Exec
- Command : %windir%¥System32¥WindowsActionDialog.exe

+ Task
+ RegistrationInfo
- Date : 2008-02-25T19:15:00
- SecurityDescriptor : D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FRFX;;;LS)
- Source : $(@%systemroot%¥system32¥winsatapi.dll,-113)
- Author : $(@%systemroot%¥system32¥winsatapi.dll,-112)
- Description : $(@%systemroot%¥system32¥winsatapi.dll,-114)
- URI : ¥Microsoft¥Windows¥Maintenance¥WinSAT
+ Principals
+ Principal
- GroupId : S-1-5-32-544
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT30M
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P7D
- Deadline : P1M
- Exclusive : true
+ Triggers
+ Actions
+ ComHandler
- ClassId : {A9A33436-678B-4C9C-A211-7CC38785E79D}

+ Task
+ RegistrationInfo
- Date : 2014-11-05T00:00:00
- SecurityDescriptor : D:(A;;0x111FFFFF;;;SY)(A;;0x111FFFFF;;;BA)(A;;0x111FFFFF;;;S-1-5-80-3028837079-3186095147-955107200-3701964851-1150726376)(A;;FRFX;;;AU)
- Author : $(@%SystemRoot%¥system32¥mapstoasttask.dll,-600)
- Description : $(@%SystemRoot%¥system32¥mapstoasttask.dll,-602)
- URI : ¥Microsoft¥Windows¥Maps¥MapsToastTask
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT5S
- Hidden : true
- MultipleInstancesPolicy : Queue
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ ComHandler
- ClassId : {9885AEF2-BD9F-41E0-B15E-B3141395E803}
- Data : $(Arg0);$(Arg1);$(Arg2);$(Arg3);$(Arg4);$(Arg5);$(Arg6);$(Arg7)

+ Task
+ RegistrationInfo
- Date : 2014-11-05T00:00:00
- SecurityDescriptor : D:(A;;0x111FFFFF;;;SY)(A;;0x111FFFFF;;;BA)(A;;0x111FFFFF;;;S-1-5-80-3028837079-3186095147-955107200-3701964851-1150726376)(A;;FRFX;;;NS)(A;;FRFX;;;AU)
- Author : $(@%SystemRoot%¥system32¥mapsupdatetask.dll,-600)
- Description : $(@%SystemRoot%¥system32¥mapsupdatetask.dll,-602)
- URI : ¥Microsoft¥Windows¥Maps¥MapsUpdateTask
+ Principals
+ Principal
- UserId : S-1-5-20
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- ExecutionTimeLimit : PT40S
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2014-10-21T00:00:00
+ Repetition
- Interval : P1D
- RandomDelay : PT2H
+ Actions
+ ComHandler
- ClassId : {B9033E87-33CF-4D77-BC9B-895AFBBA72E4}

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;AU)
- Source : $(@%SystemRoot%¥system32¥MemoryDiagnostic.dll,-601)
- Author : $(@%SystemRoot%¥system32¥MemoryDiagnostic.dll,-600)
- Description : $(@%SystemRoot%¥system32¥MemoryDiagnostic.dll,-603)
- URI : ¥Microsoft¥Windows¥MemoryDiagnostic¥ProcessMemoryDiagnosticEvents
+ Principals
+ Principal
- GroupId : S-1-5-32-544
- RunLevel : HighestAvailable
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- ExecutionTimeLimit : PT2H
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : true
- UseUnifiedSchedulingEngine : true
+ Triggers
+ EventTrigger
- Subscription : <QueryList><Query Id="0" Path="System"><Select Path="System">*[System[Provider[@Name='Microsoft-Windows-WER-SystemErrorReporting'] and (EventID=1000 or EventID=1001 or EventID=1006)]]</Select></Query></QueryList>
+ EventTrigger
- Subscription : <QueryList><Query Id="0" Path="Application"><Select Path="Application">*[System[Provider[@Name='Application Error'] and EventID=1000]]</Select></Query></QueryList>
+ EventTrigger
- Subscription : <QueryList><Query Id="0" Path="System"><Select Path="System">*[System[Provider[@Name='Application Popup'] and EventID=1801]]</Select></Query></QueryList>
+ EventTrigger
- Subscription : <QueryList><Query Id="0" Path="Microsoft-Windows-Kernel-StoreMgr/Operational"><Select Path="Microsoft-Windows-Kernel-StoreMgr/Operational">*[System[Provider[@Name='Microsoft-Windows-Kernel-StoreMgr'] and EventID=6]]</Select></Query></QueryList>
+ Actions
+ ComHandler
- ClassId : {8168E74A-B39F-46D8-ADCD-7BED477B80A3}
- Data : Event

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;AU)(A;;FRFX;;;LS)
- Source : $(@%SystemRoot%¥system32¥MemoryDiagnostic.dll,-601)
- Author : $(@%SystemRoot%¥system32¥MemoryDiagnostic.dll,-600)
- Description : $(@%SystemRoot%¥system32¥MemoryDiagnostic.dll,-602)
- URI : ¥Microsoft¥Windows¥MemoryDiagnostic¥RunFullMemoryDiagnostic
+ Principals
+ Principal
- GroupId : S-1-5-32-544
- RunLevel : HighestAvailable
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- ExecutionTimeLimit : PT2H
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : true
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P7D
- Deadline : P2M
+ Triggers
+ Actions
+ ComHandler
- ClassId : {8168E74A-B39F-46D8-ADCD-7BED477B80A3}
- Data : Time

+ Task
+ RegistrationInfo
- Version : 1.3
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)
- Source : $(@%SystemRoot%¥system32¥MbaeParserTask.exe,-1901)
- Author : $(@%SystemRoot%¥system32¥MbaeParserTask.exe,-1902)
- Description : $(@%SystemRoot%¥system32¥MbaeParserTask.exe,-1903)
- URI : ¥Microsoft¥Windows¥Mobile Broadband Accounts¥MNO Metadata Parser
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT3M
- MultipleInstancesPolicy : Queue
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ EventTrigger
- Subscription : <QueryList>
<Query Id='1'>
<Select Path='Microsoft-Windows-DeviceSetupManager/Operational'>*[System/EventID=302] and *[EventData/Data[@Name='Prop_ServiceInfoNamespace']='http://schemas.microsoft.com/windows/2010/12/DeviceMetadata/MobileBroadBandInfo']</Select>
</Query>
</QueryList>
+ Actions
+ Exec
- Command : %SystemRoot%¥System32¥MbaeParserTask.exe

+ Task
+ RegistrationInfo
- Source : $(@%systemRoot%¥System32¥lpremove.exe,-100)
- Author : $(@%systemRoot%¥System32¥lpremove.exe,-100)
- Description : $(@%systemRoot%¥System32¥lpremove.exe,-101)
- URI : ¥Microsoft¥Windows¥MUI¥LPRemove
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT9H
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P3D
- Deadline : P4D
+ Triggers
+ Actions
+ Exec
- Command : %windir%¥system32¥lpremove.exe

+ Task
+ RegistrationInfo
- Date : 2005-06-23T13:48:00-08:00
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;AU)
- Source : $(@%systemRoot%¥System32¥PlaySndSrv.Dll,-106)
- Description : $(@%systemRoot%¥System32¥PlaySndSrv.Dll,-105)
- URI : ¥Microsoft¥Windows¥Multimedia¥SystemSoundsService
+ Principals
+ Principal
- GroupId : S-1-5-32-545
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : Parallel
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
+ Actions
+ ComHandler
- ClassId : {2DEA658F-54C1-4227-AF9B-260AB5FC3543}

+ Task
+ RegistrationInfo
- Source : $(@%SystemRoot%¥system32¥nettrace.dll,-6910)
- Author : $(@%SystemRoot%¥system32¥nettrace.dll,-6911)
- Description : $(@%SystemRoot%¥system32¥nettrace.dll,-6912)
- URI : ¥Microsoft¥Windows¥NetTrace¥GatherNetworkInfo
+ Principals
+ Principal
- GroupId : S-1-5-32-545
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : Parallel
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ Exec
- Command : %windir%¥system32¥gatherNetworkInfo.vbs
- WorkingDirectory : $(Arg1)

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)
- Source : $(@%SystemRoot%¥system32¥wbem¥SDNDiagnosticsProvider.dll,-500)
- Author : $(@%SystemRoot%¥system32¥wbem¥SDNDiagnosticsProvider.dll,-500)
- Description : $(@%SystemRoot%¥system32¥wbem¥SDNDiagnosticsProvider.dll,-501)
- URI : ¥Microsoft¥Windows¥Network Controller¥SDN Diagnostics Task
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- Enabled : false
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2015-08-21T00:00:00
+ Repetition
- Interval : PT30M
+ BootTrigger
+ Actions
+ Exec
- Command : %windir%¥System32¥SDNDiagnosticsTask.exe

+ Task
+ RegistrationInfo
- Version : 1.0
- Source : $(@%systemroot%¥system32¥cscui.dll,-5000)
- Author : $(@%systemroot%¥system32¥cscui.dll,-5001)
- Description : $(@%systemroot%¥system32¥cscui.dll,-5003)
- URI : ¥Microsoft¥Windows¥Offline Files¥Background Synchronization
+ Principals
+ Principal
- GroupId : S-1-5-11
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : P1D
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2008-01-01T00:00:00
+ Repetition
- Interval : PT2H
- RandomDelay : PT20M
+ Actions
+ ComHandler
- ClassId : {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}

+ Task
+ RegistrationInfo
- Version : 1.0
- Source : $(@%systemroot%¥system32¥cscui.dll,-5000)
- Author : $(@%systemroot%¥system32¥cscui.dll,-5001)
- Description : $(@%systemroot%¥system32¥cscui.dll,-5002)
- URI : ¥Microsoft¥Windows¥Offline Files¥Logon Synchronization
+ Principals
+ Principal
- GroupId : S-1-5-11
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- ExecutionTimeLimit : P1D
- MultipleInstancesPolicy : IgnoreNew
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
- Delay : PT4M
+ Actions
+ ComHandler
- ClassId : {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}
- Data : Logon

+ Task
+ RegistrationInfo
- Date : 2012-02-07T16:39:20
- SecurityDescriptor : O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)
- Source : $(@%SystemRoot%¥system32¥TpmTasks.dll,-601)
- Author : $(@%SystemRoot%¥system32¥TpmTasks.dll,-600)
- Description : $(@%SystemRoot%¥system32¥TpmTasks.dll,-604)
- URI : ¥Microsoft¥Windows¥PI¥Secure-Boot-Update
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7508BCA33E0C9541
+ Actions
+ ComHandler
- ClassId : {5014B7C8-934E-4262-9816-887FA745A6C4}
- Data : SBServicing

+ Task
+ RegistrationInfo
- Date : 2011-07-22T00:00:00.8844064
- SecurityDescriptor : O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)
- Source : $(@%SystemRoot%¥system32¥TpmTasks.dll,-601)
- Author : $(@%SystemRoot%¥system32¥TpmTasks.dll,-600)
- Description : $(@%SystemRoot%¥system32¥TpmTasks.dll,-603)
- URI : ¥Microsoft¥Windows¥PI¥Sqm-Tasks
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1M
+ Triggers
+ Actions
+ ComHandler
- ClassId : {5014B7C8-934E-4262-9816-887FA745A6C4}
- Data : PiSqmTasks

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;FA;;;SY)(A;;FA;;;BA)(A;;0x1301ff;;;S-1-5-80-2661322625-712705077-2999183737-3043590567-590698655)(A;;FRFX;;;LU)
- Source : $(@%systemroot%¥system32¥wbem¥mgmtprovider.dll,-101)
- Author : $(@%systemroot%¥system32¥wbem¥mgmtprovider.dll,-8197)
- URI : ¥Microsoft¥Windows¥PLA¥Server Manager Performance Monitor
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- Priority : 2
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Data
+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)
- Author : $(@%SystemRoot%¥system32¥pnppolicy.dll,-600)
- Description : $(@%SystemRoot%¥system32¥pnppolicy.dll,-602)
- URI : ¥Microsoft¥Windows¥Plug and Play¥Device Install Group Policy
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : P1D
- Hidden : true
- MultipleInstancesPolicy : Queue
- Priority : 6
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7508BCA32A1E890D
+ Actions
+ ComHandler
- ClassId : {60400283-B242-4FA8-8C25-CAF695B88209}

+ Task
+ RegistrationInfo
- SecurityDescriptor : O:BAG:BAD:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;;FR;;;IU)
- Author : $(@%SystemRoot%¥system32¥pnpui.dll,-600)
- Description : $(@%SystemRoot%¥system32¥pnpui.dll,-602)
- URI : ¥Microsoft¥Windows¥Plug and Play¥Device Install Reboot Required
+ Principals
+ Principal
- GroupId : S-1-5-4
- RunLevel : HighestAvailable
+ Settings
- AllowHardTerminate : false
- AllowStartOnDemand : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Hidden : true
- MultipleInstancesPolicy : Queue
- Priority : 6
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7508BCA33D009602
+ LogonTrigger
+ Actions
+ ComHandler
- ClassId : {48794782-6A1F-47B9-BD52-1D5F95D49C1B}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)
- Author : $(@%SystemRoot%¥System32¥sppnp.dll,-2000)
- Description : $(@%SystemRoot%¥System32¥sppnp.dll,-2001)
- URI : ¥Microsoft¥Windows¥Plug and Play¥Sysprep Generalize Drivers
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ Exec
- Command : %SystemRoot%¥System32¥drvinst.exe
- Arguments : 6

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)(A;;FRFX;;;LS)
- Source : $(@%systemRoot%¥system32¥energytask.dll,-601)
- Author : $(@%systemRoot%¥system32¥energytask.dll,-600)
- Description : $(@%systemRoot%¥system32¥energytask.dll,-602)
- URI : ¥Microsoft¥Windows¥Power Efficiency Diagnostics¥AnalyzeSystem
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT5M
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P2D
- Exclusive : true
+ Triggers
+ Actions
+ ComHandler
- ClassId : {927EA2AF-1C54-43D5-825E-0074CE028EEE}

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;GRGX;;;SU)
- URI : ¥Microsoft¥Windows¥PushToInstall¥LoginCheck
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : Parallel
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- DisallowStartOnRemoteAppSession : true
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
- StartBoundary : 2017-01-01T09:00:00+09:00
- EndBoundary : 2017-01-01T09:00:00+09:00
- Delay : PT5M
+ Actions
+ Exec
- Command : %windir%¥system32¥sc.exe
- Arguments : start pushtoinstall login

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;GRGX;;;SU)
- URI : ¥Microsoft¥Windows¥PushToInstall¥Registration
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- DisallowStartOnRemoteAppSession : true
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2017-01-01T09:00:00+09:00
+ Repetition
- Interval : P20D
+ WnfStateChangeTrigger
- Delay : PT15M
- StateName : 750CBCA3290B9641
- Data : 01
+ Actions
+ Exec
- Command : %windir%¥system32¥sc.exe
- Arguments : start pushtoinstall registration

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)
- Author : $(@%SystemRoot%¥system32¥rasmbmgr.dll,-201)
- Description : $(@%SystemRoot%¥system32¥rasmbmgr.dll,-202)
- URI : ¥Microsoft¥Windows¥Ras¥MobilityManager
+ Principals
+ Principal
- UserId : S-1-5-19
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : Parallel
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ EventTrigger
- Subscription : <QueryList>







<Query







Id="0"







Path="Application"







>







<Select Path="Application">*[System[Provider[@Name='RasClient'] and (Level=4 or Level=0) and (EventID=20281)]]</Select>







</Query>







</QueryList>
+ Actions
+ ComHandler
- ClassId : {C463A0FC-794F-4FDF-9201-01938CEACAFA}

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;AU)(A;;FRFX;;;LS)
- Source : $(@%SystemRoot%¥system32¥ReAgentTask.dll,-602)
- Author : $(@%SystemRoot%¥system32¥ReAgentTask.dll,-601)
- Description : $(@%SystemRoot%¥system32¥ReAgentTask.dll,-603)
- URI : ¥Microsoft¥Windows¥RecoveryEnvironment¥VerifyWinRE
+ Principals
+ Principal
- GroupId : S-1-5-32-544
- RunLevel : HighestAvailable
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT1H
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P14D
- Deadline : P1M
+ Triggers
+ Actions
+ ComHandler
- ClassId : {89D1D0C2-A3CF-490C-ABE3-B86CDE34B047}
- Data : VerifyWinRE

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)(A;;FRFX;;;LS)
- Source : $(@%systemroot%¥system32¥regidle.dll,-601)
- Author : $(@%systemroot%¥system32¥regidle.dll,-600)
- Description : $(@%systemroot%¥system32¥regidle.dll,-602)
- URI : ¥Microsoft¥Windows¥Registry¥RegIdleBackup
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- Priority : 5
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P10D
- Deadline : P14D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {CA767AA8-9157-4604-B64B-40747123D5F2}

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : O:SYD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)(A;;FRFX;;;LU)
- Source : $(@%systemroot%¥system32¥wbem¥mgmtprovider.dll,-101)
- Author : $(@%systemroot%¥system32¥wbem¥mgmtprovider.dll,-8197)
- URI : ¥Microsoft¥Windows¥Server Manager¥CleanupOldPerfLogs
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT2M
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ Exec
- Command : %systemroot%¥system32¥cscript.exe
- Arguments : /B /nologo %systemroot%¥system32¥calluxxprovider.vbs $(Arg0) $(Arg1) $(Arg2)

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)
- Source : $(@%SystemRoot%¥system32¥svrmgrnc.dll,-101)
- Author : $(@%SystemRoot%¥system32¥svrmgrnc.dll,-103)
- Description : $(@%SystemRoot%¥system32¥svrmgrnc.dll,-104)
- URI : ¥Microsoft¥Windows¥Server Manager¥ServerManager
+ Principals
+ Principal
- GroupId : S-1-5-32-544
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : IgnoreNew
- Priority : 4
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
+ Actions
+ Exec
- Command : %windir%¥system32¥ServerManagerLauncher.exe

+ Task
+ RegistrationInfo
- URI : ¥Microsoft¥Windows¥Servicing¥StartComponentCleanup
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P7D
- Deadline : P14D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {752073A1-23F2-4396-85F0-8FDB879ED0ED}

+ Task
+ RegistrationInfo
- URI : ¥Microsoft¥Windows¥SharedPC¥Account Cleanup
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- ExecutionTimeLimit : PT30M
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- WakeToRun : true
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
+ Triggers
+ Actions
+ Exec
- Command : %windir%¥System32¥rundll32.exe
- Arguments : %windir%¥System32¥Windows.SharedPC.AccountManager.dll,StartMaintenance

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;FA;;;SY)(A;;FRFX;;;IU)
- Source : $(@%SystemRoot%¥system32¥shell32.dll,-14349)
- Author : $(@%SystemRoot%¥system32¥shell32.dll,-14349)
- Description : $(@%SystemRoot%¥system32¥shell32.dll,-14350)
- URI : ¥Microsoft¥Windows¥Shell¥CreateObjectTask
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT30S
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ ComHandler
- ClassId : {990A9F8F-301F-45F7-8D0E-68C5952DBA43}

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;FA;;;SY)(A;;FA;;;LS)(A;;FR;;;BA)
- Source : $(@%systemroot%¥system32¥srchadmin.dll,-1901)
- Author : $(@%systemroot%¥system32¥srchadmin.dll,-1901)
- Description : $(@%systemroot%¥system32¥srchadmin.dll,-1902)
- URI : ¥Microsoft¥Windows¥Shell¥IndexerAutomaticMaintenance
+ Principals
+ Principal
- UserId : S-1-5-19
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P2D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {3FBA60A6-7BF5-4868-A2CA-6623B3DFFEA6}

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)
- URI : ¥Microsoft¥Windows¥Software Inventory Logging¥Collection
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- AllowStartOnDemand : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- ExecutionTimeLimit : PT10M
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2000-01-01T03:00:00
+ Repetition
- Interval : PT1H
- RandomDelay : PT30M
+ Actions
+ Exec
- Command : %systemroot%¥system32¥cmd.exe
- Arguments : /d /c %systemroot%¥system32¥silcollector.cmd publish

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)
- URI : ¥Microsoft¥Windows¥Software Inventory Logging¥Configuration
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- AllowStartOnDemand : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT2M
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ BootTrigger
- Delay : PT1M
+ Actions
+ Exec
- Command : %systemroot%¥system32¥cmd.exe
- Arguments : /d /c %systemroot%¥system32¥silcollector.cmd configure

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628)(A;;FR;;;S-1-5-87-2912274048-3994893941-1669128114-1310430903-1263774323)
- Source : $(@%systemroot%¥system32¥sppc.dll,-200)
- Author : $(@%systemroot%¥system32¥sppc.dll,-200)
- Description : $(@%systemroot%¥system32¥sppc.dll,-201)
- URI : ¥Microsoft¥Windows¥SoftwareProtectionPlatform¥SvcRestartTask
+ Principals
+ Principal
- UserId : S-1-5-20
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
+ RestartOnFailure
- Count : 3
- Interval : PT1M
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ CalendarTrigger
- StartBoundary : 2124-03-29T14:56:11+09:00
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ ComHandler
- ClassId : {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC}
- Data : timer

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FRFW;;;S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628)(A;;FR;;;S-1-5-4)
- Source : $(@%systemroot%¥system32¥sppc.dll,-200)
- Author : $(@%systemroot%¥system32¥sppc.dll,-200)
- Description : $(@%systemroot%¥system32¥sppc.dll,-202)
- URI : ¥Microsoft¥Windows¥SoftwareProtectionPlatform¥SvcRestartTaskLogon
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
+ RestartOnFailure
- Count : 3
- Interval : PT1M
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
+ Actions
+ ComHandler
- ClassId : {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC}
- Data : logon

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FRFW;;;S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628)(A;;FR;;;S-1-5-87-431836887-2321537645-4075769387-3393595759-2187231311)
- Source : $(@%systemroot%¥system32¥sppc.dll,-200)
- Author : $(@%systemroot%¥system32¥sppc.dll,-200)
- Description : $(@%systemroot%¥system32¥sppc.dll,-203)
- URI : ¥Microsoft¥Windows¥SoftwareProtectionPlatform¥SvcRestartTaskNetwork
+ Principals
+ Principal
- UserId : S-1-5-20
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
+ RestartOnFailure
- Count : 3
- Interval : PT1M
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ EventTrigger
- Subscription : <QueryList><Query Id="0" Path="Microsoft-Windows-NetworkProfile/Operational"><Select Path="Microsoft-Windows-NetworkProfile/Operational">*[System[EventID=10000]]</Select></Query></QueryList>
+ Actions
+ ComHandler
- ClassId : {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC}
- Data : network

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)
- Source : $(@%SystemRoot%¥system32¥SpaceAgent.exe,-1)
- Author : $(@%SystemRoot%¥system32¥SpaceAgent.exe,-2)
- Description : $(@%SystemRoot%¥system32¥SpaceAgent.exe,-3)
- URI : ¥Microsoft¥Windows¥SpacePort¥SpaceAgentTask
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT6H
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ BootTrigger
- Enabled : false
- Delay : PT2M
+ WnfStateChangeTrigger
- StateName : 7508BCA33E1E8702
+ Actions
+ Exec
- Command : %windir%¥system32¥SpaceAgent.exe

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)
- Source : $(@%SystemRoot%¥system32¥spaceman.exe,-1)
- Author : $(@%SystemRoot%¥system32¥spaceman.exe,-2)
- Description : $(@%SystemRoot%¥system32¥spaceman.exe,-3)
- URI : ¥Microsoft¥Windows¥SpacePort¥SpaceManagerTask
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ BootTrigger
- Enabled : false
- Delay : PT2M
+ WnfStateChangeTrigger
- StateName : 7510BCA33E1E8702
+ Actions
+ Exec
- Command : %windir%¥system32¥spaceman.exe
- Arguments : /Work

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:AI(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;AU)
- URI : ¥Microsoft¥Windows¥Speech¥HeadsetButtonPress
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7510BCA33E1E8509
+ Actions
+ Exec
- Command : %windir%¥system32¥speech_onecore¥common¥SpeechRuntime.exe
- Arguments : StartedFromTask

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;GA;;;NU)
- URI : ¥Microsoft¥Windows¥Speech¥SpeechModelDownloadTask
+ Principals
+ Principal
- UserId : S-1-5-20
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT10M
- MultipleInstancesPolicy : IgnoreNew
+ RestartOnFailure
- Count : 3
- Interval : PT1M
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- Duration : PT10M
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2004-01-01T00:00:00
+ Repetition
- Interval : P1D
- RandomDelay : PT4H
+ Actions
+ Exec
- Command : %windir%¥system32¥speech_onecore¥common¥SpeechModelDownload.exe

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:AI(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FR;;;AU)
- Source : $(@%systemroot%¥system32¥TieringEngineService.exe,-601)
- Author : $(@%systemroot%¥system32¥TieringEngineService.exe,-600)
- Description : $(@%systemroot%¥system32¥TieringEngineService.exe,-602)
- URI : ¥Microsoft¥Windows¥Storage Tiers Management¥Storage Tiers Management Initialization
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7508BCA32B1D940D
+ Actions
+ ComHandler
- ClassId : {5C9AB547-345D-4175-9AF6-65133463A100}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:AI(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FR;;;AU)
- Source : $(@%systemroot%¥system32¥TieringEngineService.exe,-601)
- Author : $(@%systemroot%¥system32¥TieringEngineService.exe,-600)
- Description : $(@%systemroot%¥system32¥TieringEngineService.exe,-603)
- URI : ¥Microsoft¥Windows¥Storage Tiers Management¥Storage Tiers Optimization
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2013-01-01T01:00:00
+ Repetition
- Interval : PT4H
+ Actions
+ Exec
- Command : %windir%¥system32¥defrag.exe
- Arguments : -c -h -g -# -m 8 -i 13500

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)
- Source : $(@%systemroot%¥system32¥wdc.dll,-10042)
- Author : $(@%systemroot%¥system32¥wdc.dll,-10041)
- Description : $(@%systemroot%¥system32¥wdc.dll,-10043)
- URI : ¥Microsoft¥Windows¥Task Manager¥Interactive
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : Parallel
- Priority : 5
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ ComHandler
- ClassId : {855FEC53-D2E4-4999-9E87-3414E9CF0FF4}
- Data : $(Arg0)

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)
- Source : $(@%systemRoot%¥system32¥MsCtfMonitor.dll,-1000)
- Description : $(@%systemRoot%¥system32¥MsCtfMonitor.dll,-1001)
- URI : ¥Microsoft¥Windows¥TextServicesFramework¥MsCtfMonitor
+ Principals
+ Principal
- GroupId : S-1-5-32-545
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : Parallel
- Priority : 5
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
+ Actions
+ ComHandler
- ClassId : {01575CFE-9A55-4003-A5E1-F38D1EBDCBE1}

+ Task
+ RegistrationInfo
- Source : $(@%SystemRoot%¥system32¥TimeSyncTask.dll,-601)
- Author : $(@%SystemRoot%¥system32¥TimeSyncTask.dll,-600)
- Description : $(@%SystemRoot%¥system32¥TimeSyncTask.dll,-602)
- URI : ¥Microsoft¥Windows¥Time Synchronization¥ForceSynchronizeTime
+ Principals
+ Principal
- UserId : S-1-5-19
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- Delay : PT1M
- StateName : 7510BCA32F018915
+ Actions
+ ComHandler
- ClassId : {A31AD6C2-FF4C-43D4-8E90-7101023096F9}
- Data : TimeSyncTask

+ Task
+ RegistrationInfo
- Source : $(@%systemroot%¥system32¥w32time.dll,-200)
- Author : $(@%systemroot%¥system32¥w32time.dll,-202)
- Description : $(@%systemroot%¥system32¥w32time.dll,-201)
- URI : ¥Microsoft¥Windows¥Time Synchronization¥SynchronizeTime
+ Principals
+ Principal
- UserId : S-1-5-19
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P2D
+ Triggers
+ Actions
+ Exec
- Command : %windir%¥system32¥sc.exe
- Arguments : start w32time task_started

+ Task
+ RegistrationInfo
- Date : 2013-01-10T16:32:04.2837388
- Author : $(@%SystemRoot%¥system32¥tzsyncres.dll,-101)
- Description : $(@%SystemRoot%¥system32¥tzsyncres.dll,-102)
- URI : ¥Microsoft¥Windows¥Time Zone¥SynchronizeTimeZone
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P7D
- Deadline : P14D
+ Triggers
+ Actions
+ Exec
- Command : %windir%¥system32¥tzsync.exe

+ Task
+ RegistrationInfo
- Date : 2015-02-16T17:49:20.8844064
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)
- Source : $(@%SystemRoot%¥system32¥TpmTasks.dll,-601)
- Author : $(@%SystemRoot%¥system32¥TpmTasks.dll,-600)
- Description : $(@%SystemRoot%¥system32¥TpmTasks.dll,-605)
- URI : ¥Microsoft¥Windows¥TPM¥Tpm-HASCertRetr
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : Queue
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7508BCA3250F9541
+ Actions
+ ComHandler
- ClassId : {5014B7C8-934E-4262-9816-887FA745A6C4}
- Data : HASCertRetr

+ Task
+ RegistrationInfo
- Date : 2010-06-10T17:49:20.8844064
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;S-1-5-87-1469317444-2401623638-2778953283-1691679301-3481717153)
- Source : $(@%SystemRoot%¥system32¥TpmTasks.dll,-601)
- Author : $(@%SystemRoot%¥system32¥TpmTasks.dll,-600)
- Description : $(@%SystemRoot%¥system32¥TpmTasks.dll,-602)
- URI : ¥Microsoft¥Windows¥TPM¥Tpm-Maintenance
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : Queue
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7518BCA3391E8B41
+ WnfStateChangeTrigger
- StateName : 7560BCA322028F02
+ WnfStateChangeTrigger
- StateName : 7510BCA3391E8B41
+ WnfStateChangeTrigger
- StateName : 3528BCA32E1D8E0D
+ Actions
+ ComHandler
- ClassId : {5014B7C8-934E-4262-9816-887FA745A6C4}
- Data : TpmTasks

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FRFX;;;BA)
- URI : ¥Microsoft¥Windows¥UpdateOrchestrator¥Schedule Scan
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2023-07-04T15:42:09+09:00
+ Repetition
- Interval : PT22H
- RandomDelay : PT4H
+ Actions
+ Exec
- Command : %systemroot%¥system32¥usoclient.exe
- Arguments : StartScan

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FRFX;;;BA)
- Source : $(@%systemRoot%¥system32¥usocore.dll,-104)
- Author : $(@%systemRoot%¥system32¥usocore.dll,-103)
- Description : $(@%systemRoot%¥system32¥usocore.dll,-105)
- URI : ¥Microsoft¥Windows¥UpdateOrchestrator¥Schedule Scan Static Task
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- Delay : PT2H5M
- StateName : 7524BCA33E06830D
- Data : 01
+ WnfStateChangeTrigger
- Delay : PT2H5M
- StateName : 750CBCA3290B9641
- Data : 01
+ WnfStateChangeTrigger
- StateName : 7550BCA322028F02
+ WnfStateChangeTrigger
- StateName : 7508BCA32E07C641
+ EventTrigger
- Subscription : <QueryList><Query Id="0" Path="System"><Select Path="System">*[System[EventID=8202]]</Select></Query></QueryList>
+ Actions
+ Exec
- Command : %systemroot%¥system32¥usoclient.exe
- Arguments : StartScan

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FRFX;;;BA)
- Source : $(@%systemRoot%¥system32¥usocore.dll,-104)
- Author : $(@%systemRoot%¥system32¥usocore.dll,-103)
- Description : $(@%systemRoot%¥system32¥usocore.dll,-106)
- URI : ¥Microsoft¥Windows¥UpdateOrchestrator¥USO_UxBroker
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- AllowStartOnDemand : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : Queue
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7510BCA3381D8941
+ CalendarTrigger
- StartBoundary : 2000-01-01T03:00:00
- RandomDelay : P1D
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : %systemroot%¥system32¥MusNotification.exe

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)
- Author : $(@%systemroot%¥system32¥upnphost.dll,-215)
- Description : $(@%systemroot%¥system32¥upnphost.dll,-216)
- URI : ¥Microsoft¥Windows¥UPnP¥UPnPHostConfig
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ Exec
- Command : sc.exe
- Arguments : config upnphost start= auto

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)
- Source : $(@%SystemRoot%¥system32¥profsvc,-500)
- Author : $(@%SystemRoot%¥system32¥profsvc,-500)
- Description : $(@%SystemRoot%¥system32¥profsvc,-501)
- URI : ¥Microsoft¥Windows¥User Profile Service¥HiveUploadTask
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- Enabled : false
- MultipleInstancesPolicy : IgnoreNew
+ RestartOnFailure
- Count : 3
- Interval : PT2M
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT2H
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2007-08-28T00:00:00
+ Repetition
- Interval : PT12H
- RandomDelay : PT1H
+ Actions
+ ComHandler
- ClassId : {BA677074-762C-444B-94C8-8C83F93F6605}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FRFX;;;BA)
- Source : $(@%systemroot%¥system32¥WaasMedicSvc.dll,-103)
- Author : $(@%systemroot%¥system32¥WaasMedicSvc.dll,-102)
- Description : $(@%systemroot%¥system32¥WaasMedicSvc.dll,-104)
- URI : ¥Microsoft¥Windows¥WaaSMedic¥PerformRemediation
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2000-10-15T03:00:00
+ Repetition
- Interval : P7D
- RandomDelay : PT4H
+ Actions
+ ComHandler
- ClassId : {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
- Data : None

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)
- Source : $(@%systemroot%¥system32¥dps.dll,-601)
- Author : $(@%systemroot%¥system32¥dps.dll,-600)
- Description : $(@%systemroot%¥system32¥dps.dll,-602)
- URI : ¥Microsoft¥Windows¥WDI¥ResolutionHost
+ Principals
+ Principal
- GroupId : S-1-5-4
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : Parallel
- Priority : 10
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ ComHandler
- ClassId : {900BE39D-6BE8-461A-BC4D-B0FA71F5ECB1}

+ Task
+ RegistrationInfo
- Description : 定期的なメンテナンス タスクです。
- URI : ¥Microsoft¥Windows¥Windows Defender¥Windows Defender Cache Maintenance
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P7D
+ Triggers
+ Actions
+ Exec
- Command : C:¥Program Files¥Windows Defender¥MpCmdRun.exe
- Arguments : -IdleTask -TaskName WdCacheMaintenance

+ Task
+ RegistrationInfo
- Description : 定期的なクリーンアップ タスクです。
- URI : ¥Microsoft¥Windows¥Windows Defender¥Windows Defender Cleanup
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P7D
+ Triggers
+ Actions
+ Exec
- Command : C:¥Program Files¥Windows Defender¥MpCmdRun.exe
- Arguments : -IdleTask -TaskName WdCleanup

+ Task
+ RegistrationInfo
- Description : 定期的なスキャン タスクです。
- URI : ¥Microsoft¥Windows¥Windows Defender¥Windows Defender Scheduled Scan
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- Duration : PT1M
- WaitTimeout : PT4H
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ CalendarTrigger
- StartBoundary : 2000-01-01T02:54:28
- EndBoundary : 2100-01-01T00:00:00
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : C:¥Program Files¥Windows Defender¥MpCmdRun.exe
- Arguments : Scan -ScheduleJob -ScanTrigger 55

+ Task
+ RegistrationInfo
- Description : 定期的な検証タスクです。
- URI : ¥Microsoft¥Windows¥Windows Defender¥Windows Defender Verification
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P1DT1H
+ Triggers
+ Actions
+ Exec
- Command : C:¥Program Files¥Windows Defender¥MpCmdRun.exe
- Arguments : -IdleTask -TaskName WdVerification

+ Task
+ RegistrationInfo
- Version : 1.5
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)
- Source : $(@%SystemRoot%¥system32¥wer.dll,-292)
- Author : $(@%SystemRoot%¥system32¥wer.dll,-293)
- Description : $(@%SystemRoot%¥system32¥wer.dll,-294)
- URI : ¥Microsoft¥Windows¥Windows Error Reporting¥QueueReporting
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT4H
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ BootTrigger
- Delay : PT3M
+ WnfStateChangeTrigger
- StateName : 7510BCA33A0B9441
- Data : 01
+ WnfStateChangeTrigger
- StateName : 7510BCA33E0B8441
- Data : 03
+ TimeTrigger
- StartBoundary : 2024-04-22T14:52:23+09:00
+ Repetition
- Interval : PT30M
- RandomDelay : PT30M
+ Actions
+ Exec
- Command : %windir%¥system32¥wermgr.exe
- Arguments : -upload

+ Task
+ RegistrationInfo
- Author : $(@%SystemRoot%¥system32¥bfe.dll,-2001)
- Description : $(@%SystemRoot%¥system32¥bfe.dll,-2002)
- URI : ¥Microsoft¥Windows¥Windows Filtering Platform¥BfeOnServiceStartTypeChange
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- AllowHardTerminate : false
- AllowStartOnDemand : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Hidden : true
- MultipleInstancesPolicy : Queue
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ EventTrigger
- Subscription : <QueryList><Query Id="0" Path="System"><Select Path="System">*/System/Provider[@Name='Service Control Manager'] and */System/EventID='7040' and */EventData/Data[@Name='param4']='BFE'</Select></Query></QueryList>
+ Actions
+ Exec
- Command : %windir%¥system32¥rundll32.exe
- Arguments : bfe.dll,BfeOnServiceStartTypeChange

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)
- Author : $(@%ProgramFiles%¥Windows Media Player¥wmpnscfg.exe,-1001)
- Description : $(@%ProgramFiles%¥Windows Media Player¥wmpnscfg.exe,-1002)
- URI : ¥Microsoft¥Windows¥Windows Media Sharing¥UpdateLibrary
+ Principals
+ Principal
- GroupId : S-1-5-11
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : Parallel
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ EventTrigger
- Subscription : <QueryList>
<Query
Id="0"
Path="System"
>
<Select Path="System">*[System[Provider[@Name='Microsoft-Windows-WMPNSS-Service'] and (EventID=14210)]]</Select>
</Query>
</QueryList>
+ Actions
+ Exec
- Command : "%ProgramFiles%¥Windows Media Player¥wmpnscfg.exe"

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FWFR;;;BU)
- Source : $(@%SystemRoot%¥system32¥mscms.dll,-200)
- Author : $(@%SystemRoot%¥system32¥mscms.dll,-201)
- Description : $(@%SystemRoot%¥system32¥mscms.dll,-202)
- URI : ¥Microsoft¥Windows¥WindowsColorSystem¥Calibration Loader
+ Principals
+ Principal
- GroupId : S-1-5-32-545
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : Queue
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
+ SessionStateChangeTrigger
- StateChange : ConsoleConnect
+ Actions
+ ComHandler
- ClassId : {B210D694-C8DF-490D-9576-9E20CDBC20BD}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FA;;;BA)
- Source : Microsoft Corporation.
- Author : Microsoft Corporation.
- Description : このタスクは、スキャンなどのスケジュールした操作を実行する必要がある場合に、Windows Update サービスを開始するために使用されます。
- URI : ¥Microsoft¥Windows¥WindowsUpdate¥Scheduled Start
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- AllowStartOnDemand : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2024-04-23T09:01:44+09:00
- RandomDelay : PT1M
+ SessionStateChangeTrigger
- Enabled : false
- StateChange : ConsoleDisconnect
+ SessionStateChangeTrigger
- Enabled : false
- StateChange : RemoteDisconnect
+ WnfStateChangeTrigger
- Enabled : false
- StateName : 7508BCA3380C960C
- Data : 01
+ Actions
+ Exec
- Command : C:¥Windows¥system32¥sc.exe
- Arguments : start wuauserv

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;0x001200a9;;;BU)(A;;0x001200a9;;;WD)(A;;0x001200a9;;;LW)
- Author : $(@%systemroot%¥system32¥wininet.dll,-16000)
- Description : $(@%systemroot%¥system32¥wininet.dll,-16001)
- URI : ¥Microsoft¥Windows¥Wininet¥CacheTask
+ Principals
+ Principal
- GroupId : S-1-5-32-545
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : Parallel
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
+ Actions
+ ComHandler
- ClassId : {0358B920-0AC7-461F-98F4-58E32CD89148}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:AI(A;;FA;;;NS)(A;;GA;;;SY)(A;ID;FA;;;BA)(A;ID;GRGX;;;AU)
- Description : $(@%SystemRoot%¥system32¥dsregcmd.exe,-101)
- URI : ¥Microsoft¥Windows¥Workplace Join¥Automatic-Device-Join
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT5M
- MultipleInstancesPolicy : IgnoreNew
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
- Delay : PT1M
+ EventTrigger
+ Repetition
- Interval : PT1H
- Duration : P1D
- Subscription : <QueryList><Query Id="0" Path="Microsoft-Windows-User Device Registration/Admin"><Select Path="Microsoft-Windows-User Device Registration/Admin">*[System[Provider[@Name='Microsoft-Windows-User Device Registration'] and EventID=4096]]</Select></Query></QueryList>
+ Actions
+ Exec
- Command : %SystemRoot%¥System32¥dsregcmd.exe
- Arguments : $(Arg0) $(Arg1) $(Arg2)

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:AI(A;;FA;;;NS)(A;;GA;;;SY)(A;ID;FA;;;BA)(A;ID;GRGX;;;AU)
- Description : $(@%SystemRoot%¥system32¥dsregcmd.exe,-102)
- URI : ¥Microsoft¥Windows¥Workplace Join¥Recovery-Check
+ Principals
+ Principal
- GroupId : S-1-5-4
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT2H
- MultipleInstancesPolicy : Queue
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
+ Actions
+ Exec
- Command : %SystemRoot%¥System32¥dsregcmd.exe
- Arguments : /checkrecovery
70626 - Microsoft Windows AutoRuns Services and Drivers
-
Synopsis
Report programs that are set to start automatically on boot as a service or driver.
Description
Report the registry keys that track programs that are set to start on boot as a service.

These programs can start as a system wide service or be loaded as a driver.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2024/03/26
Plugin Output

tcp/0


+ HKLM\System\CurrentControlSet\Services
Drivers :
+ Madb
- %SystemRoot%\System32\dsamain.exe -sn:Madb
- Auto Load
- AD LDS ん箍蠊

+ @%SystemRoot%\ADWS\adwsres.dll,-1
- %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe
- Auto Load
- @%SystemRoot%\ADWS\adwsres.dll,-2

+ @%SystemRoot%\system32\AJRouter.dll,-2
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\AJRouter.dll,-1

+ @%SystemRoot%\system32\Alg.exe,-112
- %SystemRoot%\System32\alg.exe
- Load on Demand
- @%SystemRoot%\system32\Alg.exe,-113

+ Agentless Management Service
- "C:\Program Files\OEM\AMS\service\ams.exe"
- Auto Load
- Provides out of band management system with OS-level Agentless Management information and Active Health System events.

+ @%systemroot%\system32\appidsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\appidsvc.dll,-101

+ @%systemroot%\system32\appinfo.dll,-100
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%systemroot%\system32\appinfo.dll,-101

+ @appmgmts.dll,-3250
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @appmgmts.dll,-3251

+ @%SystemRoot%\System32\AppReadiness.dll,-1000
- %SystemRoot%\System32\svchost.exe -k AppReadiness -p
- Load on Demand
- @%SystemRoot%\System32\AppReadiness.dll,-1001

+ @%systemroot%\system32\AppVClient.exe,-102
- %systemroot%\system32\AppVClient.exe
- disabled
- @%systemroot%\system32\AppVClient.exe,-101

+ @%SystemRoot%\system32\appxdeploymentserver.dll,-1
- %systemroot%\system32\svchost.exe -k wsappx -p
- Load on Demand
- @%SystemRoot%\system32\appxdeploymentserver.dll,-2

+ @%SystemRoot%\system32\AudioEndpointBuilder.dll,-204
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\AudioEndpointBuilder.dll,-205

+ @%SystemRoot%\system32\audiosrv.dll,-200
- %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\audiosrv.dll,-201

+ @%SystemRoot%\system32\AxInstSV.dll,-103
- %SystemRoot%\system32\svchost.exe -k AxInstSVGroup
- disabled
- @%SystemRoot%\system32\AxInstSV.dll,-104

+ AzureAttestService
- C:\Windows\system32\svchost.exe -k AzureAttestService
- Auto Load
-

+ @%SystemRoot%\system32\bfe.dll,-1001
- %systemroot%\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
- Auto Load
- @%SystemRoot%\system32\bfe.dll,-1002

+ @%SystemRoot%\system32\qmgr.dll,-1000
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\system32\qmgr.dll,-1001

+ @%windir%\system32\bisrv.dll,-100
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Auto Load
- @%windir%\system32\bisrv.dll,-101

+ @%SystemRoot%\system32\BTAGService.dll,-101
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\BTAGService.dll,-102

+ @%SystemRoot%\system32\BthAvctpSvc.dll,-101
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Load on Demand
- @%SystemRoot%\system32\BthAvctpSvc.dll,-102

+ @%SystemRoot%\System32\bthserv.dll,-101
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Load on Demand
- @%SystemRoot%\System32\bthserv.dll,-102

+ @%SystemRoot%\system32\CapabilityAccessManager.dll,-1
- %SystemRoot%\system32\svchost.exe -k appmodel -p
- Load on Demand
- @%SystemRoot%\system32\CapabilityAccessManager.dll,-2

+ @%SystemRoot%\system32\cdpsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Auto Load
- @%SystemRoot%\system32\cdpsvc.dll,-101

+ @%SystemRoot%\System32\certprop.dll,-11
- %SystemRoot%\system32\svchost.exe -k netsvcs
- Auto Load
- @%SystemRoot%\System32\certprop.dll,-12

+ @%SystemRoot%\system32\ClipSVC.dll,-103
- %SystemRoot%\System32\svchost.exe -k wsappx -p
- Load on Demand
- @%SystemRoot%\system32\ClipSVC.dll,-104

+ @comres.dll,-947
- %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
- Load on Demand
- @comres.dll,-948

+ @%SystemRoot%\system32\coremessaging.dll,-1
- %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork -p
- Auto Load
- @%SystemRoot%\system32\coremessaging.dll,-2

+ @%SystemRoot%\system32\cryptsvc.dll,-1001
- %SystemRoot%\system32\svchost.exe -k NetworkService -p
- Auto Load
- @%SystemRoot%\system32\cryptsvc.dll,-1002

+ @%systemroot%\system32\cscsvc.dll,-200
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- disabled
- @%systemroot%\system32\cscsvc.dll,-201

+ @combase.dll,-5012
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Auto Load
- @combase.dll,-5013

+ @%SystemRoot%\system32\defragsvc.dll,-101
- %SystemRoot%\system32\svchost.exe -k defragsvc
- Load on Demand
- @%SystemRoot%\system32\defragsvc.dll,-102

+ @%SystemRoot%\system32\das.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\das.dll,-101

+ @%SystemRoot%\system32\umpnpmgr.dll,-100
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Load on Demand
- @%SystemRoot%\system32\umpnpmgr.dll,-101

+ @%SystemRoot%\system32\DevQueryBroker.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\DevQueryBroker.dll,-101

+ @%systemroot%\system32\dfssvc.exe,-101
- %SystemRoot%\system32\dfssvc.exe
- Auto Load
- @%systemroot%\system32\dfssvc.exe,-102

+ @dfsrress.dll,-101
- %SystemRoot%\system32\DFSRs.exe
- Auto Load
- @dfsrress.dll,-102

+ @%SystemRoot%\system32\dhcpcore.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Auto Load
- @%SystemRoot%\system32\dhcpcore.dll,-101

+ @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000
- %SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
- Load on Demand
- @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1001

+ @%SystemRoot%\system32\diagtrack.dll,-3001
- %SystemRoot%\System32\svchost.exe -k utcsvc -p
- Auto Load
- @%SystemRoot%\system32\diagtrack.dll,-3002

+ @%systemroot%\system32\Windows.Internal.Management.dll,-100
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%systemroot%\system32\Windows.Internal.Management.dll,-101

+ @%SystemRoot%\system32\dmwappushsvc.dll,-200
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- disabled
- @%SystemRoot%\system32\dmwappushsvc.dll,-201

+ @%systemroot%\system32\dns.exe,-49157
- %systemroot%\system32\dns.exe
- Auto Load
- @%systemroot%\system32\dns.exe,-49158

+ @%SystemRoot%\System32\dnsapi.dll,-101
- %SystemRoot%\system32\svchost.exe -k NetworkService -p
- Auto Load
- @%SystemRoot%\System32\dnsapi.dll,-102

+ @%systemroot%\system32\dosvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k NetworkService -p
- Load on Demand
- @%systemroot%\system32\dosvc.dll,-101

+ @%systemroot%\system32\dot3svc.dll,-1102
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\dot3svc.dll,-1103

+ @%systemroot%\system32\dps.dll,-500
- %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork -p
- Auto Load
- @%systemroot%\system32\dps.dll,-501

+ @%SystemRoot%\system32\DeviceSetupManager.dll,-1000
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\system32\DeviceSetupManager.dll,-1001

+ @%SystemRoot%\System32\dsrolesrv.dll,-1
- %SystemRoot%\System32\lsass.exe
- Load on Demand
- @%SystemRoot%\System32\dsrolesrv.dll,-2

+ @%SystemRoot%\system32\dssvc.dll,-10003
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\dssvc.dll,-10002

+ @%systemroot%\system32\eapsvc.dll,-1
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%systemroot%\system32\eapsvc.dll,-2

+ @%SystemRoot%\system32\efssvc.dll,-100
- %SystemRoot%\System32\lsass.exe
- Load on Demand
- @%SystemRoot%\system32\efssvc.dll,-101

+ @%SystemRoot%\system32\embeddedmodesvc.dll,-201
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\embeddedmodesvc.dll,-202

+ @EnterpriseAppMgmtSvc.dll,-1
- %systemroot%\system32\svchost.exe -k appmodel -p
- Load on Demand
- @EnterpriseAppMgmtSvc.dll,-2

+ Trellix ePolicy Orchestrator 5.10.0 迭悬
- "C:\Program Files (x86)\Trellix\ePolicy Orchestrator\Apache2\bin\Apache.exe" -k runservice
- Auto Load
- Apache/2.4.56 (Win32) OpenSSL/1.0.2zg-fips

+ Trellix ePolicy Orchestrator 5.10.0 べ笕 腰迭
- "C:\Program Files (x86)\Trellix\ePolicy Orchestrator\EventParser.exe"
- Auto Load
- Trellix ePolicy Orchestrator 5.10.0 べ笕 腰迭 迭庸.

+ Trellix ePolicy Orchestrator 5.10.0 ⒆瓯珞 迭悬
- "C:\Program Files (x86)\Trellix\ePolicy Orchestrator\Server\bin\tomcat9.exe" //RS//EPOTOMCATSRV5100
- Auto Load
- Trellix ePolicy Orchestrator 5.10.0 ⒆瓯珞 迭悬 迭庸.

+ @%SystemRoot%\system32\wevtsvc.dll,-200
- %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p
- Auto Load
- @%SystemRoot%\system32\wevtsvc.dll,-201

+ @comres.dll,-2450
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Auto Load
- @comres.dll,-2451

+ @%systemroot%\system32\fdPHost.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Load on Demand
- @%systemroot%\system32\fdPHost.dll,-101

+ @%systemroot%\system32\fdrespub.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
- Load on Demand
- @%systemroot%\system32\fdrespub.dll,-101

+ @%systemroot%\system32\FntCache.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Auto Load
- @%systemroot%\system32\FntCache.dll,-101

+ @%systemroot%\system32\FrameServer.dll,-100
- %SystemRoot%\System32\svchost.exe -k Camera
- Load on Demand
- @%systemroot%\system32\FrameServer.dll,-101

+ @gpapi.dll,-112
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @gpapi.dll,-113

+ @%SystemRoot%\system32\GraphicsPerfSvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k GraphicsPerfSvcGroup
- disabled
- @%SystemRoot%\system32\GraphicsPerfSvc.dll,-101

+ @%SystemRoot%\System32\hidserv.dll,-101
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\hidserv.dll,-102

+ HPE Smart ㈧AS/SATAべ笕.宓 - "C:\Program Files\HPE\HpePqiESrv\hpepqiesrv.exe"
- Auto Load
- The HPE Smart Array SAS/SATA Event Notification Service provides event notification to the Windows system event log, HPE ProLiant Integrated Management Log and HPE Integrity System Event Log for systems using the HPE Smart Array SAS/SATA controller driver.

+ @%SystemRoot%\system32\hvhostsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\hvhostsvc.dll,-101

+ @%SystemRoot%\System32\tetheringservice.dll,-4097
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- disabled
- @%SystemRoot%\System32\tetheringservice.dll,-4098

+ @%SystemRoot%\system32\ikeext.dll,-501
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%SystemRoot%\system32\ikeext.dll,-502

+ @%SystemRoot%\system32\InstallService.dll,-200
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\system32\InstallService.dll,-201

+ @%SystemRoot%\system32\iphlpsvc.dll,-500
- %SystemRoot%\System32\svchost.exe -k NetSvcs -p
- Auto Load
- @%SystemRoot%\system32\iphlpsvc.dll,-501

+ @%SystemRoot%\System32\ismserv.exe,-1
- %SystemRoot%\System32\ismserv.exe
- Auto Load
- @%SystemRoot%\System32\ismserv.exe,-2

+ @%SystemRoot%\System32\kdcsvc.dll,-1
- %SystemRoot%\System32\lsass.exe
- Auto Load
- @%SystemRoot%\System32\kdcsvc.dll,-2

+ @KdsSvc.dll,-100
- %SystemRoot%\system32\lsass.exe
- Load on Demand
- @KdsSvc.dll,-101

+ @keyiso.dll,-100
- %SystemRoot%\system32\lsass.exe
- Load on Demand
- @keyiso.dll,-101

+ @%systemroot%\system32\kpssvc.dll,-100
- %systemroot%\system32\svchost.exe -k KpsSvcGroup
- Load on Demand
- @%systemroot%\system32\kpssvc.dll,-101

+ @comres.dll,-2946
- %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation -p
- Load on Demand
- @comres.dll,-2947

+ @%systemroot%\system32\srvsvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k smbsvcs
- Auto Load
- @%systemroot%\system32\srvsvc.dll,-101

+ @%systemroot%\system32\wkssvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k NetworkService -p
- Auto Load
- @%systemroot%\system32\wkssvc.dll,-101

+ @%SystemRoot%\System32\lfsvc.dll,-1
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- disabled
- @%SystemRoot%\System32\lfsvc.dll,-2

+ @%SystemRoot%\system32\licensemanagersvc.dll,-200
- %SystemRoot%\System32\svchost.exe -k LocalService -p
- Load on Demand
- @%SystemRoot%\system32\licensemanagersvc.dll,-201

+ @%SystemRoot%\system32\lltdres.dll,-1
- %SystemRoot%\System32\svchost.exe -k LocalService -p
- disabled
- @%SystemRoot%\system32\lltdres.dll,-2

+ @%SystemRoot%\system32\lmhsvc.dll,-101
- %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\lmhsvc.dll,-102

+ @%windir%\system32\lsm.dll,-1001
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Auto Load
- @%windir%\system32\lsm.dll,-1002

+ Trellix Agent Common Services
- "C:\Program Files\McAfee\Agent\macmnsvc.exe" /ServiceStart
- Auto Load
- Trellix Agent Common Services

+ @%SystemRoot%\System32\moshost.dll,-100
- %SystemRoot%\System32\svchost.exe -k NetworkService -p
- disabled
- @%SystemRoot%\System32\moshost.dll,-101

+ EVEMA Pwd Notifier service
- "C:\Program Files\DDS\EVEMA\Client\MAPwdNotifier.exe" -k
- Auto Load
- EVEMA Pwd Notifier service

+ EVEMA Server Service
- "C:\Program Files\DDS\EVEMA\Server\MAServer.exe" -k
- Auto Load
- EVEMA Server Service

+ Trellix Agent Service
- "C:\Program Files\McAfee\Agent\masvc.exe" /ServiceStart
- Auto Load
- Trellix Agent Service

+ Trellix Agent Backwards Compatibility Service
- "C:\Program Files\McAfee\Agent\x86\macompatsvc.exe"
- Load on Demand
- Trellix Agent Backwards Compatibility Service

+ McnMon
- C:\newscp\mac\AppCommon\bin\McnMon.exe -envfilepath C:\newscp\mac\McnMon\config\env.ini
- Auto Load
- 昱n_h銝醉伴郬SFC.gY.

+ Trellix Firewall Core Service
- "C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe"
- Load on Demand
- Provides firewall services to Trellix products

+ Trellix Service Controller
- "C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe"
- Auto Load
- Manages Trellix Services

+ Trellix Validation Trust Protection Service
- "C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe"
- Load on Demand
- Provides validation trust protection services

+ Trellix Endpoint Security Web Control Service
- "C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\mfewc.exe"
- Auto Load
- Trellix Endpoint Security Web 迭庸

+ Trellix Mobile Plugin Service
- "C:\Program Files (x86)\Trellix\ePolicy Orchestrator\MobilePluginService.exe"
- Load on Demand
- Trellix Mobile Plugin Service

+ @%SystemRoot%\system32\FirewallAPI.dll,-23090
- %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
- Auto Load
- @%SystemRoot%\system32\FirewallAPI.dll,-23091

+ @comres.dll,-2797
- %SystemRoot%\System32\msdtc.exe
- Auto Load
- @comres.dll,-2798

+ @%SystemRoot%\system32\iscsidsc.dll,-5000
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\system32\iscsidsc.dll,-5001

+ @%SystemRoot%\system32\msimsg.dll,-27
- %systemroot%\system32\msiexec.exe /V
- Load on Demand
- @%SystemRoot%\system32\msimsg.dll,-32

+ SQL Full-text Filter Daemon Launcher (MSSQLSERVER)
- "C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe" -s MSSQL16.MSSQLSERVER
- Load on Demand
- 针骗谷 眨肟屈怏 醉还 (SQL Server 针骗谷."(n森遽笕n眨肟.hX.婃.挓L) 抴誝嫷筭Y.Sn迭庸筴Y媓.SQL Server g针骗谷."L烲gMjOj妦Y.

+ SQL Server (MSSQLSERVER)
- "C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
- Auto Load
- 谷禳屈縩h6宊还.J坰j乳蠖珞捫沇~Y.

+ @%SystemRoot%\system32\ncasvc.dll,-3009
- %SystemRoot%\System32\svchost.exe -k NetSvcs -p
- Load on Demand
- @%SystemRoot%\system32\ncasvc.dll,-3008

+ @%SystemRoot%\system32\ncbservice.dll,-500
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\ncbservice.dll,-501

+ @%SystemRoot%\System32\netlogon.dll,-102
- %systemroot%\system32\lsass.exe
- Auto Load
- @%SystemRoot%\System32\netlogon.dll,-103

+ @%SystemRoot%\system32\netman.dll,-109
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\netman.dll,-110

+ @%SystemRoot%\system32\netprofmsvc.dll,-202
- %SystemRoot%\System32\svchost.exe -k LocalService -p
- Load on Demand
- @%SystemRoot%\system32\netprofmsvc.dll,-203

+ @%SystemRoot%\system32\NetSetupSvc.dll,-3
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\system32\NetSetupSvc.dll,-4

+ @%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8201
- %systemroot%\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
- disabled
- @%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8200

+ @%SystemRoot%\System32\NgcCtnrSvc.dll,-1
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\NgcCtnrSvc.dll,-2

+ @%SystemRoot%\System32\ngcsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\ngcsvc.dll,-101

+ @%SystemRoot%\System32\nlasvc.dll,-1
- %SystemRoot%\System32\svchost.exe -k NetworkService -p
- Auto Load
- @%SystemRoot%\System32\nlasvc.dll,-2

+ @%SystemRoot%\system32\nsisvc.dll,-200
- %systemroot%\system32\svchost.exe -k LocalService -p
- Auto Load
- @%SystemRoot%\system32\nsisvc.dll,-201

+ @%SystemRoot%\System32\ntdsmsg.dll,-1
- %SystemRoot%\System32\lsass.exe
- Auto Load
- @%SystemRoot%\System32\ntdsmsg.dll,-2

+ @ntfrsres.dll,-130
- %SystemRoot%\system32\ntfrs.exe
- disabled
- @ntfrsres.dll,-131

+ @%SystemRoot%\system32\pcasvc.dll,-1
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\pcasvc.dll,-2

+ @%systemroot%\sysWow64\perfhost.exe,-2
- %SystemRoot%\SysWow64\perfhost.exe
- Load on Demand
- @%systemroot%\SysWow64\perfhost.exe,-1

+ @%SystemRoot%\system32\PhoneserviceRes.dll,-10000
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- disabled
- @%SystemRoot%\system32\PhoneserviceRes.dll,-10001

+ @%systemroot%\system32\pla.dll,-500
- %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork -p
- Load on Demand
- @%systemroot%\system32\pla.dll,-501

+ @%SystemRoot%\system32\umpnpmgr.dll,-200
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Load on Demand
- @%SystemRoot%\system32\umpnpmgr.dll,-101

+ @%SystemRoot%\System32\polstore.dll,-5010
- %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\polstore.dll,-5011

+ @%SystemRoot%\system32\umpo.dll,-100
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Auto Load
- @%SystemRoot%\system32\umpo.dll,-101

+ @%systemroot%\system32\profsvc.dll,-300
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%systemroot%\system32\profsvc.dll,-301

+ @%SystemRoot%\system32\pushtoinstall.dll,-200
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- disabled
- @%SystemRoot%\system32\pushtoinstall.dll,-201

+ @%SystemRoot%\system32\qwave.dll,-1
- %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
- Load on Demand
- @%SystemRoot%\system32\qwave.dll,-2

+ @%Systemroot%\system32\rasauto.dll,-200
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%Systemroot%\system32\rasauto.dll,-201

+ @%Systemroot%\system32\rasmans.dll,-200
- %SystemRoot%\System32\svchost.exe -k netsvcs
- Auto Load
- @%Systemroot%\system32\rasmans.dll,-201

+ @%Systemroot%\system32\mprdim.dll,-200
- %SystemRoot%\System32\svchost.exe -k netsvcs
- disabled
- @%Systemroot%\system32\mprdim.dll,-201

+ @regsvc.dll,-1
- %SystemRoot%\system32\svchost.exe -k localService -p
- Auto Load
- @regsvc.dll,-2

+ @%SystemRoot%\system32\RMapi.dll,-1001
- %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
- disabled
- @%SystemRoot%\system32\RMapi.dll,-1002

+ @%windir%\system32\RpcEpMap.dll,-1001
- %SystemRoot%\system32\svchost.exe -k RPCSS -p
- Auto Load
- @%windir%\system32\RpcEpMap.dll,-1002

+ @%systemroot%\system32\Locator.exe,-2
- %SystemRoot%\system32\locator.exe
- Load on Demand
- @%systemroot%\system32\Locator.exe,-3

+ @combase.dll,-5010
- %SystemRoot%\system32\svchost.exe -k rpcss -p
- Auto Load
- @combase.dll,-5011

+ @gpapi.dll,-114
- %SystemRoot%\system32\RSoPProv.exe
- Load on Demand
- @gpapi.dll,-115

+ @%systemroot%\system32\sacsvr.dll,-500
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%systemroot%\system32\sacsvr.dll,-501

+ @%SystemRoot%\system32\samsrv.dll,-1
- %SystemRoot%\system32\lsass.exe
- Auto Load
- @%SystemRoot%\system32\samsrv.dll,-2

+ @%SystemRoot%\System32\SCardSvr.dll,-1
- %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
- Auto Load
- @%SystemRoot%\System32\SCardSvr.dll,-5

+ @%SystemRoot%\System32\ScDeviceEnum.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- disabled
- @%SystemRoot%\System32\ScDeviceEnum.dll,-101

+ @%SystemRoot%\system32\schedsvc.dll,-100
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%SystemRoot%\system32\schedsvc.dll,-101

+ @%SystemRoot%\System32\certprop.dll,-13
- %SystemRoot%\system32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\System32\certprop.dll,-14

+ @%SystemRoot%\system32\seclogon.dll,-7001
- %windir%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\system32\seclogon.dll,-7000

+ @%systemroot%\system32\SecurityHealthAgent.dll,-1002
- %SystemRoot%\system32\SecurityHealthService.exe
- Load on Demand
- @%systemroot%\system32\SecurityHealthAgent.dll,-1001

+ @%SystemRoot%\System32\SEMgrSvc.dll,-1001
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- disabled
- @%SystemRoot%\System32\SEMgrSvc.dll,-1002

+ @%SystemRoot%\system32\Sens.dll,-200
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%SystemRoot%\system32\Sens.dll,-201

+ @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001
- "%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe"
- Load on Demand
- @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1002

+ @%SystemRoot%\system32\SensorDataService.exe,-101
- %SystemRoot%\System32\SensorDataService.exe
- disabled
- @%SystemRoot%\system32\SensorDataService.exe,-102

+ @%SystemRoot%\System32\sensorservice.dll,-1000
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\sensorservice.dll,-1001

+ @%SystemRoot%\System32\sensrsvc.dll,-1000
- %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
- Load on Demand
- @%SystemRoot%\System32\sensrsvc.dll,-1001

+ @%SystemRoot%\System32\SessEnv.dll,-1026
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\System32\SessEnv.dll,-1027

+ @%SystemRoot%\System32\SgrmBroker.exe,-100
- %SystemRoot%\system32\SgrmBroker.exe
- Load on Demand
- @%SystemRoot%\System32\SgrmBroker.exe,-101

+ @%SystemRoot%\system32\ipnathlp.dll,-106
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- disabled
- @%SystemRoot%\system32\ipnathlp.dll,-107

+ @%SystemRoot%\System32\shsvcs.dll,-12288
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Auto Load
- @%SystemRoot%\System32\shsvcs.dll,-12289

+ @%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- disabled
- @%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-101

+ System Management Assistant Service
- "C:\Program Files\OEM\AMS\service\sma.exe"
- disabled
- Provides OS-level inband and out of band Agentless Management information and Active Health System events.

+ @%SystemRoot%\System32\smphost.dll,-102
- %SystemRoot%\System32\svchost.exe -k smphost
- Load on Demand
- @%SystemRoot%\System32\smphost.dll,-101

+ @firewallapi.dll,-50323
- %SystemRoot%\System32\snmptrap.exe
- Load on Demand
- @firewallapi.dll,-50324

+ @%SystemRoot%\system32\sppsvc.exe,-101
- %SystemRoot%\system32\sppsvc.exe
- Auto Load
- @%SystemRoot%\system32\sppsvc.exe,-100

+ SQL Server Browser
- "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
- Auto Load
- SQL Server 挴椁Ⅲ丑藻黭.歐~Y.

+ SQL Server 抚笕 (MSSQLSERVER)
- "C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -i MSSQLSERVER
- Load on Demand
- 哥謓烲.SQL Server n銝.fJn.鍜LD.
70629 - Microsoft Windows AutoRuns Winlogon
-
Synopsis
Report programs that startup associates with the winlogon process.
Description
Report the startup locations associated with the winlogon process.

These values could add features to the logon process, assist in authentication, or set screen savers.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2024/03/26
Plugin Output

tcp/0


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers
+ CLSID : {1b283861-754f-4022-ad47-a5eaaa618894}
- Name : Smartcard Reader Selection Provider
- Value : %SystemRoot%\system32\SmartcardCredentialProvider.dll

+ CLSID : {1ee7337f-85ac-45e2-a23c-37c753209769}
- Name : Smartcard WinRT Provider
- Value : %SystemRoot%\system32\SmartcardCredentialProvider.dll

+ CLSID : {2135f72a-90b5-4ed3-a7f1-8bb705ac276a}
- Name : PicturePasswordLogonProvider
- Value : %SystemRoot%\system32\credprovslegacy.dll

+ CLSID : {25CBB996-92ED-457e-B28C-4774084BD562}
- Name : GenericProvider
- Value : %SystemRoot%\system32\credprovs.dll

+ CLSID : {27FBDB57-B613-4AF2-9D7E-4FA7A66C21AD}
- Name : TrustedSignal Credential Provider
- Value : %systemroot%\system32\TrustedSignalCredProv.dll

+ CLSID : {3dd6bec0-8193-4ffe-ae25-e08e39ea4063}
- Name : NPProvider
- Value : %SystemRoot%\system32\credprovs.dll

+ CLSID : {48B4E58D-2791-456C-9091-D524C6C706F2}
- Name : Secondary Authentication Factor Credential Provider
- Value : C:\Windows\System32\devicengccredprov.dll

+ CLSID : {600e7adb-da3e-41a4-9225-3c0399e88c0c}
- Name : CngCredUICredentialProvider
- Value : %systemroot%\system32\cngcredui.dll

+ CLSID : {60b78e88-ead8-445c-9cfd-0b87f74ea6cd}
- Name : PasswordProvider
- Value : %SystemRoot%\system32\credprovs.dll

+ CLSID : {8FD7E19C-3BF7-489B-A72C-846AB3678C96}
- Name : Smartcard Credential Provider
- Value : %SystemRoot%\system32\SmartcardCredentialProvider.dll

+ CLSID : {94596c7e-3744-41ce-893e-bbf09122f76a}
- Name : Smartcard Pin Provider
- Value : %SystemRoot%\system32\SmartcardCredentialProvider.dll

+ CLSID : {BEC09223-B018-416D-A0AC-523971B639F5}
- Name : WinBio Credential Provider
- Value : %SystemRoot%\System32\BioCredProv.dll

+ CLSID : {C5D7540A-CD51-453B-B22B-05305BA03F07}
- Name : Cloud Experience Credential Provider
- Value : C:\Windows\System32\cxcredprov.dll

+ CLSID : {cb82ea12-9f71-446d-89e1-8d0924e1256e}
- Name : PINLogonProvider
- Value : %SystemRoot%\system32\credprovslegacy.dll

+ CLSID : {D6886603-9D2F-4EB2-B667-1971041FA96B}
- Name : NGC Credential Provider
- Value : C:\Windows\System32\ngccredprov.dll

+ CLSID : {e74e57b0-6c6d-44d5-9cda-fb2df5ed7435}
- Name : CertCredProvider
- Value : %systemroot%\system32\certCredProvider.dll

+ CLSID : {F8A0B131-5F68-486c-8040-7E8FC3C85BB6}
- Name : WLIDCredentialProvider
- Value : %SystemRoot%\system32\wlidcredprov.dll

+ CLSID : {F8A1793B-7873-4046-B2A7-1F318747F427}
- Name : FIDO Credential Provider
- Value : %systemroot%\system32\fidocredprov.dll


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters
+ CLSID : {DDC0EED2-ADBE-40b6-A217-EDE16A79A0DE}
- Name : GenericFilter
- Value : %SystemRoot%\system32\credprovs.dll


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\PLAP Providers
+ CLSID : {5537E283-B1E7-4EF8-9C6E-7AB0AFE5056D}
- Name : RasProvider
- Value : %SystemRoot%\system32\rasplap.dll




70630 - Microsoft Windows AutoRuns Winsock Provider
-
Synopsis
Report Winsock providers extensions.
Description
A Winsock provider is a type of Layered Service Provider (LSP) that can be used to control protocols by inserting itself into the TCP/IP stack. This can commonly be used to help filter web traffic, enable QoS type services, or anything to hook network traffic controls.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2024/03/26
Plugin Output

tcp/0


+ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries
- Name : AF_UNIX
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60100
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60101
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60102
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60200
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60201
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60202
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\wshqos.dll,-100
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\wshqos.dll,-101
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\wshqos.dll,-102
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\wshqos.dll,-103
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : MSAFD L2CAP [Bluetooth]
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : MSAFD RfComm [Bluetooth]
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : Hyper-V RAW
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll


+ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
- LibararyPath : %SystemRoot%\system32\napinsp.dll
- LibararyPath : %SystemRoot%\System32\mswsock.dll
- LibararyPath : %SystemRoot%\System32\winrnr.dll
- LibararyPath : %SystemRoot%\system32\NLAapi.dll
- LibararyPath : %SystemRoot%\system32\wshbth.dll


+ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
- Name : AF_UNIX
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60100
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60101
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60102
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60200
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60201
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60202
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\wshqos.dll,-100
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\wshqos.dll,-101
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\wshqos.dll,-102
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\wshqos.dll,-103
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : MSAFD L2CAP [Bluetooth]
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : MSAFD RfComm [Bluetooth]
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : Hyper-V RAW
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll


+ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
- LibararyPath : %SystemRoot%\system32\napinsp.dll
- LibararyPath : %SystemRoot%\System32\mswsock.dll
- LibararyPath : %SystemRoot%\System32\winrnr.dll
- LibararyPath : %SystemRoot%\system32\NLAapi.dll
- LibararyPath : %SystemRoot%\system32\wshbth.dll

92371 - Microsoft Windows DNS Cache
-
Synopsis
Nessus was able to collect and report DNS cache information from the remote host.
Description
Nessus was able to collect details of the DNS cache from the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2024/03/26
Plugin Output

tcp/0

1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
1.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
1.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
1.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
2.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
2.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
2.2.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
2.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
2.4.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
2.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
3.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
3.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
3.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
4.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
4.2.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
4.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
4.4.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
4.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
5.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
5.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
6.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
6.4.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
6.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
7.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
8.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
9.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
a.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
masked_hostname
masked_hostname
ad-server-2
ad-server-2
ana-server-1
ana-server-1
ana-server-2
ana-server-2
ana-server-app
ana-server-app
b.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
c.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
c2-server-1
c2-server-1
c2-server-2
c2-server-2
c2-server-app
c2-server-app
cld-conn-1
cld-conn-1
cld-conn-2
cld-conn-2
cld-conn-app
cld-conn-app
console-1
console-1
console-10
console-10
console-11
console-11
console-12
console-12
console-2
console-2
console-3
console-3
console-4
console-4
console-5
console-5
console-6
console-6
console-7
console-7
console-8
console-8
console-9
console-9
db-server-1
db-server-1
db-server-2
db-server-2
db-server-app
db-server-app
ewcp-conn-1
ewcp-conn-1
ewcp-conn-2
ewcp-conn-2
ewcp-conn-app
ewcp-conn-app
inf-server-1
inf-server-1
inf-server-2
inf-server-2
inf-server-app
inf-server-app

DNS cache information attached.
92363 - Microsoft Windows Device Logs
-
Synopsis
Nessus was able to collect available device logs from the remote host.
Description
Nessus was able to collect available device logs from the remote Windows host and add them as attachments.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output

tcp/0

Device logs attached.
92364 - Microsoft Windows Environment Variables
-
Synopsis
Nessus was able to collect and report environment variables from the remote host.
Description
Nessus was able to collect system and active account environment variables on the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0757
Plugin Information
Published: 2016/07/19, Modified: 2022/06/24
Plugin Output

tcp/0

Global Environment Variables :
processor_level : 6
comspec : %SystemRoot%\system32\cmd.exe
number_of_processors : 64
username : SYSTEM
os : Windows_NT
temp : %SystemRoot%\TEMP
processor_revision : 5507
path : C:\newscp\mac\McnMon\bin;C:\newscp\mac\AppCommon\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\\SUT\bin;C:\Program Files (x86)\Microsoft SQL Server\160\DTS\Binn\;C:\Program Files\Azure Data Studio\bin;C:\Program Files (x86)\Microsoft SQL Server\160\Tools\Binn\;C:\Program Files\Microsoft SQL Server\160\Tools\Binn\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn\;C:\Program Files\Microsoft SQL Server\160\DTS\Binn\;C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Scripts\;C:\Users\Administrator\AppData\Local\Programs\Python\Python311\;C:\Users\Administrator\AppData\Local\Microsoft\WindowsApps;;C:\Program Files\Azure Data Studio\bin;C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Scripts\;C:\Users\Administrator\AppData\Local\Programs\Python\Python311\;C:\Users\Administrator\AppData\Local\Microsoft\WindowsApps;;C:\Program Files\Azure Data Studio\bin
tmp : %SystemRoot%\TEMP
deflogdir : C:\ProgramData\McAfee\Endpoint Security\Logs
processor_identifier : Intel64 Family 6 Model 85 Stepping 7, GenuineIntel
driverdata : C:\Windows\System32\Drivers\DriverData
pathext : .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
processor_architecture : AMD64
psmodulepath : %ProgramFiles%\WindowsPowerShell\Modules;%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\Microsoft SQL Server\160\Tools\PowerShell\Modules\
windir : %SystemRoot%

Active User Environment Variables
- S-1-5-21-3388008032-3793481426-1508724218-500
temp : %USERPROFILE%\AppData\Local\Temp
path : C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Scripts\;C:\Users\Administrator\AppData\Local\Programs\Python\Python311\;%USERPROFILE%\AppData\Local\Microsoft\WindowsApps;;C:\Program Files\Azure Data Studio\bin
tmp : %USERPROFILE%\AppData\Local\Temp
92365 - Microsoft Windows Hosts File
-
Synopsis
Nessus was able to collect the hosts file from the remote host.
Description
Nessus was able to collect the hosts file from the remote Windows host and report it as attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2020/01/27
Plugin Output

tcp/0

Windows hosts file attached.

MD5: 8881cd59103c7591f6d3c5fbfbbff71e
SHA-1: bd7c97c036193f1ab7fb88f3c95784a7060766e1
SHA-256: f3441f307220c132584a7cb098c2c32e344f26e1a8ae8e3a4e779fe434b4dc61
187318 - Microsoft Windows Installed
-
Synopsis
The remote host is running Microsoft Windows.
Description
The remote host is running Microsoft Windows.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/12/27, Modified: 2024/04/02
Plugin Output

tcp/0


OS Name : Microsoft Windows Server 2019 1809
Vendor : Microsoft
Product : Windows Server
Release : 2019 1809
Edition : Standard
Version : 10.0.17763.2213
Role : server
Kernel : Windows NT 10.0
Architecture : x64
CPE v2.2 : cpe:/o:microsoft:windows_server_2019:10.0.17763.2213:-
CPE v2.3 : cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2213:-:any:*:standard:*:x64:*
Type : local
Method : SMB
Confidence : 100

20811 - Microsoft Windows Installed Software Enumeration (credentialed check)
-
Synopsis
It is possible to enumerate installed software.
Description
This plugin lists software potentially installed on the remote host by crawling the registry entries in :

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall HKLM\SOFTWARE\Microsoft\Updates

Note that these entries do not necessarily mean the applications are actually installed on the remote host - they may have been left behind by uninstallers, or the associated files may have been manually removed.
Solution
Remove any applications that are not compliant with your organization's acceptable use and security policies.
Risk Factor
None
References
XREF IAVT:0001-T-0501
Plugin Information
Published: 2006/01/26, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


The following software are installed on the remote host :

AD LDS ¤ó¹¿ó¹ Madb
Agentless Management Service [version 2.51.3.0]
Matrox Graphics Software (remove only) [version 4.5.0.5]
Trellix Agent [version 5.8.0.161]
Microsoft Help Viewer 2.3 [version 2.3.28307]
Microsoft SQL Server 2022 (64 ÓÃÈ)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 [version 14.36.32532] [installed on 2023/09/13]
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 [version 12.0.30501.0]
RESTful Interface Tool [version 3.6.0.0] [installed on 2023/07/05]
Visual Studio 2017 Isolated Shell for SSMS [version 15.0.28308.421] [installed on 2023/08/02]
SQL Server 2022 SQL Diagnostics [version 16.0.1000.6] [installed on 2023/08/07]
Microsoft SQL Server 2022 »ÃÈ¢Ã× (å,ž) [version 16.0.1000.6] [installed on 2023/08/07]
Microsoft SQL Server 2012 Native Client [version 11.3.6538.0] [installed on 2023/08/17]
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30139 [version 14.29.30139] [installed on 2023/08/02]
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30139 [version 14.29.30139] [installed on 2023/08/02]
Python 3.11.4 Development Libraries (64-bit) [version 3.11.4150.0] [installed on 2023/09/25]
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 [version 10.0.40219] [installed on 2023/08/03]
SQL Server 2022 (Ö馶ü [version 16.0.1000.6] [installed on 2023/08/07]
Smart Storage Administrator [version 6.15.11.0] [installed on 2023/07/03]
Python Launcher [version 3.11.4150.0] [installed on 2023/09/13]
SQL Server 2022 Full text search [version 16.0.1000.6] [installed on 2023/08/07]
SQL Server 2022 Data quality service [version 16.0.1000.6] [installed on 2023/08/07]
SQL Server Management Studio [version 19.1.56.0] [installed on 2023/08/02]
Trellix Endpoint Security iÜ‹..þV [version 10.7.0] [installed on 2023/12/16]
SQL Server Management Studio Language Pack - English [version 19.1.56.0] [installed on 2023/08/02]
NVMe Drive Eject NMI Fix [version 1.1.0.0] [installed on 2023/07/03]
MergeModule2012 [version 1.0.0] [installed on 2023/07/03]
Smart Storage Administrator CLI [version 6.15.11.0] [installed on 2023/07/03]
SQL Server 2022 Connection Info [version 16.0.1000.6] [installed on 2023/08/07]
Trellix Data Exchange Layer for TA [version 6.0.30995.0] [installed on 2023/12/15]
Python 3.11.4 Test Suite (64-bit) [version 3.11.4150.0] [installed on 2023/09/25]
Trellix Endpoint Security Web ¡. [version 10.7.0] [installed on 2023/12/16]
EVEMA Server (x64) 3.33.0.47573 [version 3.33.0.47573] [installed on 2023/09/15]
SQL Server 2022 DMF [version 16.0.1000.6] [installed on 2023/08/07]
Microsoft SQL Server 2022 RsFx Driver [version 16.0.1000.6] [installed on 2023/08/07]
Azure Data Studio [version 1.44.0] [installed on 2023/08/02]
SQL Server 2022 Database Engine Services [version 16.0.1000.6] [installed on 2023/08/07]
SQL Server 2022 Common Files [version 16.0.1000.6] [installed on 2023/08/07]
Microsoft Command Line Utilities 15 for SQL Server [version 15.0.4298.1] [installed on 2023/09/13]
SQL Server 2022 Shared Management Objects [version 16.0.1000.6] [installed on 2023/08/07]
Trellix Endpoint Security Õ¡¤¢¦©üë [version 10.7.0] [installed on 2023/12/16]
Microsoft VSS Writer for SQL Server 2022 [version 16.0.1000.6] [installed on 2023/08/07]
HPE Lights-Out ªóé¤ó-šæüÆ£êÆ£ [version 6.0.0.0] [installed on 2023/07/03]
Python 3.11.4 Add to Path (64-bit) [version 3.11.4150.0] [installed on 2023/09/25]
Microsoft Analysis Services OLE DB Provider [version 16.0.5143.0] [installed on 2023/08/02]
Python 3.11.4 Standard Library (64-bit) [version 3.11.4150.0] [installed on 2023/09/25]
SQL Server 2022 Batch Parser [version 16.0.1000.6] [installed on 2023/08/07]
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 [version 12.0.40664] [installed on 2023/08/02]
EVEMA Password Notifier Service (x64) 3.33.0.47573 [version 3.33.0.47573] [installed on 2023/09/26]
Trellix Endpoint Security ..þV [version 10.7.0] [installed on 2023/12/16]
Microsoft Visual Studio Tools for Applications 2019 x64 Hosting Support [version 16.0.31110] [installed on 2023/08/02]
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 [version 14.36.32532.0]
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30139 [version 14.29.30139.0]
Python 3.11.4 Utility Scripts (64-bit) [version 3.11.4150.0] [installed on 2023/09/25]
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 [version 12.0.21005] [installed on 2023/08/03]
SSMS Post Install Tasks [version 19.1.56.0] [installed on 2023/08/02]
Microsoft SQL Server Management Studio - 19.1 [version 19.1.56.0]
SQL Server 2022 XEvent [version 16.0.1000.6] [installed on 2023/08/07]
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 [version 12.0.40664.0]
SQL Server 2022 Shared Management Objects Extensions [version 16.0.1000.6] [installed on 2023/08/07]
Python 3.11.4 Tcl/Tk Support (64-bit) [version 3.11.4150.0] [installed on 2023/09/25]
HPE Smart ¢ì¤SAS/SATA¤ÙóÈ.åµüÓ¹ [version 1.2.1.67] [installed on 2023/07/03]
SQL Server 2022 Database Engine Shared [version 16.0.1000.6] [installed on 2023/08/07]
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 [version 12.0.21005] [installed on 2023/08/03]
Trellix Endpoint Security ×éÃÈÕ©üà [version 10.7.0] [installed on 2023/12/16]
SQL Server 2022 SQL Data Quality Common [version 16.0.1000.6] [installed on 2023/08/07]
Integration Services [version 16.0.5107.6] [installed on 2023/08/02]
Integrated Smart Update Tools for Windows [version 4.1.0.0] [installed on 2023/07/03]
Microsoft ODBC Driver 17 for SQL Server [version 17.10.4.1] [installed on 2023/09/13]
Microsoft OLE DB Driver for SQL Server [version 18.6.5.0] [installed on 2023/08/02]
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 [version 12.0.40664] [installed on 2023/08/02]
Smart Storage Administrator:­JˆsSSD Wear GaugeæüÆ£êÆ£ [version 6.15.11.0] [installed on 2023/07/03]
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 [version 14.36.32532] [installed on 2023/09/13]
Python 3.11.4 pip Bootstrap (64-bit) [version 3.11.4150.0] [installed on 2023/09/25]
Python 3.11.4 Executables (64-bit) [version 3.11.4150.0] [installed on 2023/09/25]
Trellix ePolicy Orchestrator (Service Pack 1) [version 5.10.0] [installed on 2023/08/17]
Microsoft Visual Studio Tools for Applications 2019 x86 Hosting Support [version 16.0.31110] [installed on 2023/08/02]
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [version 10.0.40219] [installed on 2023/08/03]
Python 3.11.4 Documentation (64-bit) [version 3.11.4150.0] [installed on 2023/09/25]
Python 3.11.4 Core Interpreter (64-bit) [version 3.11.4150.0] [installed on 2023/09/25]
Trellix Data Exchange Layer for TA [version 6.0.3.995]
Microsoft Visual Studio Tools for Applications 2019 [version 16.0.31110]

The following updates are installed :

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 :
KB2151757 [version 1] [installed on 2023/08/03]
KB2467173 [version 1] [installed on 2023/08/03]
KB982573 [version 1] [installed on 2023/08/03]
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 :
KB2151757 [version 1] [installed on 2023/08/03]
KB2467173 [version 1] [installed on 2023/08/03]
KB982573 [version 1] [installed on 2023/08/03]
178102 - Microsoft Windows Installed Software Version Enumeration
-
Synopsis
Enumerates installed software versions.
Description
This plugin enumerates the installed software version by interrogating information obtained from various registry entries and files on disk. This plugin provides a best guess at the software version and a confidence level for that version.

Note that the versions detected here do not necessarily indicate the actual installed version nor do they necessarily mean that the application is actually installed on the remote host. In some cases there may be artifacts left behind by uninstallers on the system.
Solution
Remove any applications that are not compliant with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2023/07/10, Modified: 2023/07/18
Plugin Output

tcp/445/cifs


The following software information is available on the remote host :

- Matrox Graphics Software (remove only)
Best Confidence Version : 4.5.0.5
Version Confidence Level : 2
All Possible Versions : 4.5.0.5
Other Version Data
[DisplayName] :
Raw Value : Matrox Graphics Software (remove only)
[UninstallString] :
Raw Value : %SystemRoot%\SysWOW64\Matrox\Matrox.WddmUninstaller.exe
[DisplayVersion] :
Raw Value : 4.5.0.5

- Microsoft Help Viewer 2.3
Best Confidence Version : 2.3.28307
Version Confidence Level : 2
All Possible Versions : 51.119.37703, 2.3.28307
Other Version Data
[InstallDate] :
Raw Value : 2023/08/02
[DisplayIcon] :
Raw Value : msiexec.exe
[InstallLocation] :
Raw Value : C:\Program Files (x86)\Microsoft Help Viewer\v2.3\
[UninstallString] :
Raw Value : MsiExec.exe /X{99DC6816-30B2-32EB-9E12-AF8944C4FA4E}
[VersionMinor] :
Raw Value : 3
[VersionMajor] :
Raw Value : 2
[Version] :
Raw Value : 33779347
Parsed Version : 51.119.37703
[DisplayVersion] :
Raw Value : 2.3.28307
[DisplayName] :
Raw Value : Microsoft Help Viewer 2.3

- Trellix Endpoint Security Web ¡.
Best Confidence Version : 10.7.0
Version Confidence Level : 2
All Possible Versions : 10.7.0
Other Version Data
[VersionMajor] :
Raw Value : 10
[Version] :
Raw Value : 168230912
[InstallLocation] :
Raw Value : C:\Program Files (x86)\McAfee\Endpoint Security\
[DisplayName] :
Raw Value : Trellix Endpoint Security Web ¡.
[UninstallString] :
Raw Value : MsiExec.exe /X{5974413A-8D95-4D64-B9EE-40DF28186445}
[InstallDate] :
Raw Value : 2023/12/16
[DisplayVersion] :
Raw Value : 10.7.0
[VersionMinor] :
Raw Value : 7

- RESTful Interface Tool
Best Confidence Version : 3.6.0.0
Version Confidence Level : 2
All Possible Versions : 80.114.18532, 3.6.0.0
Other Version Data
[VersionMajor] :
Raw Value : 3
[Version] :
Raw Value : 50724864
Parsed Version : 80.114.18532
[DisplayName] :
Raw Value : RESTful Interface Tool
[UninstallString] :
Raw Value : MsiExec.exe /X{058943A2-CAF1-4303-BF52-214DEA83FB46}
[InstallDate] :
Raw Value : 2023/07/05
[DisplayVersion] :
Raw Value : 3.6.0.0
[VersionMinor] :
Raw Value : 6

- Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Best Confidence Version : 12.0.21005
Version Confidence Level : 2
All Possible Versions : 12.0.21005
Other Version Data
[VersionMajor] :
Raw Value : 12
[Version] :
Raw Value : 201347597
[DisplayName] :
Raw Value : Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
[UninstallString] :
Raw Value : MsiExec.exe /X{929FBD26-9020-399B-9A7A-751D61F0B942}
[InstallDate] :
Raw Value : 2023/08/03
[DisplayVersion] :
Raw Value : 12.0.21005
[VersionMinor] :
Raw Value : 0

- Microsoft Visual Studio Tools for Applications 2019 x64 Hosting Support
Best Confidence Version : 16.0.31110
Version Confidence Level : 2
All Possible Versions : 16.0.31110
Other Version Data
[VersionMajor] :
Raw Value : 16
[Version] :
Raw Value : 268466566
[DisplayName] :
Raw Value : Microsoft Visual Studio Tools for Applications 2019 x64 Hosting Support
[UninstallString] :
Raw Value : MsiExec.exe /X{8E7A3713-551D-333A-9271-10EF4D77A80F}
[InstallDate] :
Raw Value : 2023/08/02
[DisplayVersion] :
Raw Value : 16.0.31110
[VersionMinor] :
Raw Value : 0

- SQL Server 2022 DMF
Best Confidence Version : 16.0.1000.6
Version Confidence Level : 2
All Possible Versions : 16.0.1000.6
Other Version Data
[VersionMajor] :
Raw Value : 16
[Version] :
Raw Value : 268436456
[DisplayName] :
Raw Value : SQL Server 2022 DMF
[UninstallString] :
Raw Value : MsiExec.exe /I{B5E0C16A-32CF-4D14-9D3F-A6BA209C74AA}
[InstallDate] :
Raw Value : 2023/08/07
[DisplayVersion] :
Raw Value : 16.0.1000.6
[VersionMinor] :
Raw Value : 0

- Python 3.11.4 Utility Scripts (64-bit)
Best Confidence Version : 3.11.4150.0
Version Confidence Level : 2
All Possible Versions : 81.5.26260, 3.11.4150.0
Other Version Data
[VersionMajor] :
Raw Value : 3
[Version] :
Raw Value : 51056694
Parsed Version : 81.5.26260
[DisplayName] :
Raw Value : Python 3.11.4 Utility Scripts (64-bit)
[UninstallString] :
Raw Value : MsiExec.exe /I{90A235DF-4CF1-415D-AD85-6AC578B5DFB4}
[InstallDate] :
Raw Value : 2023/09/25
[DisplayVersion] :
Raw Value : 3.11.4150.0
[VersionMinor] :
Raw Value : 11

- Python 3.11.4 Standard Library (64-bit)
Best Confidence Version : 3.11.4150.0
Version Confidence Level : 2
All Possible Versions : 81.5.26260, 3.11.4150.0
Other Version Data
[VersionMajor] :
Raw Value : 3
[Version] :
Raw Value : 51056694
Parsed Version : 81.5.26260
[DisplayName] :
Raw Value : Python 3.11.4 Standard Library (64-bit)
[UninstallString] :
Raw Value : MsiExec.exe /I{7EB8F17E-4AA7-4F9E-B908-42A28799523A}
[InstallDate] :
Raw Value : 2023/09/25
[DisplayVersion] :
Raw Value : 3.11.4150.0
[VersionMinor] :
Raw Value : 11

- Microsoft ODBC Driver 17 for SQL Server
Best Confidence Version : 17.10.4.1
Version Confidence Level : 2
All Possible Versions : 17.10.4.1
Other Version Data
[VersionMajor] :
Raw Value : 17
[Version] :
Raw Value : 285868036
[DisplayName] :
Raw Value : Microsoft ODBC Driver 17 for SQL Server
[UninstallString] :
Raw Value : MsiExec.exe /I{CD5FACA5-C1F2-429C-BB7D-7CDB1C5FE769}
[InstallDate] :
Raw Value : 2023/09/13
[DisplayVersion] :
Raw Value : 17.10.4.1
[VersionMinor] :
Raw Value : 10

- Agentless Management Service
Best Confidence Version : 2.51.3.0
Version Confidence Level : 2
All Possible Versions : 54.137.26481, 2.51.3.0
Other Version Data
[VersionMajor] :
Raw Value : 2
[Version] :
Raw Value : 36896771
Parsed Version : 54.137.26481
[InstallLocation] :
Raw Value : %ProgramFiles%\OEM\AMS\Service
[DisplayName] :
Raw Value : Agentless Management Service
[InstallDate] :
Raw Value : 2023/07/03
[UninstallString] :
Raw Value : MsiExec.exe /X{D68F5DE1-7424-4312-BF1F-170F2386D0C6}
[DisplayVersion] :
Raw Value : 2.51.3.0
[VersionMinor] :
Raw Value : 51

- SQL Server Management Studio
Best Confidence Version : 19.1.56.0
Version Confidence Level : 2
All Possible Versions : 19.1.56.0
Other Version Data
[VersionMajor] :
Raw Value : 19
[Version] :
Raw Value : 318832696
[DisplayName] :
Raw Value : SQL Server Management Studio
[UninstallString] :
Raw Value : MsiExec.exe /I{33F6AA45-05AE-4040-A83A-6B27778CA3A4}
[InstallDate] :
Raw Value : 2023/08/02
[DisplayVersion] :
Raw Value : 19.1.56.0
[VersionMinor] :
Raw Value : 1

- SQL Server 2022 Data quality service
Best Confidence Version : 16.0.1000.6
Version Confidence Level : 2
All Possible Versions : 16.0.1000.6
Other Version Data
[VersionMajor] :
Raw Value : 16
[Version] :
Raw Value : 268436456
[DisplayName] :
Raw Value : SQL Server 2022 Data quality service
[UninstallString] :
Raw Value : MsiExec.exe /I{3A981D80-905C-483A-9D99-DB81116E3894}
[InstallDate] :
Raw Value : 2023/08/07
[DisplayVersion] :
Raw Value : 16.0.1000.6
[VersionMinor] :
Raw Value : 0

- Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30139
Best Confidence Version : 14.29.30139
Version Confidence Level : 2
All Possible Versions : 14.29.30139
Other Version Data
[VersionMajor] :
Raw Value : 14
[Version] :
Raw Value : 236811707
[DisplayName] :
Raw Value : Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30139
[UninstallString] :
Raw Value : MsiExec.exe /I{1679EF65-55F3-4248-B91E-6B3BE1A69CDF}
[InstallDate] :
Raw Value : 2023/08/02
[DisplayVersion] :
Raw Value : 14.29.30139
[VersionMinor] :
Raw Value : 29

- Trellix Agent
Best Confidence Version : 5.8.0.161
Version Confidence Level : 2
All Possible Versions : 132.65.872, 5.8.0.161
Other Version Data
[InstallDate] :
Raw Value : 2023/12/15
[DisplayIcon] :
Raw Value : C:\Windows\Installer\{E484E5FD-6136-4271-A864-802606D05183}\ARPPRODUCTICON.exe
Parsed File Path : C:\Windows\Installer\{E484E5FD-6136-4271-A864-802606D05183}\ARPPRODUCTICON.exe
[InstallLocation] :
Raw Value : C:\Program Files\McAfee\Agent\
[UninstallString] :
Raw Value : MsiExec.exe /X{E484E5FD-6136-4271-A864-802606D05183}
[VersionMinor] :
Raw Value : 8
[Version] :
Raw Value : 84410368
Parsed Version : 132.65.872
[VersionMajor] :
Raw Value : 5
[DisplayVersion] :
Raw Value : 5.8.0.161
[DisplayName] :
Raw Value : Trellix Agent

- Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664
Best Confidence Version : 12.0.40664
Version Confidence Level : 2
All Possible Versions : 12.0.40664
Other Version Data
[VersionMajor] :
Raw Value : 12
[Version] :
Raw Value : 201367256
[DisplayName] :
Raw Value : Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664
[UninstallString] :
Raw Value : MsiExec.exe /X{D401961D-3A20-3AC7-943B-6139D5BD490A}
[InstallDate] :
Raw Value : 2023/08/02
[DisplayVersion] :
Raw Value : 12.0.40664
[VersionMinor] :
Raw Value : 0

- Microsoft SQL Server Management Studio - 19.1
Best Confidence Version : 19.1.56.0
Version Confidence Level : 3
All Possible Versions : 19.1.56.0
Other Version Data
[VersionMajor] :
Raw Value : 19
[DisplayName] :
Raw Value : Microsoft SQL Server Management Studio - 19.1
[UninstallString] :
Raw Value : "C:\ProgramData\Package Cache\{97488653-b791-439a-8ca6-f0dd53cc98c0}\SSMS-Setup-ENU.exe" /uninstall
Parsed File Path : C:\ProgramData\Package Cache\{97488653-b791-439a-8ca6-f0dd53cc98c0}\SSMS-Setup-ENU.exe
Parsed File Version : 19.1.56.0
[DisplayVersion] :
Raw Value : 19.1.56.0
[VersionMinor] :
Raw Value : 1
[DisplayIcon] :
Raw Value : C:\ProgramData\Package Cache\{97488653-b791-439a-8ca6-f0dd53cc98c0}\SSMS-Setup-ENU.exe,0
Parsed File Path : C:\ProgramData\Package Cache\{97488653-b791-439a-8ca6-f0dd53cc98c0}\SSMS-Setup-ENU.exe
Parsed File Version : 19.1.56.0

- Python 3.11.4 Add to Path (64-bit)
Best Confidence Version : 3.11.4150.0
Version Confidence Level : 2
All Possible Versions : 81.5.26260, 3.11.4150.0
Other Version Data
[VersionMajor] :
Raw Value : 3
[Version] :
Raw Value : 51056694
Parsed Version : 81.5.26260
[DisplayName] :
Raw Value : Python 3.11.4 Add to Path (64-bit)
[UninstallString] :
Raw Value : MsiExec.exe /I{77489A51-D174-4D9A-BD61-C4883157BA60}
[InstallDate] :
Raw Value : 2023/09/25
[DisplayVersion] :
Raw Value : 3.11.4150.0
[VersionMinor] :
Raw Value : 11

- Microsoft Analysis Services OLE DB Provider
Best Confidence Version : 16.0.5143.0
Version Confidence Level : 2
All Possible Versions : 16.0.5143.0
Other Version Data
[VersionMajor] :
Raw Value : 16
[Version] :
Raw Value : 268440599
[DisplayName] :
Raw Value : Microsoft Analysis Services OLE DB Provider
[UninstallString] :
Raw Value : MsiExec.exe /I{8D96B285-698F-42BA-B483-A0A54D75ECD6}
[InstallDate] :
Raw Value : 2023/08/02
[DisplayVersion] :
Raw Value : 16.0.5143.0
[VersionMinor] :
Raw Value : 0

- Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664
Best Confidence Version : 12.0.40664.0
Version Confidence Level : 3
All Possible Versions : 12.0.40664.0
Other Version Data
[DisplayName] :
Raw Value : Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664
[UninstallString] :
Raw Value : "C:\ProgramData\Package Cache\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\vcredist_x86.exe" /uninstall
Parsed File Path : C:\ProgramData\Package Cache\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\vcredist_x86.exe
Parsed File Version : 12.0.40664.0
[DisplayVersion] :
Raw Value : 12.0.40664.0
[DisplayIcon] :
Raw Value : C:\ProgramData\Package Cache\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\vcredist_x86.exe,0
Parsed File Path : C:\ProgramData\Package Cache\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\vcredist_x86.exe
Parsed File Version : 12.0.40664.0

- Trellix Endpoint Security ×éÃÈÕ©üà
Best Confidence Version : 10.7.0
Version Confidence Level : 2
All Possible Versions : 10.7.0
Other Version Data
[VersionMajor] :
Raw Value : 10
[Version] :
Raw Value : 168230912
[InstallLocation] :
Raw Value : C:\Program Files\McAfee\Endpoint Security\
[DisplayName] :
Raw Value : Trellix Endpoint Security ×éÃÈÕ©üà
[UninstallString] :
Raw Value : MsiExec.exe /X{B16DE18D-4D5D-45F8-92BD-8DC17225AFD8}
[InstallDate] :
Raw Value : 2023/12/16
[DisplayVersion] :
Raw Value : 10.7.0
[VersionMinor] :
Raw Value : 7

- Microsoft Command Line Utilities 15 for SQL Server
Best Confidence Version : 15.0.4298.1
Version Confidence Level : 2
All Possible Versions : 15.0.4298.1
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251662538
[DisplayName] :
Raw Value : Microsoft Command Line Utilities 15 for SQL Server
[UninstallString] :
Raw Value : MsiExec.exe /I{6F11B2D6-193B-4216-A8E6-D7092834F8FB}
[InstallDate] :
Raw Value : 2023/09/13
[DisplayVersion] :
Raw Value : 15.0.4298.1
[VersionMinor] :
Raw Value : 0

- Microsoft VSS Writer for SQL Server 2022
Best Confidence Version : 16.0.1000.6
Version Confidence Level : 2
All Possible Versions : 16.0.1000.6
Other Version Data
[VersionMajor] :
Raw Value : 16
[Version] :
Raw Value : 268436456
[DisplayName] :
Raw Value : Microsoft VSS Writer for SQL Server 2022
[UninstallString] :
Raw Value : MsiExec.exe /I{74C06DE5-2CD4-4217-A92B-83DCA72283DB}
[InstallDate] :
Raw Value : 2023/08/07
[DisplayVersion] :
Raw Value : 16.0.1000.6
[VersionMinor] :
Raw Value : 0

- Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532
Best Confidence Version : 14.36.32532
Version Confidence Level : 2
All Possible Versions : 14.36.32532
Other Version Data
[VersionMajor] :
Raw Value : 14
[Version] :
Raw Value : 237272852
[DisplayName] :
Raw Value : Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532
[UninstallString] :
Raw Value : MsiExec.exe /I{0025DD72-A959-45B5-A0A3-7EFEB15A8050}
[InstallDate] :
Raw Value : 2023/09/13
[DisplayVersion] :
Raw Value : 14.36.32532
[VersionMinor] :
Raw Value : 36

- Smart Storage Administrator CLI
Best Confidence Version : 6.15.11.0
Version Confidence Level : 2
All Possible Versions : 6.15.11.0
Other Version Data
[VersionMajor] :
Raw Value : 6
[Version] :
Raw Value : 101646347
[InstallLocation] :
Raw Value : C:\Program Files\Smart Storage Administrator\ssacli
[DisplayName] :
Raw Value : Smart Storage Administrator CLI
[UninstallString] :
Raw Value : MsiExec.exe /X{41B8D2C4-BE44-474A-8B43-5439A720591E}
[InstallDate] :
Raw Value : 2023/07/03
[DisplayVersion] :
Raw Value : 6.15.11.0
[VersionMinor] :
Raw Value : 15

- Python 3.11.4 pip Bootstrap (64-bit)
Best Confidence Version : 3.11.4150.0
Version Confidence Level : 2
All Possible Versions : 81.5.26260, 3.11.4150.0
Other Version Data
[VersionMajor] :
Raw Value : 3
[Version] :
Raw Value : 51056694
Parsed Version : 81.5.26260
[DisplayName] :
Raw Value : Python 3.11.4 pip Bootstrap (64-bit)
[UninstallString] :
Raw Value : MsiExec.exe /I{D86BDA9F-D389-445E-B3E6-C35EF9FD41C7}
[InstallDate] :
Raw Value : 2023/09/25
[DisplayVersion] :
Raw Value : 3.11.4150.0
[VersionMinor] :
Raw Value : 11

- Integration Services
Best Confidence Version : 16.0.5107.6
Version Confidence Level : 2
All Possible Versions : 16.0.5107.6
Other Version Data
[VersionMajor] :
Raw Value : 16
[Version] :
Raw Value : 268440563
[DisplayName] :
Raw Value : Integration Services
[UninstallString] :
Raw Value : MsiExec.exe /I{B9639A9B-BDBF-4480-9B2B-FE9C06ED54E7}
[InstallDate] :
Raw Value : 2023/08/02
[DisplayVersion] :
Raw Value : 16.0.5107.6
[VersionMinor] :
Raw Value : 0

- HPE Lights-Out ªóé¤ó-šæüÆ£êÆ£
Best Confidence Version : 6.0.0.0
Version Confidence Level : 2
All Possible Versions : 6.0.0.0
Other Version Data
[VersionMajor] :
Raw Value : 6
[Version] :
Raw Value : 100663296
[DisplayName] :
Raw Value : HPE Lights-Out ªóé¤ó-šæüÆ£êÆ£
[UninstallString] :
Raw Value : MsiExec.exe /X{76883682-BE08-45BD-BC12-21CA1A97F894}
[InstallDate] :
Raw Value : 2023/07/03
[DisplayVersion] :
Raw Value : 6.0.0.0
[VersionMinor] :
Raw Value : 0

- Trellix Endpoint Security Õ¡¤¢¦©üë
Best Confidence Version : 10.7.0
Version Confidence Level : 2
All Possible Versions : 10.7.0
Other Version Data
[VersionMajor] :
Raw Value : 10
[Version] :
Raw Value : 168230912
[InstallLocation] :
Raw Value : C:\Program Files\McAfee\Endpoint Security\
[DisplayName] :
Raw Value : Trellix Endpoint Security Õ¡¤¢¦©üë
[UninstallString] :
Raw Value : MsiExec.exe /X{6F88C6E9-CAD0-4D03-99E1-161383F9AD6F}
[InstallDate] :
Raw Value : 2023/12/16
[DisplayVersion] :
Raw Value : 10.7.0
[VersionMinor] :
Raw Value : 7

- Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30139
Best Confidence Version : 14.29.30139.0
Version Confidence Level : 3
All Possible Versions : 14.29.30139.0
Other Version Data
[DisplayName] :
Raw Value : Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30139
[UninstallString] :
Raw Value : "C:\ProgramData\Package Cache\{8d5fdf81-7022-423f-bd8b-b513a1050ae1}\VC_redist.x86.exe" /uninstall
Parsed File Path : C:\ProgramData\Package Cache\{8d5fdf81-7022-423f-bd8b-b513a1050ae1}\VC_redist.x86.exe
Parsed File Version : 14.29.30139.0
[DisplayVersion] :
Raw Value : 14.29.30139.0
[DisplayIcon] :
Raw Value : C:\ProgramData\Package Cache\{8d5fdf81-7022-423f-bd8b-b513a1050ae1}\VC_redist.x86.exe,0
Parsed File Path : C:\ProgramData\Package Cache\{8d5fdf81-7022-423f-bd8b-b513a1050ae1}\VC_redist.x86.exe
Parsed File Version : 14.29.30139.0

- Python 3.11.4 Development Libraries (64-bit)
Best Confidence Version : 3.11.4150.0
Version Confidence Level : 2
All Possible Versions : 81.5.26260, 3.11.4150.0
Other Version Data
[VersionMajor] :
Raw Value : 3
[Version] :
Raw Value : 51056694
Parsed Version : 81.5.26260
[DisplayName] :
Raw Value : Python 3.11.4 Development Libraries (64-bit)
[UninstallString] :
Raw Value : MsiExec.exe /I{1C6E1CE6-CA4E-4B38-BAFF-32BD94DBFFEF}
[InstallDate] :
Raw Value : 2023/09/25
[DisplayVersion] :
Raw Value : 3.11.4150.0
[VersionMinor] :
Raw Value : 11

- SQL Server 2022 SQL Diagnostics
Best Confidence Version : 16.0.1000.6
Version Confidence Level : 2
All Possible Versions : 16.0.1000.6
Other Version Data
[VersionMajor] :
Raw Value : 16
[Version] :
Raw Value : 268436456
[DisplayName] :
Raw Value : SQL Server 2022 SQL Diagnostics
[UninstallString] :
Raw Value : MsiExec.exe /I{0CEFE958-E71A-4171-9DEF-77E9234A5613}
[InstallDate] :
Raw Value : 2023/08/07
[DisplayVersion] :
Raw Value : 16.0.1000.6
[VersionMinor] :
Raw Value : 0

- Visual Studio 2017 Isolated Shell for SSMS
Best Confidence Version : 15.0.28308.421
Version Confidence Level : 2
All Possible Versions : 15.0.28308.421
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251686548
[DisplayName] :
Raw Value : Visual Studio 2017 Isolated Shell for SSMS
[UninstallString] :
Raw Value : MsiExec.exe /I{0C69A55F-BC72-4AFB-BAEF-C5DEF9C32B9A}
[InstallDate] :
Raw Value : 2023/08/02
[DisplayVersion] :
Raw Value : 15.0.28308.421
[VersionMinor] :
Raw Value : 0

- Python 3.11.4 Test Suite (64-bit)
Best Confidence Version : 3.11.4150.0
Version Confidence Level : 2
All Possible Versions : 81.5.26260, 3.11.4150.0
Other Version Data
[VersionMajor] :
Raw Value : 3
[Version] :
Raw Value : 51056694
Parsed Version : 81.5.26260
[DisplayName] :
Raw Value : Python 3.11.4 Test Suite (64-bit)
[UninstallString] :
Raw Value : MsiExec.exe /I{52DE4CC1-22CF-498B-B50F-E66877E4850B}
[InstallDate] :
Raw Value : 2023/09/25
[DisplayVersion] :
Raw Value : 3.11.4150.0
[VersionMinor] :
Raw Value : 11

- Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532
Best Confidence Version : 14.36.32532.0
Version Confidence Level : 3
All Possible Versions : 14.36.32532.0
Other Version Data
[DisplayName] :
Raw Value : Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532
[UninstallString] :
Raw Value : "C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" /uninstall
Parsed File Path : C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe
Parsed File Version : 14.36.32532.0
[DisplayVersion] :
Raw Value : 14.36.32532.0
[DisplayIcon] :
Raw Value : C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe,0
Parsed File Path : C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe
Parsed File Version : 14.36.32532.0

- Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30139
Best Confidence Version : 14.29.30139
Version Confidence Level : 2
All Possible Versions : 14.29.30139
Other Version Data
[VersionMajor] :
Raw Value : 14
[Version] :
Raw Value : 236811707
[DisplayName] :
Raw Value : Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30139
[UninstallString] :
Raw Value : MsiExec.exe /I{1AEA8854-7597-4CD3-948F-8DE364D94E07}
[InstallDate] :
Raw Value : 2023/08/02
[DisplayVersion] :
Raw Value : 14.29.30139
[VersionMinor] :
Raw Value : 29

- Microsoft SQL Server 2012 Native Client
Best Confidence Version : 11.3.6538.0
Version Confidence Level : 2
All Possible Versions : 11.3.6538.0
Other Version Data
[VersionMajor] :
Raw Value : 11
[Version] :
Raw Value : 184752522
[DisplayName] :
Raw Value : Microsoft SQL Server 2012 Native Client
[UninstallString] :
Raw Value : MsiExec.exe /I{13146756-9716-4843-84CA-053916D2FCF9}
[InstallDate] :
Raw Value : 2023/08/17
[DisplayVersion] :
Raw Value : 11.3.6538.0
[VersionMinor] :
Raw Value : 3

- Python 3.11.4 Documentation (64-bit)
Best Confidence Version : 3.11.4150.0
Version Confidence Level : 2
All Possible Versions : 81.5.26260, 3.11.4150.0
Other Version Data
[VersionMajor] :
Raw Value : 3
[Version] :
Raw Value : 51056694
Parsed Version : 81.5.26260
[DisplayName] :
Raw Value : Python 3.11.4 Documentation (64-bit)
[UninstallString] :
Raw Value : MsiExec.exe /I{FABA3DAC-829C-4C83-BC27-F3AFFD27B465}
[InstallDate] :
Raw Value : 2023/09/25
[DisplayVersion] :
Raw Value : 3.11.4150.0
[VersionMinor] :
Raw Value : 11

- Smart Storage Administrator:­JˆsSSD Wear GaugeæüÆ£êÆ£
Best Confidence Version : 6.15.11.0
Version Confidence Level : 2
All Possible Versions : 6.15.11.0
Other Version Data
[VersionMajor] :
Raw Value : 6
[Version] :
Raw Value : 101646347
[InstallLocation] :
Raw Value : C:\Program Files\Smart Storage Administrator\ssaducli
[DisplayName] :
Raw Value : Smart Storage Administrator:­JˆsSSD Wear GaugeæüÆ£êÆ£
[UninstallString] :
Raw Value : MsiExec.exe /X{D4E10723-F477-427E-AFC8-3E43B45F38D4}
[InstallDate] :
Raw Value : 2023/07/03
[DisplayVersion] :
Raw Value : 6.15.11.0
[VersionMinor] :
Raw Value : 15

- Microsoft SQL Server 2022 RsFx Driver
Best Confidence Version : 16.0.1000.6
Version Confidence Level : 2
All Possible Versions : 16.0.1000.6
Other Version Data
[VersionMajor] :
Raw Value : 16
[Version] :
Raw Value : 268436456
[DisplayName] :
Raw Value : Microsoft SQL Server 2022 RsFx Driver
[UninstallString] :
Raw Value : MsiExec.exe /I{629C8FC9-3763-4C58-8264-5288AE34AFEF}
[InstallDate] :
Raw Value : 2023/08/07
[DisplayVersion] :
Raw Value : 16.0.1000.6
[VersionMinor] :
Raw Value : 0

- SQL Server 2022 (Ö馶ü
Best Confidence Version : 16.0.1000.6
Version Confidence Level : 2
All Possible Versions : 16.0.1000.6
Other Version Data
[VersionMajor] :
Raw Value : 16
[Version] :
Raw Value : 268436456
[DisplayName] :
Raw Value : SQL Server 2022 (Ö馶ü
[UninstallString] :
Raw Value : MsiExec.exe /X{1F37A2CB-368E-4D27-8ECA-A11B64687C2C}
[InstallDate] :
Raw Value : 2023/08/07
[DisplayVersion] :
Raw Value : 16.0.1000.6
[VersionMinor] :
Raw Value : 0

- Trellix Data Exchange Layer for TA
Best Confidence Version : 6.0.3.995
Version Confidence Level : 3
All Possible Versions : 6.0.3.995
Other Version Data
[VersionMajor] :
Raw Value : 6
[Version] :
Raw Value : 100694291
[DisplayName] :
Raw Value : Trellix Data Exchange Layer for TA
[UninstallString] :
Raw Value : "C:\ProgramData\Package Cache\{ecc07038-25db-4898-b728-32c5c895152a}\dxlsetup-ma.exe" /uninstall
Parsed File Path : C:\ProgramData\Package Cache\{ecc07038-25db-4898-b728-32c5c895152a}\dxlsetup-ma.exe
Parsed File Version : 6.0.3.995
[InstallDate] :
Raw Value : 2023/12/15
[DisplayVersion] :
Raw Value : 6.0.3.995
[DisplayIcon] :
Raw Value : C:\ProgramData\Package Cache\{ecc07038-25db-4898-b728-32c5c895152a}\dxlsetup-ma.exe,0
Parsed File Path : C:\ProgramData\Package Cache\{ecc07038-25db-4898-b728-32c5c895152a}\dxlsetup-ma.exe
Parsed File Version : 6.0.3.995
[VersionMinor] :
Raw Value : 0

- Trellix Endpoint Security iÜ‹..þV
Best Confidence Version : 10.7.0
Version Confidence Level : 2
All Possible Versions : 10.7.0
Other Version Data
[VersionMajor] :
Raw Value : 10
[Version] :
Raw Value : 168230912
[InstallLocation] :
Raw Value : C:\Program Files\McAfee\Endpoint Security\
[DisplayName] :
Raw Value : Trellix Endpoint Security iÜ‹..þV
[UninstallString] :
Raw Value : MsiExec.exe /X{377DA1C7-79DE-4102-8DB7-5C2296A3E960}
[InstallDate] :
Raw Value : 2023/12/16
[DisplayVersion] :
Raw Value : 10.7.0
[VersionMinor] :
Raw Value : 7

- Python 3.11.4 Tcl/Tk Support (64-bit)
Best Confidence Version : 3.11.4150.0
Version Confidence Level : 2
All Possible Versions : 81.5.26260, 3.11.4150.0
Other Version Data
[VersionMajor] :
Raw Value : 3
[Version] :
Raw Value : 51056694
Parsed Version : 81.5.26260
[DisplayName] :
Raw Value : Python 3.11.4 Tcl/Tk Support (64-bit)
[UninstallString] :
Raw Value : MsiExec.exe /I{A32FE961-D579-4E46-B3D6-0B777F8F51E8}
[InstallDate] :
Raw Value : 2023/09/25
[DisplayVersion] :
Raw Value : 3.11.4150.0
[VersionMinor] :
Raw Value : 11

- NVMe Drive Eject NMI Fix
Best Confidence Version : 1.1.0.0
Version Confidence Level : 2
All Possible Versions : 22.132.10066, 1.1.0.0
Other Version Data
[VersionMajor] :
Raw Value : 1
[Version] :
Raw Value : 16842752
Parsed Version : 22.132.10066
[DisplayName] :
Raw Value : NVMe Drive Eject NMI Fix
[UninstallString] :
Raw Value : MsiExec.exe /X{3D99D1D6-9479-419B-A5E4-D1470755E856}
[InstallDate] :
Raw Value : 2023/07/03
[DisplayVersion] :
Raw Value : 1.1.0.0
[VersionMinor] :
Raw Value : 1

- SQL Server 2022 Database Engine Shared
Best Confidence Version : 16.0.1000.6
Version Confidence Level : 2
All Possible Versions : 16.0.1000.6
Other Version Data
[VersionMajor] :
Raw Value : 16
[Version] :
Raw Value : 268436456
[DisplayName] :
Raw Value : SQL Server 2022 Database Engine Shared
[UninstallString] :
Raw Value : MsiExec.exe /I{D6E82158-05B9-4A18-A624-EA135BC77766}
[InstallDate] :
Raw Value : 2023/08/07
[DisplayVersion] :
Raw Value : 16.0.1000.6
[VersionMinor] :
Raw Value : 0

- Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Best Confidence Version : 10.0.40219
Version Confidence Level : 2
All Possible Versions : 10.0.40219
Other Version Data
[VersionMajor] :
Raw Value : 10
[Version] :
Raw Value : 167812379
[DisplayName] :
Raw Value : Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
[UninstallString] :
Raw Value : MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
[InstallDate] :
Raw Value : 2023/08/03
[DisplayVersion] :
Raw Value : 10.0.40219
[VersionMinor] :
Raw Value : 0

- Smart Storage Administrator
Best Confidence Version : 6.15.11.0
Version Confidence Level : 2
All Possible Versions : 6.15.11.0
Other Version Data
[VersionMajor] :
Raw Value : 6
[Version] :
Raw Value : 101646347
[InstallLocation] :
Raw Value : C:\Program Files\Smart Storage Administrator\ssa
[DisplayName] :
Raw Value : Smart Storage Administrator
[UninstallString] :
Raw Value : MsiExec.exe /X{1F59AE3C-18D4-47F3-AFD5-652A25AF9052}
[InstallDate] :
Raw Value : 2023/07/03
[DisplayVersion] :
Raw Value : 6.15.11.0
[VersionMinor] :
Raw Value : 15

- AD LDS ¤ó¹¿ó¹ Madb
Best Confidence Version : 10.0.17763.1
Version Confidence Level : 3
All Possible Versions : 10.0.17763.1
Other Version Data
[VersionMajor] :
Raw Value : 10
[InstallLocation] :
Raw Value : C:\Program Files\Microsoft ADAM\Madb\data
[DisplayName] :
Raw Value : AD LDS ¤ó¹¿ó¹ Madb
[UninstallString] :
Raw Value : "C:\Windows\ADAM\adamuninstall.exe" /i:Madb
Parsed File Path : C:\Windows\ADAM\adamuninstall.exe
Parsed File Version : 10.0.17763.1
[VersionMinor] :
Raw Value : 0

- Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532
Best Confidence Version : 14.36.32532
Version Confidence Level : 2
All Possible Versions : 14.36.32532
Other Version Data
[VersionMajor] :
Raw Value : 14
[Version] :
Raw Value : 237272852
[DisplayName] :
Raw Value : Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532
[UninstallString] :
Raw Value : MsiExec.exe /I{D5D19E2F-7189-42FE-8103-92CD1FA457C2}
[InstallDate] :
Raw Value : 2023/09/13
[DisplayVersion] :
Raw Value : 14.36.32532
[VersionMinor] :
Raw Value : 36

- HPE Smart ¢ì¤SAS/SATA¤ÙóÈ.åµüÓ¹
Best Confidence Version : 1.2.1.67
Version Confidence Level : 2
All Possible Versions : 22.144.33417, 1.2.1.67
Other Version Data
[VersionMajor] :
Raw Value : 1
[Version] :
Raw Value : 16908289
Parsed Version : 22.144.33417
[DisplayName] :
Raw Value : HPE Smart ¢ì¤SAS/SATA¤ÙóÈ.åµüÓ¹
[UninstallString] :
Raw Value : MsiExec.exe /X{A516999D-0B6A-4AF7-9E3A-1AAFD99D7D23}
[InstallDate] :
Raw Value : 2023/07/03
[DisplayVersion] :
Raw Value : 1.2.1.67
[VersionMinor] :
Raw Value : 2

- Trellix Endpoint Security ..þV
Best Confidence Version : 10.7.0
Version Confidence Level : 2
All Possible Versions : 10.7.0
Other Version Data
[VersionMajor] :
Raw Value : 10
[Version] :
Raw Value : 168230912
[InstallLocation] :
Raw Value : C:\Program Files\McAfee\Endpoint Security\
[DisplayName] :
Raw Value : Trellix Endpoint Security ..þV
[UninstallString] :
Raw Value : MsiExec.exe /X{820D7600-089E-486B-860F-279B8119A893}
[InstallDate] :
Raw Value : 2023/12/16
[DisplayVersion] :
Raw Value : 10.7.0
[VersionMinor] :
Raw Value : 7

- Python Launcher
Best Confidence Version : 3.11.4150.0
Version Confidence Level : 2
All Possible Versions : 81.5.26260, 3.11.4150.0
Other Version Data
[VersionMajor] :
Raw Value : 3
[Version] :
Raw Value : 51056694
Parsed Version : 81.5.26260
[DisplayName] :
Raw Value : Python Launcher
[UninstallString] :
Raw Value : MsiExec.exe /X{23514291-DEF3-42FD-A67C-A96E35C92F24}
[InstallDate] :
Raw Value : 2023/09/13
[DisplayVersion] :
Raw Value : 3.11.4150.0
[VersionMinor] :
Raw Value : 11

- SQL Server 2022 Batch Parser
Best Confidence Version : 16.0.1000.6
Version Confidence Level : 2
All Possible Versions : 16.0.1000.6
Other Version Data
[VersionMajor] :
Raw Value : 16
[Version] :
Raw Value : 268436456
[DisplayName] :
Raw Value : SQL Server 2022 Batch Parser
[UninstallString] :
Raw Value : MsiExec.exe /I{7EFD8B19-A9E6-41CF-A96F-B9B6E30EC345}
[InstallDate] :
Raw Value : 2023/08/07
[DisplayVersion] :
Raw Value : 16.0.1000.6
[VersionMinor] :
Raw Value : 0

- Microsoft SQL Server 2022 »ÃÈ¢Ã× (å,ž)
Best Confidence Version : 16.0.1000.6
Version Confidence Level : 2
All Possible Versions : 16.0.1000.6
Other Version Data
[VersionMajor] :
Raw Value : 16
[Version] :
Raw Value : 268436456
[DisplayName] :
Raw Value : Microsoft SQL Server 2022 »ÃÈ¢Ã× (å,ž)
[UninstallString] :
Raw Value : MsiExec.exe /X{118FADF5-B408-4371-B3BF-2F96AA865A56}
[InstallDate] :
Raw Value : 2023/08/07
[DisplayVersion] :
Raw Value : 16.0.1000.6
[VersionMinor] :
Raw Value : 0

- Integrated Smart Update Tools for Windows
Best Confidence Version : 4.1.0.0
Version Confidence Level : 2
All Possible Versions : 103.23.17408, 4.1.0.0
Other Version Data
[VersionMajor] :
Raw Value : 4
[Version] :
Raw Value : 67174400
Parsed Version : 103.23.17408
[InstallLocation] :
Raw Value : C:\Program Files\\SUT
[DisplayName] :
Raw Value : Integrated Smart Update Tools for Windows
[UninstallString] :
Raw Value : MsiExec.exe /I{BA5A3FD4-6E49-4D29-8C9B-D5F6E5FF1765}
[InstallDate] :
Raw Value : 2023/07/03
[DisplayVersion] :
Raw Value : 4.1.0.0
[VersionMinor] :
Raw Value : 1

- SQL Server 2022 Database Engine Services
Best Confidence Version : 16.0.1000.6
Version Confidence Level : 2
All Possible Versions : 16.0.1000.6
Other Version Data
[VersionMajor] :
Raw Value : 16
[Version] :
Raw Value : 268436456
[DisplayName] :
Raw Value : SQL Server 2022 Database Engine Services
[UninstallString] :
Raw Value : MsiExec.exe /I{AD6CBE0D-6E2B-485A-97E3-5F32C7C33478}
[InstallDate] :
Raw Value : 2023/08/07
[DisplayVersion] :
Raw Value : 16.0.1000.6
[VersionMinor] :
Raw Value : 0

- Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Best Confidence Version : 10.0.40219
Version Confidence Level : 2
All Possible Versions : 10.0.40219
Other Version Data
[VersionMajor] :
Raw Value : 10
[Version] :
Raw Value : 167812379
[DisplayName] :
Raw Value : Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
[UninstallString] :
Raw Value : MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
[InstallDate] :
Raw Value : 2023/08/03
[DisplayVersion] :
Raw Value : 10.0.40219
[VersionMinor] :
Raw Value : 0

- Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Best Confidence Version : 12.0.21005
Version Confidence Level : 2
All Possible Versions : 12.0.21005
Other Version Data
[VersionMajor] :
Raw Value : 12
[Version] :
Raw Value : 201347597
[DisplayName] :
Raw Value : Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
[UninstallString] :
Raw Value : MsiExec.exe /X{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}
[InstallDate] :
Raw Value : 2023/08/03
[DisplayVersion] :
Raw Value : 12.0.21005
[VersionMinor] :
Raw Value : 0

- SQL Server Management Studio Language Pack - English
Best Confidence Version : 19.1.56.0
Version Confidence Level : 2
All Possible Versions : 19.1.56.0
Other Version Data
[VersionMajor] :
Raw Value : 19
[Version] :
Raw Value : 318832696
[DisplayName] :
Raw Value : SQL Server Management Studio Language Pack - English
[UninstallString] :
Raw Value : MsiExec.exe /I{3D59683C-BA05-45FB-B0DC-20A7AB95DA27}
[InstallDate] :
Raw Value : 2023/08/02
[DisplayVersion] :
Raw Value : 19.1.56.0
[VersionMinor] :
Raw Value : 1

- SSMS Post Install Tasks
Best Confidence Version : 19.1.56.0
Version Confidence Level : 2
All Possible Versions : 19.1.56.0
Other Version Data
[VersionMajor] :
Raw Value : 19
[Version] :
Raw Value : 318832696
[DisplayName] :
Raw Value : SSMS Post Install Tasks
[UninstallString] :
Raw Value : MsiExec.exe /I{93C559A7-55A9-41EA-B0A0-AEB72DB73E92}
[InstallDate] :
Raw Value : 2023/08/02
[DisplayVersion] :
Raw Value : 19.1.56.0
[VersionMinor] :
Raw Value : 1

- SQL Server 2022 Full text search
Best Confidence Version : 16.0.1000.6
Version Confidence Level : 2
All Possible Versions : 16.0.1000.6
Other Version Data
[VersionMajor] :
Raw Value : 16
[Version] :
Raw Value : 268436456
[DisplayName] :
Raw Value : SQL Server 2022 Full text search
[UninstallString] :
Raw Value : MsiExec.exe /I{325160B7-7194-48E9-8FEF-53E2517D8748}
[InstallDate] :
Raw Value : 2023/08/07
[DisplayVersion] :
Raw Value : 16.0.1000.6
[VersionMinor] :
Raw Value : 0

- Microsoft SQL Server 2022 (64 ÓÃÈ)
Best Confidence Version : 16.0.1000.6
Version Confidence Level : 3
All Possible Versions : 16.0.1000.6
Other Version Data
[DisplayName] :
Raw Value : Microsoft SQL Server 2022 (64 ÓÃÈ)
[UninstallString] :
Raw Value : "C:\Program Files\Microsoft SQL Server\160\Setup Bootstrap\SQL2022\x64\SetupARP.exe"
Parsed File Path : C:\Program Files\Microsoft SQL Server\160\Setup Bootstrap\SQL2022\x64\SetupARP.exe
Parsed File Version : 16.0.1000.6
[DisplayIcon] :
Raw Value : "C:\Program Files\Microsoft SQL Server\160\Setup Bootstrap\SQL2022\x64\SetupARP.exe"
Parsed File Path : C:\Program Files\Microsoft SQL Server\160\Setup Bootstrap\SQL2022\x64\SetupARP.exe
Parsed File Version : 16.0.1000.6

- Python 3.11.4 Core Interpreter (64-bit)
Best Confidence Version : 3.11.4150.0
Version Confidence Level : 2
All Possible Versions : 81.5.26260, 3.11.4150.0
Other Version Data
[VersionMajor] :
Raw Value : 3
[Version] :
Raw Value : 51056694
Parsed Version : 81.5.26260
[DisplayName] :
Raw Value : Python 3.11.4 Core Interpreter (64-bit)
[UninstallString] :
Raw Value : MsiExec.exe /I{FEF98C01-0C8A-4A0F-88AE-F164A787286C}
[InstallDate] :
Raw Value : 2023/09/25
[DisplayVersion] :
Raw Value : 3.11.4150.0
[VersionMinor] :
Raw Value : 11

- Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
Best Confidence Version : 12.0.30501.0
Version Confidence Level : 3
All Possible Versions : 12.0.30501.0
Other Version Data
[DisplayName] :
Raw Value : Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
[UninstallString] :
Raw Value : "C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe" /uninstall
Parsed File Path : C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
Parsed File Version : 12.0.30501.0
[DisplayVersion] :
Raw Value : 12.0.30501.0
[DisplayIcon] :
Raw Value : C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe,0
Parsed File Path : C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
Parsed File Version : 12.0.30501.0

- Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664
Best Confidence Version : 12.0.40664
Version Confidence Level : 2
All Possible Versions : 12.0.40664
Other Version Data
[VersionMajor] :
Raw Value : 12
[Version] :
Raw Value : 201367256
[DisplayName] :
Raw Value : Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664
[UninstallString] :
Raw Value : MsiExec.exe /X{8122DAB1-ED4D-3676-BB0A-CA368196543E}
[InstallDate] :
Raw Value : 2023/08/02
[DisplayVersion] :
Raw Value : 12.0.40664
[VersionMinor] :
Raw Value : 0

- EVEMA Server (x64) 3.33.0.47573
Best Confidence Version : 3.33.0.47573
Version Confidence Level : 2
All Possible Versions : 82.73.17206, 3.33.0.47573
Other Version Data
[VersionMajor] :
Raw Value : 3
[Version] :
Raw Value : 52494336
Parsed Version : 82.73.17206
[InstallLocation] :
Raw Value : C:\Program Files\DDS\EVEMA\
[DisplayName] :
Raw Value : EVEMA Server (x64) 3.33.0.47573
[UninstallString] :
Raw Value : MsiExec.exe /X{5982DD3A-1FB1-4B17-BC7C-23C38FA1FF36}
[InstallDate] :
Raw Value : 2023/09/15
[DisplayVersion] :
Raw Value : 3.33.0.47573
[VersionMinor] :
Raw Value : 33

- SQL Server 2022 SQL Data Quality Common
Best Confidence Version : 16.0.1000.6
Version Confidence Level : 2
All Possible Versions : 16.0.1000.6
Other Version Data
[VersionMajor] :
Raw Value : 16
[Version] :
Raw Value : 268436456
[DisplayName] :
Raw Value : SQL Server 2022 SQL Data Quality Common
[UninstallString] :
Raw Value : MsiExec.exe /I{B37964BB-5CAB-48C9-B945-3FE255426B38}
[InstallDate] :
Raw Value : 2023/08/07
[DisplayVersion] :
Raw Value : 16.0.1000.6
[VersionMinor] :
Raw Value : 0

- Azure Data Studio
Best Confidence Version : 51.1052.0.0
Version Confidence Level : 3
All Possible Versions : 51.1052.0.0, 1.44.0, 1.44.0.0
Other Version Data
[VersionMajor] :
Raw Value : 1
[InstallLocation] :
Raw Value : C:\Program Files\Azure Data Studio\
[DisplayName] :
Raw Value : Azure Data Studio
[UninstallString] :
Raw Value : "C:\Program Files\Azure Data Studio\unins000.exe"
Parsed File Path : C:\Program Files\Azure Data Studio\unins000.exe
Parsed File Version : 51.1052.0.0
[InstallDate] :
Raw Value : 2023/08/02
[DisplayVersion] :
Raw Value : 1.44.0
[VersionMinor] :
Raw Value : 44
[DisplayIcon] :
Raw Value : C:\Program Files\Azure Data Studio\azuredatastudio.exe
Parsed File Path : C:\Program Files\Azure Data Studio\azuredatastudio.exe
Parsed File Version : 1.44.0.0

- SQL Server 2022 Common Files
Best Confidence Version : 16.0.1000.6
Version Confidence Level : 2
All Possible Versions : 16.0.1000.6
Other Version Data
[VersionMajor] :
Raw Value : 16
[Version] :
Raw Value : 268436456
[DisplayName] :
Raw Value : SQL Server 2022 Common Files
[UninstallString] :
Raw Value : MsiExec.exe /I{6A68D32C-4C0D-4847-B70C-58E6B4D76A12}
[InstallDate] :
Raw Value : 2023/08/07
[DisplayVersion] :
Raw Value : 16.0.1000.6
[VersionMinor] :
Raw Value : 0

- Microsoft OLE DB Driver for SQL Server
Best Confidence Version : 18.6.5.0
Version Confidence Level : 2
All Possible Versions : 18.6.5.0
Other Version Data
[VersionMajor] :
Raw Value : 18
[Version] :
Raw Value : 302383109
[DisplayName] :
Raw Value : Microsoft OLE DB Driver for SQL Server
[UninstallString] :
Raw Value : MsiExec.exe /I{CD711320-8704-46EF-8B09-0F40BD2A4C2F}
[InstallDate] :
Raw Value : 2023/08/02
[DisplayVersion] :
Raw Value : 18.6.5.0
[VersionMinor] :
Raw Value : 6

- SQL Server 2022 Shared Management Objects Extensions
Best Confidence Version : 16.0.1000.6
Version Confidence Level : 2
All Possible Versions : 16.0.1000.6
Other Version Data
[VersionMajor] :
Raw Value : 16
[Version] :
Raw Value : 268436456
[DisplayName] :
Raw Value : SQL Server 2022 Shared Management Objects Extensions
[UninstallString] :
Raw Value : MsiExec.exe /I{D3B89626-C27A-4526-9F01-0B5F88C5A5F3}
[InstallDate] :
Raw Value : 2023/08/07
[DisplayVersion] :
Raw Value : 16.0.1000.6
[VersionMinor] :
Raw Value : 0

- EVEMA Password Notifier Service (x64) 3.33.0.47573
Best Confidence Version : 3.33.0.47573
Version Confidence Level : 2
All Possible Versions : 82.73.17206, 3.33.0.47573
Other Version Data
[VersionMajor] :
Raw Value : 3
[Version] :
Raw Value : 52494336
Parsed Version : 82.73.17206
[InstallLocation] :
Raw Value : C:\Program Files\DDS\EVEMA\Client\
[DisplayName] :
Raw Value : EVEMA Password Notifier Service (x64) 3.33.0.47573
[UninstallString] :
Raw Value : MsiExec.exe /X{815B4E99-7B7B-47FE-BD38-C697A65FB275}
[InstallDate] :
Raw Value : 2023/09/26
[DisplayVersion] :
Raw Value : 3.33.0.47573
[VersionMinor] :
Raw Value : 33

- MergeModule2012
Best Confidence Version : 1.0.0
Version Confidence Level : 2
All Possible Versions : 22.119.29206, 1.0.0
Other Version Data
[VersionMajor] :
Raw Value : 1
[Version] :
Raw Value : 16777216
Parsed Version : 22.119.29206
[DisplayName] :
Raw Value : MergeModule2012
[UninstallString] :
Raw Value : MsiExec.exe /X{3E0D2B4B-CA5F-40D6-B0AE-648008897125}
[InstallDate] :
Raw Value : 2023/07/03
[DisplayVersion] :
Raw Value : 1.0.0
[VersionMinor] :
Raw Value : 0

- SQL Server 2022 XEvent
Best Confidence Version : 16.0.1000.6
Version Confidence Level : 2
All Possible Versions : 16.0.1000.6
Other Version Data
[VersionMajor] :
Raw Value : 16
[Version] :
Raw Value : 268436456
[DisplayName] :
Raw Value : SQL Server 2022 XEvent
[UninstallString] :
Raw Value : MsiExec.exe /I{BD8B7339-7559-4FC3-95E6-264324D45235}
[InstallDate] :
Raw Value : 2023/08/07
[DisplayVersion] :
Raw Value : 16.0.1000.6
[VersionMinor] :
Raw Value : 0

- Microsoft Visual Studio Tools for Applications 2019 x86 Hosting Support
Best Confidence Version : 16.0.31110
Version Confidence Level : 2
All Possible Versions : 16.0.31110
Other Version Data
[VersionMajor] :
Raw Value : 16
[Version] :
Raw Value : 268466566
[DisplayName] :
Raw Value : Microsoft Visual Studio Tools for Applications 2019 x86 Hosting Support
[UninstallString] :
Raw Value : MsiExec.exe /X{E7A0CD34-1F9B-3496-ADB3-2F180D302F6A}
[InstallDate] :
Raw Value : 2023/08/02
[DisplayVersion] :
Raw Value : 16.0.31110
[VersionMinor] :
Raw Value : 0

- Python 3.11.4 Executables (64-bit)
Best Confidence Version : 3.11.4150.0
Version Confidence Level : 2
All Possible Versions : 81.5.26260, 3.11.4150.0
Other Version Data
[VersionMajor] :
Raw Value : 3
[Version] :
Raw Value : 51056694
Parsed Version : 81.5.26260
[DisplayName] :
Raw Value : Python 3.11.4 Executables (64-bit)
[UninstallString] :
Raw Value : MsiExec.exe /I{DA4B94FB-D8BB-4DB9-85A7-FA5067A5CEDF}
[InstallDate] :
Raw Value : 2023/09/25
[DisplayVersion] :
Raw Value : 3.11.4150.0
[VersionMinor] :
Raw Value : 11

- Trellix ePolicy Orchestrator (Service Pack 1)
Best Confidence Version : 5.10.0
Version Confidence Level : 2
All Possible Versions : 132.84.5184, 5.10.0
Other Version Data
[InstallDate] :
Raw Value : 2023/08/17
[DisplayIcon] :
Raw Value : C:\Windows\Installer\{E2C3579A-6B3B-40F6-88E8-BE08E78C8D1A}\ARPPRODUCTICON.exe
Parsed File Path : C:\Windows\Installer\{E2C3579A-6B3B-40F6-88E8-BE08E78C8D1A}\ARPPRODUCTICON.exe
[InstallLocation] :
Raw Value : C:\Program Files (x86)\Trellix\ePolicy Orchestrator\
[UninstallString] :
Raw Value : MsiExec.exe /X{E2C3579A-6B3B-40F6-88E8-BE08E78C8D1A}
[VersionMinor] :
Raw Value : 10
[Version] :
Raw Value : 84541440
Parsed Version : 132.84.5184
[VersionMajor] :
Raw Value : 5
[DisplayVersion] :
Raw Value : 5.10.0
[DisplayName] :
Raw Value : Trellix ePolicy Orchestrator (Service Pack 1)

- Microsoft Visual Studio Tools for Applications 2019
Best Confidence Version : 16.0.31110.0
Version Confidence Level : 3
All Possible Versions : 16.0.31110.0, 16.0.31110
Other Version Data
[DisplayName] :
Raw Value : Microsoft Visual Studio Tools for Applications 2019
[UninstallString] :
Raw Value : "C:\ProgramData\Package Cache\{f3fbabb4-bcfb-45eb-8fff-9b784fd68c38}\vsta_setup.exe" /uninstall
Parsed File Path : C:\ProgramData\Package Cache\{f3fbabb4-bcfb-45eb-8fff-9b784fd68c38}\vsta_setup.exe
Parsed File Version : 16.0.31110.0
[DisplayVersion] :
Raw Value : 16.0.31110
[DisplayIcon] :
Raw Value : C:\ProgramData\Package Cache\{f3fbabb4-bcfb-45eb-8fff-9b784fd68c38}\vsta_setup.exe,0
Parsed File Path : C:\ProgramData\Package Cache\{f3fbabb4-bcfb-45eb-8fff-9b784fd68c38}\vsta_setup.exe
Parsed File Version : 16.0.31110.0

- SQL Server 2022 Shared Management Objects
Best Confidence Version : 16.0.1000.6
Version Confidence Level : 2
All Possible Versions : 16.0.1000.6
Other Version Data
[VersionMajor] :
Raw Value : 16
[Version] :
Raw Value : 268436456
[DisplayName] :
Raw Value : SQL Server 2022 Shared Management Objects
[UninstallString] :
Raw Value : MsiExec.exe /I{6F8242AA-1B25-421C-8E45-FC5978D9AA3A}
[InstallDate] :
Raw Value : 2023/08/07
[DisplayVersion] :
Raw Value : 16.0.1000.6
[VersionMinor] :
Raw Value : 0

- SQL Server 2022 Connection Info
Best Confidence Version : 16.0.1000.6
Version Confidence Level : 2
All Possible Versions : 16.0.1000.6
Other Version Data
[VersionMajor] :
Raw Value : 16
[Version] :
Raw Value : 268436456
[DisplayName] :
Raw Value : SQL Server 2022 Connection Info
[UninstallString] :
Raw Value : MsiExec.exe /I{42A5AED9-C2AC-421D-9FE0-50E1276A9BC6}
[InstallDate] :
Raw Value : 2023/08/07
[DisplayVersion] :
Raw Value : 16.0.1000.6
[VersionMinor] :
Raw Value : 0

92366 - Microsoft Windows Last Boot Time
-
Synopsis
Nessus was able to collect the remote host's last boot time in a human readable format.
Description
Nessus was able to collect and report the remote host's last boot time as an ISO 8601 timestamp.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/07/09
Plugin Output

tcp/0

Last reboot : 2024-03-22T15:24:15+09:00 (20240322152415.190701+540)

161502 - Microsoft Windows Logged On Users
-
Synopsis
Nessus was able to determine the logged on users from the registry
Description
Using the HKU registry, Nessus was able to enuemrate the SIDs of logged on users
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2022/05/25, Modified: 2022/05/25
Plugin Output

tcp/445/cifs

Logged on users :
- S-1-5-21-3388008032-3793481426-1508724218-500
Domain : EMSOCCS1
Username : Administrator
63080 - Microsoft Windows Mounted Devices
-
Synopsis
It is possible to get a list of mounted devices that may have been connected to the remote system in the past.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates mounted devices that have been connected to the remote host in the past.
See Also
Solution
Make sure that the mounted drives agree with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2012/11/28, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


Name : \??\volume{5c612a9b-2ac4-11ee-928c-d4f5ef9ff63b}
Data : _??_USBSTOR#Disk&Ven_BUFFALO&Prod_RUF3-HSTV5&Rev_3.10#7000A860070889CA27560854&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00420055004600460041004c004f002600500072006f0064005f0052005500460033002d004800530054005600350026005200650076005f0033002e003100300023003700300030003000410038003600300030003700300038003800390043004100320037003500360030003800350034002600310023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{69c4b4f8-196c-11ee-9277-d4f5ef9ff63b}
Data : \??\USBSTOR#CdRom&Ven_iLO&Prod_Virtual_DVD-ROM&Rev_#7&1fb0e32c&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c00550053004200530054004f00520023004300640052006f006d002600560065006e005f0069004c004f002600500072006f0064005f005600690072007400750061006c005f004400560044002d0052004f004d0026005200650076005f00230037002600310066006200300065003300320063002600300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{5c611f50-2ac4-11ee-928c-d4f5ef9ff63b}
Data : _??_USBSTOR#Disk&Ven_BUFFALO&Prod_RUF3-HSTV5&Rev_3.10#7000985E070889CA2E560885&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00420055004600460041004c004f002600500072006f0064005f0052005500460033002d004800530054005600350026005200650076005f0033002e003100300023003700300030003000390038003500450030003700300038003800390043004100320045003500360030003800380035002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{ad115672-a39a-11ee-92b2-d4f5ef9ff639}
Data : _??_USBSTOR#Disk&Ven_ELECOM&Prod_MF-PKU3&Rev_PMAP#0708345995A25789&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f0045004c00450043004f004d002600500072006f0064005f004d0046002d0050004b005500330026005200650076005f0050004d0041005000230030003700300038003300340035003900390035004100320035003700380039002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{2b64245f-83b0-11ee-92a8-d4f5ef9ff639}
Data : _??_USBSTOR#Disk&Ven_TM&Prod_TMPS3_DISK&Rev_PMAP#BD05070831E0E0AECB51&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f0054004d002600500072006f0064005f0054004d005000530033005f004400490053004b0026005200650076005f0050004d00410050002300420044003000350030003700300038003300310045003000450030004100450043004200350031002600310023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{2b64245e-83b0-11ee-92a8-d4f5ef9ff639}
Data : _??_USBSTOR#Disk&Ven_TM&Prod_TMPS3_DISK&Rev_PMAP#BD05070831E0E0AECB51&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f0054004d002600500072006f0064005f0054004d005000530033005f004400490053004b0026005200650076005f0050004d00410050002300420044003000350030003700300038003300310045003000450030004100450043004200350031002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{6711db89-4cfc-11ee-929e-d4f5ef9ff63b}
Data : _??_USBSTOR#Disk&Ven_ELECOM&Prod_MF-PKU3&Rev_PMAP#0708345A93A08C76&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f0045004c00450043004f004d002600500072006f0064005f004d0046002d0050004b005500330026005200650076005f0050004d0041005000230030003700300038003300340035004100390033004100300038004300370036002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{69e5c6a8-1d4f-11ee-9279-d4f5ef9ff63b}
Data : _??_USBSTOR#Disk&Ven_ELECOM&Prod_MF-PKU3&Rev_PMAP#07083458A6AE2D04&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f0045004c00450043004f004d002600500072006f0064005f004d0046002d0050004b005500330026005200650076005f0050004d0041005000230030003700300038003300340035003800410036004100450032004400300034002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{94523571-2f35-11ee-928c-d4f5ef9ff63b}
Data : \??\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004d007300660074002600500072006f0064005f005600690072007400750061006c005f004400560044002d0052004f004d002300320026003100660034006100640066006600650026003000260030003000300030003000310023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{94523270-2f35-11ee-928c-d4f5ef9ff63b}
Data : _??_USBSTOR#Disk&Ven_BUFFALO&Prod_RUF3-HSTV5&Rev_3.10#7000985F070889CA2F907009&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00420055004600460041004c004f002600500072006f0064005f0052005500460033002d004800530054005600350026005200650076005f0033002e003100300023003700300030003000390038003500460030003700300038003800390043004100320046003900300037003000300039002600310023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{5c612a9a-2ac4-11ee-928c-d4f5ef9ff63b}
Data : _??_USBSTOR#Disk&Ven_BUFFALO&Prod_RUF3-HSTV5&Rev_3.10#7000A860070889CA27560854&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00420055004600460041004c004f002600500072006f0064005f0052005500460033002d004800530054005600350026005200650076005f0033002e003100300023003700300030003000410038003600300030003700300038003800390043004100320037003500360030003800350034002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \dosdevices\e:
Data : \??\SCSI#CdRom&Ven_HPE&Prod_DVDROM_DUD1N#4&34bb1764&0&030000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004800500045002600500072006f0064005f0044005600440052004f004d005f0044005500440031004e002300340026003300340062006200310037003600340026003000260030003300300030003000300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{d88a854a-4869-11ee-929e-d4f5ef9ff63b}
Data : _??_USBSTOR#Disk&Ven_ELECOM&Prod_MF-PKU3&Rev_PMAP#07083459B5AE2D63&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f0045004c00450043004f004d002600500072006f0064005f004d0046002d0050004b005500330026005200650076005f0050004d0041005000230030003700300038003300340035003900420035004100450032004400360033002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{9452326f-2f35-11ee-928c-d4f5ef9ff63b}
Data : _??_USBSTOR#Disk&Ven_BUFFALO&Prod_RUF3-HSTV5&Rev_3.10#7000985F070889CA2F907009&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00420055004600460041004c004f002600500072006f0064005f0052005500460033002d004800530054005600350026005200650076005f0033002e003100300023003700300030003000390038003500460030003700300038003800390043004100320046003900300037003000300039002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{94522639-2f35-11ee-928c-d4f5ef9ff63b}
Data : _??_USBSTOR#Disk&Ven_BUFFALO&Prod_RUF3-HSTV5&Rev_3.10#70009C6D070889CA1A907125&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00420055004600460041004c004f002600500072006f0064005f0052005500460033002d004800530054005600350026005200650076005f0033002e003100300023003700300030003000390043003600440030003700300038003800390043004100310041003900300037003100320035002600310023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{5c611f51-2ac4-11ee-928c-d4f5ef9ff63b}
Data : _??_USBSTOR#Disk&Ven_BUFFALO&Prod_RUF3-HSTV5&Rev_3.10#7000985E070889CA2E560885&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00420055004600460041004c004f002600500072006f0064005f0052005500460033002d004800530054005600350026005200650076005f0033002e003100300023003700300030003000390038003500450030003700300038003800390043004100320045003500360030003800380035002600310023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{b3d49e58-5186-11ee-929e-d4f5ef9ff63b}
Data : _??_USBSTOR#Disk&Ven_ELECOM&Prod_MF-PKU3&Rev_PMAP#07083357DCAE2F49&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f0045004c00450043004f004d002600500072006f0064005f004d0046002d0050004b005500330026005200650076005f0050004d0041005000230030003700300038003300330035003700440043004100450032004600340039002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{94522638-2f35-11ee-928c-d4f5ef9ff63b}
Data : _??_USBSTOR#Disk&Ven_BUFFALO&Prod_RUF3-HSTV5&Rev_3.10#70009C6D070889CA1A907125&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00420055004600460041004c004f002600500072006f0064005f0052005500460033002d004800530054005600350026005200650076005f0033002e003100300023003700300030003000390043003600440030003700300038003800390043004100310041003900300037003100320035002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{b4c1e95a-196b-11ee-9275-806e6f6e6963}
Data : \??\SCSI#CdRom&Ven_HPE&Prod_DVDROM_DUD1N#4&34bb1764&0&030000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004800500045002600500072006f0064005f0044005600440052004f004d005f0044005500440031004e002300340026003300340062006200310037003600340026003000260030003300300030003000300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \dosdevices\f:
Data : _??_USBSTOR#Disk&Ven_TM&Prod_TMPS3_DISK&Rev_PMAP#BD05070831E0E0AECB51&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f0054004d002600500072006f0064005f0054004d005000530033005f004400490053004b0026005200650076005f0050004d00410050002300420044003000350030003700300038003300310045003000450030004100450043004200350031002600310023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \dosdevices\c:
Data : DMIO:ID:JVMB
Raw data : 444d494f3a49443aa19ccb4aafec564d98cf42cd1b86e6e6

Name : \dosdevices\d:
Data : _??_USBSTOR#Disk&Ven_TM&Prod_TMPS3_DISK&Rev_PMAP#BD05070831E0E0AECB51&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f0054004d002600500072006f0064005f0054004d005000530033005f004400490053004b0026005200650076005f0050004d00410050002300420044003000350030003700300038003300310045003000450030004100450043004200350031002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

92372 - Microsoft Windows NetBIOS over TCP/IP Info
-
Synopsis
Nessus was able to collect and report NBT information from the remote host.
Description
Nessus was able to collect details for NetBIOS over TCP/IP from the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2024/03/26
Plugin Output

tcp/0

NBT information attached.
First 10 lines of all CSVs:
nbtstat_local.csv:
Interface,Name,Suffix,Type,Status,MAC
,masked_hostname,<00>,一意,登録済,
,EMSOCCS1,<00>,グループ,登録済,
,EMSOCCS1,<1C>,グループ,登録済,
,masked_hostname,<20>,一意,登録済,
,EMSOCCS1,<1B>,一意,登録済,

103871 - Microsoft Windows Network Adapters
-
Synopsis
Identifies the network adapters installed on the remote host.
Description
Using the supplied credentials, this plugin enumerates and reports the installed network adapters on the remote Windows host.
Solution
Make sure that all of the installed network adapters agrees with your organization's acceptable use and security policies.
Risk Factor
None
References
XREF IAVT:0001-T-0758
Plugin Information
Published: 2017/10/17, Modified: 2022/02/01
Plugin Output

tcp/445/cifs

Network Adapter Driver Description : HPE Ethernet 1Gb 4-port 366FLR Adapter
Network Adapter Driver Version : 12.18.13.0

Network Adapter Driver Description : HPE Ethernet 1Gb 4-port 366FLR Adapter
Network Adapter Driver Version : 12.18.13.0

Network Adapter Driver Description : HPE Ethernet 1Gb 4-port 366FLR Adapter
Network Adapter Driver Version : 12.18.13.0

Network Adapter Driver Description : HPE Ethernet 1Gb 4-port 366T Adapter
Network Adapter Driver Version : 12.18.13.0

Network Adapter Driver Description : HPE Ethernet 1Gb 4-port 366T Adapter
Network Adapter Driver Version : 12.18.13.0

Network Adapter Driver Description : HPE Ethernet 1Gb 4-port 366T Adapter
Network Adapter Driver Version : 12.18.13.0

Network Adapter Driver Description : HPE Ethernet 1Gb 4-port 366T Adapter
Network Adapter Driver Version : 12.18.13.0

Network Adapter Driver Description : HPE Ethernet 1Gb 4-port 366FLR Adapter
Network Adapter Driver Version : 12.18.13.0
65791 - Microsoft Windows Portable Devices
-
Synopsis
It is possible to get a list of portable devices that may have been connected to the remote system in the past.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates portable devices that have been connected to the remote host in the past.
See Also
Solution
Make sure that use of the portable devices agrees with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2013/04/03, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


Friendly name : Buffalo_USB
Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_BUFFALO&PROD_RUF3-HSTV5&REV_3.10#7000985E070889CA2E560885&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}

Friendly name : Utilities
Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_BUFFALO&PROD_RUF3-HSTV5&REV_3.10#7000985E070889CA2E560885&1#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}

Friendly name : Buffalo_USB
Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_BUFFALO&PROD_RUF3-HSTV5&REV_3.10#7000985F070889CA2F907009&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}

Friendly name : Utilities
Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_BUFFALO&PROD_RUF3-HSTV5&REV_3.10#7000985F070889CA2F907009&1#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}

Friendly name : Buffalo_USB
Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_BUFFALO&PROD_RUF3-HSTV5&REV_3.10#70009C6D070889CA1A907125&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}

Friendly name : Utilities
Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_BUFFALO&PROD_RUF3-HSTV5&REV_3.10#70009C6D070889CA1A907125&1#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}

Friendly name : Buffalo_USB
Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_BUFFALO&PROD_RUF3-HSTV5&REV_3.10#7000A860070889CA27560854&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}

Friendly name : Utilities
Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_BUFFALO&PROD_RUF3-HSTV5&REV_3.10#7000A860070889CA27560854&1#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}

Friendly name : D:\
Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_ELECOM&PROD_MF-PKU3&REV_PMAP#07083357DCAE2F49&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}

Friendly name : D:\
Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_ELECOM&PROD_MF-PKU3&REV_PMAP#07083458A6AE2D04&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}

Friendly name : D:\
Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_ELECOM&PROD_MF-PKU3&REV_PMAP#0708345995A25789&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}

Friendly name : D:\
Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_ELECOM&PROD_MF-PKU3&REV_PMAP#07083459B5AE2D63&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}

Friendly name : D:\
Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_ELECOM&PROD_MF-PKU3&REV_PMAP#0708345A93A08C76&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}

Friendly name : TMPS3 DAT
Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_TM&PROD_TMPS3_DISK&REV_PMAP#BD05070831E0E0AECB51&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}

Friendly name : TMPS3 SYS
Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_TM&PROD_TMPS3_DISK&REV_PMAP#BD05070831E0E0AECB51&1#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}

92367 - Microsoft Windows PowerShell Execution Policy
-
Synopsis
Nessus was able to collect and report the PowerShell execution policy for the remote host.
Description
Nessus was able to collect and report the PowerShell execution policy for the remote Windows host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2020/06/12
Plugin Output

tcp/0

HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy : RemoteSigned
HKLM\SOFTWARE\Wow6432Node\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy : RemoteSigned

151440 - Microsoft Windows Print Spooler Service Enabled
-
Synopsis
The Microsoft Windows Print Spooler service on the remote host is enabled.
Description
The Microsoft Windows Print Spooler service (spoolsv.exe) on the remote host is enabled.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2021/07/07, Modified: 2021/07/07
Plugin Output

tcp/445/cifs

The Microsoft Windows Print Spooler service on the remote host is enabled.

70329 - Microsoft Windows Process Information
-
Synopsis
Use WMI to obtain running process information.
Description
Report details on the running processes on the machine.

This plugin is informative only and could be used for forensic investigation, malware detection, and to confirm that your system processes conform to your system policies.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/08, Modified: 2024/03/26
Plugin Output

tcp/0

Process Overview :
SID: Process (PID)
0 : System Idle Process (0)
0 : |- System (4)
0 : |- smss.exe (1012)
0 : wininit.exe (1124)
0 : |- fontdrvhost.exe (11148)
0 : |- services.exe (1248)
0 : |- svchost.exe (10780)
0 : |- svchost.exe (13176)
0 : |- svchost.exe (1344)
0 : |- sqlservr.exe (13604)
0 : |- svchost.exe (13936)
0 : |- McnMon.exe (14004)
2 : |- svchost.exe (14464)
0 : |- svchost.exe (14704)
0 : |- MAServer.exe (15220)
0 : |- MAServer.exe (5420)
0 : |- conhost.exe (16328)
0 : |- EventParser.exe (16296)
0 : |- srvmon.exe (13492)
0 : |- tomcat9.exe (16304)
0 : |- conhost.exe (16356)
0 : |- fdlauncher.exe (16372)
0 : |- fdhost.exe (16636)
0 : |- conhost.exe (16644)
0 : |- svchost.exe (1648)
0 : |- svchost.exe (1660)
0 : |- svchost.exe (1716)
0 : |- apache.exe (17308)
0 : |- rotatelogs.exe (17724)
0 : |- conhost.exe (17736)
0 : |- rotatelogs.exe (17780)
0 : |- conhost.exe (17800)
0 : |- apache.exe (17840)
0 : |- rotatelogs.exe (17648)
0 : |- conhost.exe (17672)
0 : |- rotatelogs.exe (17656)
0 : |- conhost.exe (17684)
0 : |- svchost.exe (1732)
0 : |- svchost.exe (1752)
2 : |- RuntimeBroker.exe (10800)
2 : |- dllhost.exe (17180)
2 : |- SearchUI.exe (20592)
2 : |- RuntimeBroker.exe (21012)
0 : |- WmiPrvSE.exe (21108)
2 : |- ImeBroker.exe (21196)
0 : |- WmiPrvSE.exe (23016)
2 : |- RuntimeBroker.exe (3852)
2 : |- ShellExperienceHost.exe (5508)
0 : |- WmiPrvSE.exe (8500)
0 : |- svchost.exe (17820)
2 : |- svchost.exe (17824)
0 : |- svchost.exe (1792)
0 : |- svchost.exe (1840)
0 : |- svchost.exe (19652)
0 : |- msdtc.exe (19880)
0 : |- svchost.exe (2020)
0 : |- svchost.exe (2032)
2 : |- rdpclip.exe (12828)
0 : |- svchost.exe (20892)
0 : |- svchost.exe (2108)
0 : |- svchost.exe (2116)
0 : |- svchost.exe (21492)
0 : |- svchost.exe (2164)
0 : |- svchost.exe (2180)
0 : |- svchost.exe (2188)
0 : |- SecurityHealthService.exe (21928)
0 : |- svchost.exe (22120)
2 : |- svchost.exe (22316)
0 : |- svchost.exe (22664)
0 : |- svchost.exe (22956)
0 : |- svchost.exe (2300)
0 : |- svchost.exe (2332)
0 : |- svchost.exe (2336)
0 : |- svchost.exe (2436)
0 : |- svchost.exe (2472)
0 : |- svchost.exe (2500)
0 : |- Microsoft.ActiveDirectory.WebServices.exe (2544)
0 : |- svchost.exe (2552)
0 : |- svchost.exe (2560)
0 : |- svchost.exe (2568)
0 : |- svchost.exe (2644)
2 : |- taskhostw.exe (20844)
2 : |- taskhostw.exe (4280)
0 : |- svchost.exe (2668)
0 : |- svchost.exe (2684)
0 : |- svchost.exe (2744)
0 : |- svchost.exe (2768)
0 : |- svchost.exe (2916)
0 : |- svchost.exe (2972)
0 : |- svchost.exe (2984)
0 : |- svchost.exe (3008)
2 : |- sihost.exe (13100)
2 : |- svchost.exe (3040)
0 : |- svchost.exe (3096)
0 : |- svchost.exe (3148)
0 : |- svchost.exe (3172)
0 : |- svchost.exe (3188)
0 : |- svchost.exe (3200)
2 : |- ctfmon.exe (15216)
0 : |- svchost.exe (3340)
0 : |- svchost.exe (3792)
0 : |- svchost.exe (3896)
0 : |- svchost.exe (3908)
0 : |- svchost.exe (3916)
0 : |- svchost.exe (3952)
0 : |- svchost.exe (3972)
0 : |- svchost.exe (3996)
0 : |- dsamain.exe (4012)
0 : |- svchost.exe (4036)
0 : |- svchost.exe (4044)
0 : |- svchost.exe (4076)
0 : |- hpepqiesrv.exe (4252)
0 : |- certsrv.exe (4256)
0 : |- sqlceip.exe (4312)
0 : |- dns.exe (4348)
0 : |- svchost.exe (4428)
0 : |- ismserv.exe (4448)
0 : |- dfsrs.exe (4712)
0 : |- spoolsv.exe (5008)
0 : |- MAPwdNotifier.exe (5284)
0 : |- ams.exe (5292)
0 : |- svchost.exe (5316)
0 : |- mfemms.exe (5324)
0 : |- mfevtps.exe (6628)
0 : |- mcshield.exe (8628)
0 : |- mfeesp.exe (8664)
0 : |- mfefw.exe (8824)
0 : |- mfehcs.exe (8908)
0 : |- mfeatp.exe (8992)
0 : |- mfeensppl.exe (9100)
0 : |- mfetp.exe (9172)
0 : |- sqlwriter.exe (5332)
0 : |- sqlbrowser.exe (5352)
0 : |- masvc.exe (5360)
0 : |- mfemactl.exe (10192)
0 : |- macmnsvc.exe (5368)
0 : |- MsMpEng.exe (5464)
0 : |- dfssvc.exe (5496)
0 : |- svchost.exe (6156)
0 : |- vds.exe (8880)
0 : |- svchost.exe (8916)
0 : |- mfewc.exe (9008)
2 : |- mfewch.exe (11280)
2 : |- conhost.exe (20656)
0 : |- macompatsvc.exe (9404)
0 : |- svchost.exe (9424)
0 : |- svchost.exe (976)
0 : |- lsass.exe (1268)
2 : csrss.exe (1868)
2 : mmc.exe (22072)
3 : csrss.exe (23376)
0 : csrss.exe (428)
0 : Registry (468)
3 : winlogon.exe (5880)
3 : |- dwm.exe (21724)
3 : |- LogonUI.exe (4208)
3 : |- fontdrvhost.exe (592)
2 : winlogon.exe (6164)
2 : |- dwm.exe (13180)
2 : |- LogonUI.exe (15496)
2 : |- fontdrvhost.exe (1896)

Process_Information_.csv : information about the running process.
70331 - Microsoft Windows Process Module Information
-
Synopsis
Use WMI to obtain running process module information.
Description
Report details on the running processes modules on the machine.

This plugin is informative only and could be used for forensic investigation, malware detection, and to that confirm your system processes conform to your system policies.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/08, Modified: 2024/03/26
Plugin Output

tcp/0

Process_Modules_.csv : lists the loaded modules for each process.

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/53/dns


The Win32 process 'dns.exe' is listening on this port (pid 4348).

This process 'dns.exe' (pid 4348) is hosting the following Windows services :
DNS (@%systemroot%\system32\dns.exe,-49157)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

udp/53/dns


The Win32 process 'dns.exe' is listening on this port (pid 4348).

This process 'dns.exe' (pid 4348) is hosting the following Windows services :
DNS (@%systemroot%\system32\dns.exe,-49157)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/80/www


The Win32 process 'apache.exe' is listening on this port (pid 17308).

This process 'apache.exe' (pid 17308) is hosting the following Windows services :
EPOAHAPACHESRV (Trellix ePolicy Orchestrator 5.10.0 ....)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/88


The Win32 process 'lsass.exe' is listening on this port (pid 1268).

This process 'lsass.exe' (pid 1268) is hosting the following Windows services :
Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1)
KeyIso (@keyiso.dll,-100)
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

udp/88


The Win32 process 'lsass.exe' is listening on this port (pid 1268).

This process 'lsass.exe' (pid 1268) is hosting the following Windows services :
Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1)
KeyIso (@keyiso.dll,-100)
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

udp/123/ntp


The Win32 process 'svchost.exe' is listening on this port (pid 1660).

This process 'svchost.exe' (pid 1660) is hosting the following Windows services :
W32Time (@%SystemRoot%\system32\w32time.dll,-200)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/135/epmap


The Win32 process 'svchost.exe' is listening on this port (pid 1792).

This process 'svchost.exe' (pid 1792) is hosting the following Windows services :
RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001)
RpcSs (@combase.dll,-5010)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

udp/137/netbios-ns


The Win32 process 'System' is listening on this port (pid 4).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

udp/138


The Win32 process 'System' is listening on this port (pid 4).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/139/smb


The Win32 process 'System' is listening on this port (pid 4).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/389/ldap


The Win32 process 'lsass.exe' is listening on this port (pid 1268).

This process 'lsass.exe' (pid 1268) is hosting the following Windows services :
Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1)
KeyIso (@keyiso.dll,-100)
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

udp/389


The Win32 process 'lsass.exe' is listening on this port (pid 1268).

This process 'lsass.exe' (pid 1268) is hosting the following Windows services :
Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1)
KeyIso (@keyiso.dll,-100)
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/443


The Win32 process 'apache.exe' is listening on this port (pid 17308).

This process 'apache.exe' (pid 17308) is hosting the following Windows services :
EPOAHAPACHESRV (Trellix ePolicy Orchestrator 5.10.0 ....)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/445/cifs


The Win32 process 'System' is listening on this port (pid 4).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/464


The Win32 process 'lsass.exe' is listening on this port (pid 1268).

This process 'lsass.exe' (pid 1268) is hosting the following Windows services :
Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1)
KeyIso (@keyiso.dll,-100)
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

udp/464


The Win32 process 'lsass.exe' is listening on this port (pid 1268).

This process 'lsass.exe' (pid 1268) is hosting the following Windows services :
Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1)
KeyIso (@keyiso.dll,-100)
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

udp/500


The Win32 process 'svchost.exe' is listening on this port (pid 2108).

This process 'svchost.exe' (pid 2108) is hosting the following Windows services :
IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/593/http-rpc-epmap


The Win32 process 'svchost.exe' is listening on this port (pid 1792).

This process 'svchost.exe' (pid 1792) is hosting the following Windows services :
RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001)
RpcSs (@combase.dll,-5010)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/636/ldap


The Win32 process 'lsass.exe' is listening on this port (pid 1268).

This process 'lsass.exe' (pid 1268) is hosting the following Windows services :
Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1)
KeyIso (@keyiso.dll,-100)
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/1433/mssql


The Win32 process 'sqlservr.exe' is listening on this port (pid 13604).

This process 'sqlservr.exe' (pid 13604) is hosting the following Windows services :
MSSQLSERVER (SQL Server (MSSQLSERVER))

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

udp/1434


The Win32 process 'sqlbrowser.exe' is listening on this port (pid 5352).

This process 'sqlbrowser.exe' (pid 5352) is hosting the following Windows services :
SQLBrowser (SQL Server Browser)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/3260


The Win32 process 'svchost.exe' is listening on this port (pid 2916).

This process 'svchost.exe' (pid 2916) is hosting the following Windows services :
WinTarget (@%SystemRoot%\system32\iSCSITgt.dll,-102)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/3268/ldap


The Win32 process 'lsass.exe' is listening on this port (pid 1268).

This process 'lsass.exe' (pid 1268) is hosting the following Windows services :
Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1)
KeyIso (@keyiso.dll,-100)
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/3269/ldap


The Win32 process 'lsass.exe' is listening on this port (pid 1268).

This process 'lsass.exe' (pid 1268) is hosting the following Windows services :
Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1)
KeyIso (@keyiso.dll,-100)
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/3389/msrdp


The Win32 process 'svchost.exe' is listening on this port (pid 2032).

This process 'svchost.exe' (pid 2032) is hosting the following Windows services :
TermService (@%SystemRoot%\System32\termsrv.dll,-268)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

udp/3389


The Win32 process 'svchost.exe' is listening on this port (pid 2032).

This process 'svchost.exe' (pid 2032) is hosting the following Windows services :
TermService (@%SystemRoot%\System32\termsrv.dll,-268)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

udp/4500


The Win32 process 'svchost.exe' is listening on this port (pid 2108).

This process 'svchost.exe' (pid 2108) is hosting the following Windows services :
IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

udp/5353


The Win32 process 'svchost.exe' is listening on this port (pid 2116).

This process 'svchost.exe' (pid 2116) is hosting the following Windows services :
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

udp/5355/llmnr


The Win32 process 'svchost.exe' is listening on this port (pid 2116).

This process 'svchost.exe' (pid 2116) is hosting the following Windows services :
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/5985/www


The Win32 process 'System' is listening on this port (pid 4).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/8081


The Win32 process 'macmnsvc.exe' is listening on this port (pid 5368).

This process 'macmnsvc.exe' (pid 5368) is hosting the following Windows services :
macmnsvc (Trellix Agent Common Services)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

udp/8082


The Win32 process 'macmnsvc.exe' is listening on this port (pid 5368).

This process 'macmnsvc.exe' (pid 5368) is hosting the following Windows services :
macmnsvc (Trellix Agent Common Services)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/8443/www


The Win32 process 'tomcat9.exe' is listening on this port (pid 16304).

This process 'tomcat9.exe' (pid 16304) is hosting the following Windows services :
EPOTOMCATSRV5100 (Trellix ePolicy Orchestrator 5.10.0 ........ ....)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/8444/www


The Win32 process 'tomcat9.exe' is listening on this port (pid 16304).

This process 'tomcat9.exe' (pid 16304) is hosting the following Windows services :
EPOTOMCATSRV5100 (Trellix ePolicy Orchestrator 5.10.0 ........ ....)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/9389


The Win32 process 'Microsoft.ActiveDirectory.WebServices.exe' is listening on this port (pid 2544).

This process 'Microsoft.ActiveDirectory.WebServices.exe' (pid 2544) is hosting the following Windows services :
ADWS (@%SystemRoot%\ADWS\adwsres.dll,-1)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/10024


The Win32 process 'MAServer.exe' is listening on this port (pid 5420).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/43553


The Win32 process 'dsamain.exe' is listening on this port (pid 4012).

This process 'dsamain.exe' (pid 4012) is hosting the following Windows services :
ADAM_Madb (Madb)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

udp/43553


The Win32 process 'dsamain.exe' is listening on this port (pid 4012).

This process 'dsamain.exe' (pid 4012) is hosting the following Windows services :
ADAM_Madb (Madb)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/43554


The Win32 process 'dsamain.exe' is listening on this port (pid 4012).

This process 'dsamain.exe' (pid 4012) is hosting the following Windows services :
ADAM_Madb (Madb)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/47001/www


The Win32 process 'System' is listening on this port (pid 4).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/49664/dce-rpc


The Win32 process 'wininit.exe' is listening on this port (pid 1124).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/49665/dce-rpc


The Win32 process 'svchost.exe' is listening on this port (pid 2300).

This process 'svchost.exe' (pid 2300) is hosting the following Windows services :
EventLog (@%SystemRoot%\system32\wevtsvc.dll,-200)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/49666/dce-rpc


The Win32 process 'svchost.exe' is listening on this port (pid 2644).

This process 'svchost.exe' (pid 2644) is hosting the following Windows services :
Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/49667/dce-rpc


The Win32 process 'lsass.exe' is listening on this port (pid 1268).

This process 'lsass.exe' (pid 1268) is hosting the following Windows services :
Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1)
KeyIso (@keyiso.dll,-100)
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/49669/dce-rpc


The Win32 process 'svchost.exe' is listening on this port (pid 4044).

This process 'svchost.exe' (pid 4044) is hosting the following Windows services :
SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/49670/dce-rpc


The Win32 process 'svchost.exe' is listening on this port (pid 2336).

This process 'svchost.exe' (pid 2336) is hosting the following Windows services :
PolicyAgent (@%SystemRoot%\System32\polstore.dll,-5010)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/49671/ncacn_http


The Win32 process 'lsass.exe' is listening on this port (pid 1268).

This process 'lsass.exe' (pid 1268) is hosting the following Windows services :
Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1)
KeyIso (@keyiso.dll,-100)
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/49672/dce-rpc


The Win32 process 'lsass.exe' is listening on this port (pid 1268).

This process 'lsass.exe' (pid 1268) is hosting the following Windows services :
Kdc (@%SystemRoot%\System32\kdcsvc.dll,-1)
KeyIso (@keyiso.dll,-100)
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
NTDS (@%SystemRoot%\System32\ntdsmsg.dll,-1)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/49673/dce-rpc


The Win32 process 'spoolsv.exe' is listening on this port (pid 5008).

This process 'spoolsv.exe' (pid 5008) is hosting the following Windows services :
Spooler (@%systemroot%\system32\spoolsv.exe,-1)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/49677/dce-rpc


The Win32 process 'dsamain.exe' is listening on this port (pid 4012).

This process 'dsamain.exe' (pid 4012) is hosting the following Windows services :
ADAM_Madb (Madb)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/49713/dce-rpc


The Win32 process 'dfsrs.exe' is listening on this port (pid 4712).

This process 'dfsrs.exe' (pid 4712) is hosting the following Windows services :
DFSR (@dfsrress.dll,-101)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/49736


The Win32 process 'tomcat9.exe' is listening on this port (pid 16304).

This process 'tomcat9.exe' (pid 16304) is hosting the following Windows services :
EPOTOMCATSRV5100 (Trellix ePolicy Orchestrator 5.10.0 ........ ....)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/49738/dce-rpc


The Win32 process 'services.exe' is listening on this port (pid 1248).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/49742/dce-rpc


The Win32 process 'certsrv.exe' is listening on this port (pid 4256).

This process 'certsrv.exe' (pid 4256) is hosting the following Windows services :
CertSvc (@%systemroot%\system32\certocm.dll,-347)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/56042


The Win32 process 'svchost.exe' is listening on this port (pid 2768).

This process 'svchost.exe' (pid 2768) is hosting the following Windows services :
Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

udp/58776


The Win32 process 'svchost.exe' is listening on this port (pid 2116).

This process 'svchost.exe' (pid 2116) is hosting the following Windows services :
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

udp/65535


The Win32 process 'svchost.exe' is listening on this port (pid 2116).

This process 'svchost.exe' (pid 2116) is hosting the following Windows services :
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)

126527 - Microsoft Windows SAM user enumeration
-
Synopsis
Nessus was able to enumerate domain users from the local SAM.
Description
Using the domain security identifier (SID), Nessus was able to enumerate the domain users on the remote Windows system using the Security Accounts Manager.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2019/07/08, Modified: 2023/01/20
Plugin Output

tcp/0

- 1108 (id S-1-5-21-3388008032-3793481426-1375, øâ zt)
- Administrator (id S-1-5-21-3388008032-3793481426-500, ³óÔåü¿ü/Éá¤ón¡.( (ÓëÈ¤ó ¢«¦óÈ), Administrator account)
- AppUser (id S-1-5-21-3388008032-3793481426-1305, AppUser)
- DBAdmin (id S-1-5-21-3388008032-3793481426-1103, DBAdmin)
- EVEMAAdmin (id S-1-5-21-3388008032-3793481426-1313, EVEMA Administrator)
- EVEMAuser (id S-1-5-21-3388008032-3793481426-1304, EVEMAuser)
- FJuser (id S-1-5-21-3388008032-3793481426-1608, FJuser)
- fujimoto (id S-1-5-21-3388008032-3793481426-1347, ä, [)
- goto (id S-1-5-21-3388008032-3793481426-1366, Ί S*)
- Guest (id S-1-5-21-3388008032-3793481426-501, ³óÔåü¿ü/Éá¤óxn²¹È ¢¯»¹( (ÓëÈ¤ó ¢«¦óÈ), Guest account)
- hashimoto (id S-1-5-21-3388008032-3793481426-1367, K, .S)
- honda (id S-1-5-21-3388008032-3793481426-1371, ,. -')
- hoshi (id S-1-5-21-3388008032-3793481426-1353, . ·*)
- ikeda (id S-1-5-21-3388008032-3793481426-1340, `0 .))
- ikedasho (id S-1-5-21-3388008032-3793481426-1360, `0 .>)
- itoya (id S-1-5-21-3388008032-3793481426-1350,
ä ·Û)
- itoyu (id S-1-5-21-3388008032-3793481426-1349,
ä Ä)
- Katsuragi (id S-1-5-21-3388008032-3793481426-1362, [Î j)
- kawatani (id S-1-5-21-3388008032-3793481426-1368, Ý7 j)
- kimura (id S-1-5-21-3388008032-3793481426-1373, (Q <º)
- komi (id S-1-5-21-3388008032-3793481426-1374, .‹ .ò)
- krbtgt (id S-1-5-21-3388008032-3793481426-502, Kerberos account, ­üM.»ó¿ü µüÓ¹ ¢«¦óÈ)
- manabe (id S-1-5-21-3388008032-3793481426-1357, .K ܌.)
- miyase (id S-1-5-21-3388008032-3793481426-1341, ®] eP)
- miyoshi (id S-1-5-21-3388008032-3793481426-1352, } e*)
- mizunishi (id S-1-5-21-3388008032-3793481426-1369, 4 P??)
- mod-test-user (id S-1-5-21-3388008032-3793481426-1337, mod)
- mori (id S-1-5-21-3388008032-3793481426-1370, î òs)
- murawaki (id S-1-5-21-3388008032-3793481426-1354, Q. Àx)
- ogasawara (id S-1-5-21-3388008032-3793481426-1351, . Ÿ z)
- OKADA (id S-1-5-21-3388008032-3793481426-1364, ¡0 ÕË)
- satake (id S-1-5-21-3388008032-3793481426-1365, Pù .I)
- SAWADA (id S-1-5-21-3388008032-3793481426-1363, ¤0 i)
- shimada (id S-1-5-21-3388008032-3793481426-1356, ö0 )
- takahashi (id S-1-5-21-3388008032-3793481426-1372, ØK .*)
- takeshita (id S-1-5-21-3388008032-3793481426-1358, ù. Ò)
- tamagawa (id S-1-5-21-3388008032-3793481426-1342, ‰Ý .2)
- Tanaka (id S-1-5-21-3388008032-3793481426-1344, 0- P´)
- testuser1 (id S-1-5-21-3388008032-3793481426-1322, testuser1)
- testuser2 (id S-1-5-21-3388008032-3793481426-1325, testuser2)
- tsuchiya (id S-1-5-21-3388008032-3793481426-1631, .K ÕË)
- uchida (id S-1-5-21-3388008032-3793481426-1346, …0 OÛ)
- ueda (id S-1-5-21-3388008032-3793481426-1348,
0 ©Œ)
- watanabe (id S-1-5-21-3388008032-3793481426-1359, !Š ´)
- webuser (id S-1-5-21-3388008032-3793481426-1107, webuser)
- yasuda (id S-1-5-21-3388008032-3793481426-1355, ‰0 ._)
- yoshida (id S-1-5-21-3388008032-3793481426-1345, 0 -Ë)
- yoshiyama (id S-1-5-21-3388008032-3793481426-1361, q Œ9)

17651 - Microsoft Windows SMB : Obtains the Password Policy
-
Synopsis
It is possible to retrieve the remote host's password policy using the supplied credentials.
Description
Using the supplied credentials it was possible to extract the password policy for the remote Windows host. The password policy must conform to the Informational System Policy.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/03/30, Modified: 2015/01/12
Plugin Output

tcp/445/cifs

The following password policy is defined on the remote host:

Minimum password len: 8
Password history len: 24
Maximum password age (d): 30
Password must meet complexity requirements: Enabled
Minimum password age (d): 0
Forced logoff time (s): Not set
Locked account time (s): 900
Time between failed logon (s): 900
Number of invalid logon before locked out (s): 3
38689 - Microsoft Windows SMB Last Logged On User Disclosure
-
Synopsis
Nessus was able to identify the last logged on user on the remote host.
Description
By connecting to the remote host with the supplied credentials, Nessus was able to identify the username associated with the last successful logon.

Microsoft documentation notes that interactive console logons change the DefaultUserName registry entry to be the last logged-on user.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/05/05, Modified: 2019/09/02
Plugin Output

tcp/445/cifs


Last Successful logon : EMSOCCS1\Administrator
10394 - Microsoft Windows SMB Log In Possible
-
Synopsis
It was possible to log into the remote host.
Description
The remote host is running a Microsoft Windows operating system or Samba, a CIFS/SMB server for Unix. It was possible to log into it using one of the following accounts :

- Guest account
- Supplied credentials
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2000/05/09, Modified: 2023/07/25
Plugin Output

tcp/445/cifs

- The SMB tests will be done as EMSOCCS1\Administrator/******
- NULL sessions may be enabled on the remote host.
10859 - Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration
-
Synopsis
It is possible to obtain the host SID for the remote host.
Description
By emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the host SID (Security Identifier).

The host SID can then be used to get the list of local users.
See Also
Solution
You can prevent anonymous lookups of the host SID by setting the 'RestrictAnonymous' registry setting to an appropriate value.

Refer to the 'See also' section for guidance.
Risk Factor
None
Plugin Information
Published: 2002/02/13, Modified: 2024/01/31
Plugin Output

tcp/445/cifs


The remote host SID value is : S-1-5-21-3388008032-3793481426-1508724218

The value of 'RestrictAnonymous' setting is : 0
10785 - Microsoft Windows SMB NativeLanManager Remote System Information Disclosure
-
Synopsis
It was possible to obtain information about the remote operating system.
Description
Nessus was able to obtain the remote operating system name and version (Windows and/or Samba) by sending an authentication request to port 139 or 445. Note that this plugin requires SMB to be enabled on the host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/10/17, Modified: 2021/09/20
Plugin Output

tcp/445/cifs

Nessus was able to obtain the following information about the host, by
parsing the SMB2 Protocol's NTLM SSP message:

Target Name: EMSOCCS1
NetBIOS Domain Name: EMSOCCS1
NetBIOS Computer Name: masked_hostname
DNS Domain Name: gcc.EMSOCCS.gsdf.mods.go.jp
DNS Computer Name: masked_hostname.gcc.EMSOCCS.gsdf.mods.go.jp
DNS Tree Name: gcc.EMSOCCS.gsdf.mods.go.jp
Product Version: 10.0.17763
77477 - Microsoft Windows SMB Registry : McAfee EPO GUID
-
Synopsis
The remote system is managed by McAfee EPO.
Description
By reading the registry key HKLM\\SOFTWARE\\Network Associates\\ePolicy Orchestrator\\Agent, it was possible to determine that the remote Windows system is managed by McAfee EPO.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0869
Plugin Information
Published: 2014/09/02, Modified: 2022/02/01
Plugin Output

tcp/445/cifs

The remote host is designated by the following McAfee EPO GUID : {c70cf23f-e075-4311-801e-3c54f1cec65b}
48942 - Microsoft Windows SMB Registry : OS Version and Processor Architecture
-
Synopsis
It was possible to determine the processor architecture, build lab strings, and Windows OS version installed on the remote system.
Description
Nessus was able to determine the processor architecture, build lab strings, and the Windows OS version installed on the remote system by connecting to the remote registry with the supplied credentials.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/08/31, Modified: 2022/02/01
Plugin Output

tcp/445/cifs

Operating system version = 10.17763
Architecture = x64
Build lab extended = 17763.1.amd64fre.rs5_release.180914-1434
10413 - Microsoft Windows SMB Registry : Remote PDC/BDC Detection
-
Synopsis
The remote system is a Domain Controller.
Description
The remote host seems to be a Primary Domain Controller or a Backup Domain Controller.

This can be verified by the value of the registry key 'ProductType'
under 'HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions'.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0030
XREF IAVT:0001-T-0942
Plugin Information
Published: 2000/05/20, Modified: 2023/08/17
Plugin Output

tcp/445/cifs

11457 - Microsoft Windows SMB Registry : Winlogon Cached Password Weakness
-
Synopsis
User credentials are stored in memory.
Description
The registry key 'HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ Winlogon\CachedLogonsCount' is not 0. Using a value greater than 0 for the CachedLogonsCount key indicates that the remote Windows host locally caches the passwords of the users when they login, in order to continue to allow the users to login in the case of the failure of the primary domain controller (PDC).

Cached logon credentials could be accessed by an attacker and subjected to brute force attacks.
See Also
Solution
Consult Microsoft documentation and best practices.
Risk Factor
None
Plugin Information
Published: 2003/03/24, Modified: 2018/06/05
Plugin Output

tcp/445/cifs


Max cached logons : 3
10400 - Microsoft Windows SMB Registry Remotely Accessible
-
Synopsis
Access the remote Windows Registry.
Description
It was possible to access the remote Windows Registry using the login / password combination used for the Windows local checks (SMB tests).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2000/05/09, Modified: 2022/02/01
Plugin Output

tcp/445/cifs

44401 - Microsoft Windows SMB Service Config Enumeration
-
Synopsis
It was possible to enumerate configuration parameters of remote services.
Description
Nessus was able to obtain, via the SMB protocol, the launch parameters of each active service on the remote host (executable path, logon type, etc.).
Solution
Ensure that each service is configured properly.
Risk Factor
None
References
XREF IAVT:0001-T-0752
Plugin Information
Published: 2010/02/05, Modified: 2022/05/16
Plugin Output

tcp/445/cifs


The following services are set to start automatically :

ADAM_Madb startup parameters :
Display name : Madb
Service name : ADAM_Madb
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\dsamain.exe -sn:Madb
Dependencies : EventSystem/

ADWS startup parameters :
Display name : Active Directory Web Services
Service name : ADWS
Log on as : LocalSystem
Executable path : C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe

AzureAttestService startup parameters :
Display name : AzureAttestService
Service name : AzureAttestService
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k AzureAttestService

BFE startup parameters :
Display name : Base Filtering Engine
Service name : BFE
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
Dependencies : RpcSs/

BrokerInfrastructure startup parameters :
Display name : Background Tasks Infrastructure Service
Service name : BrokerInfrastructure
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p
Dependencies : RpcEptMapper/DcomLaunch/RpcSs/

CDPSvc startup parameters :
Display name : Connected Devices Platform Service
Service name : CDPSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p
Dependencies : ncbservice/RpcSS/Tcpip/

CDPUserSvc_b5a703 startup parameters :
Display name : Connected Devices Platform æüķü ĩüÓđ_b5a703
Service name : CDPUserSvc_b5a703
Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup

CertPropSvc startup parameters :
Display name : Certificate Propagation
Service name : CertPropSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RpcSs/

CertSvc startup parameters :
Display name : Active Directory Certificate Services
Service name : CertSvc
Log on as : localSystem
Executable path : C:\Windows\system32\certsrv.exe

CoreMessagingRegistrar startup parameters :
Display name : CoreMessaging
Service name : CoreMessagingRegistrar
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p
Dependencies : rpcss/

CryptSvc startup parameters :
Display name : Cryptographic Services
Service name : CryptSvc
Log on as : NT Authority\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkService -p
Dependencies : RpcSs/

DFSR startup parameters :
Display name : DFS Replication
Service name : DFSR
Log on as : LocalSystem
Executable path : C:\Windows\system32\DFSRs.exe
Dependencies : RpcSs/EventSystem/NTDS/

DNS startup parameters :
Display name : DNS Server
Service name : DNS
Log on as : LocalSystem
Executable path : C:\Windows\system32\dns.exe
Dependencies : Tcpip/Afd/RpcSs/NTDS/

DPS startup parameters :
Display name : Diagnostic Policy Service
Service name : DPS
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p

DcomLaunch startup parameters :
Display name : DCOM Server Process Launcher
Service name : DcomLaunch
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p

Dfs startup parameters :
Display name : DFS Namespace
Service name : Dfs
Log on as : LocalSystem
Executable path : C:\Windows\system32\dfssvc.exe
Dependencies : LanmanWorkstation/LanmanServer/DfsDriver/Mup/SamSS/RemoteRegistry/

Dhcp startup parameters :
Display name : DHCP Client
Service name : Dhcp
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : NSI/Afd/

DiagTrack startup parameters :
Display name : Connected User Experiences and Telemetry
Service name : DiagTrack
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k utcsvc -p
Dependencies : RpcSs/

Dnscache startup parameters :
Display name : DNS Client
Service name : Dnscache
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkService -p
Dependencies : nsi/

EPOAHAPACHESRV startup parameters :
Display name : Trellix ePolicy Orchestrator 5.10.0 ĩüÐü
Service name : EPOAHAPACHESRV
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Trellix\ePolicy Orchestrator\Apache2\bin\Apache.exe" -k runservice
Dependencies : Afd/Tcpip/EPOTOMCATSRV5100/MSSQLServer/

EPOEVENTPARSERSRV startup parameters :
Display name : Trellix ePolicy Orchestrator 5.10.0 ĪŲóČ Ņüĩü
Service name : EPOEVENTPARSERSRV
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Trellix\ePolicy Orchestrator\EventParser.exe"
Dependencies : MSSQLServer/

EPOTOMCATSRV5100 startup parameters :
Display name : Trellix ePolicy Orchestrator 5.10.0 ĒŨęąü·įó ĩüÐü
Service name : EPOTOMCATSRV5100
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Trellix\ePolicy Orchestrator\Server\bin\tomcat9.exe" //RS//EPOTOMCATSRV5100
Dependencies : Tcpip/Afd/MSSQLServer/

EventLog startup parameters :
Display name : Windows Event Log
Service name : EventLog
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p

EventSystem startup parameters :
Display name : COM+ Event System
Service name : EventSystem
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p
Dependencies : rpcss/

FontCache startup parameters :
Display name : Windows Font Cache Service
Service name : FontCache
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p

HpePqiESrv startup parameters :
Display name : HPE Smart ĒėĪSAS/SATAĪŲóČ.åĩüÓđ
Service name : HpePqiESrv
Log on as : LocalSystem
Executable path : "C:\Program Files\HPE\HpePqiESrv\hpepqiesrv.exe"

IKEEXT startup parameters :
Display name : IKE and AuthIP IPsec Keying Modules
Service name : IKEEXT
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : BFE/nsi/

IsmServ startup parameters :
Display name : Intersite Messaging
Service name : IsmServ
Log on as : LocalSystem
Executable path : C:\Windows\System32\ismserv.exe
Dependencies : SamSS/NTDS/

Kdc startup parameters :
Display name : Kerberos Key Distribution Center
Service name : Kdc
Log on as : LocalSystem
Executable path : C:\Windows\System32\lsass.exe
Dependencies : RpcSs/Afd/NTDS/

LSM startup parameters :
Display name : Local Session Manager
Service name : LSM
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p
Dependencies : RpcEptMapper/DcomLaunch/RpcSs/

LanmanServer startup parameters :
Display name : Server
Service name : LanmanServer
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k smbsvcs
Dependencies : SamSS/Srv2/

LanmanWorkstation startup parameters :
Display name : Workstation
Service name : LanmanWorkstation
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p
Dependencies : Bowser/MRxSmb20/NSI/

MAPwdNotifier startup parameters :
Display name : EVEMA Pwd Notifier service
Service name : MAPwdNotifier
Log on as : LocalSystem
Executable path : "C:\Program Files\DDS\EVEMA\Client\MAPwdNotifier.exe" -k

MAServer startup parameters :
Display name : EVEMA Server Service
Service name : MAServer
Log on as : LocalSystem
Executable path : "C:\Program Files\DDS\EVEMA\Server\MAServer.exe" -k

MSDTC startup parameters :
Display name : Distributed Transaction Coordinator
Service name : MSDTC
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\msdtc.exe
Dependencies : RPCSS/SamSS/

MSSQLSERVER startup parameters :
Display name : SQL Server (MSSQLSERVER)
Service name : MSSQLSERVER
Log on as : NT Service\MSSQLSERVER
Executable path : "C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
Dependencies : KEYISO/

McnMon startup parameters :
Display name : McnMon
Service name : McnMon
Log on as : EMSOCCS1\Administrator
Executable path : C:\newscp\mac\AppCommon\bin\McnMon.exe -envfilepath C:\newscp\mac\McnMon\config\env.ini

NTDS startup parameters :
Display name : Active Directory Domain Services
Service name : NTDS
Log on as : LocalSystem
Executable path : C:\Windows\System32\lsass.exe

Netlogon startup parameters :
Display name : Netlogon
Service name : Netlogon
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : LanmanWorkstation/LanmanServer/

NlaSvc startup parameters :
Display name : Network Location Awareness
Service name : NlaSvc
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p
Dependencies : NSI/RpcSs/TcpIp/Dhcp/Eventlog/

Power startup parameters :
Display name : Power
Service name : Power
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p

ProfSvc startup parameters :
Display name : User Profile Service
Service name : ProfSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/

RasMan startup parameters :
Display name : Remote Access Connection Manager
Service name : RasMan
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : TapiSrv/SstpSvc/

RemoteRegistry startup parameters :
Display name : Remote Registry
Service name : RemoteRegistry
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k localService -p
Dependencies : RPCSS/

RpcEptMapper startup parameters :
Display name : RPC Endpoint Mapper
Service name : RpcEptMapper
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k RPCSS -p

RpcSs startup parameters :
Display name : Remote Procedure Call (RPC)
Service name : RpcSs
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k rpcss -p
Dependencies : RpcEptMapper/DcomLaunch/

SCardSvr startup parameters :
Display name : Smart Card
Service name : SCardSvr
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

SENS startup parameters :
Display name : System Event Notification Service
Service name : SENS
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : EventSystem/

SQLBrowser startup parameters :
Display name : SQL Server Browser
Service name : SQLBrowser
Log on as : NT AUTHORITY\LOCALSERVICE
Executable path : "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe"

SQLTELEMETRY startup parameters :
Display name : SQL Server CEIP service (MSSQLSERVER)
Service name : SQLTELEMETRY
Log on as : NT Service\SQLTELEMETRY
Executable path : "C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlceip.exe" -Service

SQLWriter startup parameters :
Display name : SQL Server VSS Writer
Service name : SQLWriter
Log on as : LocalSystem
Executable path : "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"

SUTService startup parameters :
Display name : Integrated Smart Update Tools
Service name : SUTService
Log on as : LocalSystem
Executable path : C:/Program Files/SUT/bin/sut.exe /svc

SamSs startup parameters :
Display name : Security Accounts Manager
Service name : SamSs
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : RPCSS/

Schedule startup parameters :
Display name : Task Scheduler
Service name : Schedule
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : RPCSS/SystemEventsBroker/

ShellHWDetection startup parameters :
Display name : Shell Hardware Detection
Service name : ShellHWDetection
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/

Spooler startup parameters :
Display name : Print Spooler
Service name : Spooler
Log on as : LocalSystem
Executable path : C:\Windows\System32\spoolsv.exe
Dependencies : RPCSS/http/

SysMain startup parameters :
Display name : SysMain
Service name : SysMain
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : rpcss/

SystemEventsBroker startup parameters :
Display name : System Events Broker
Service name : SystemEventsBroker
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p
Dependencies : RpcEptMapper/RpcSs/

Themes startup parameters :
Display name : Themes
Service name : Themes
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p

UALSVC startup parameters :
Display name : User Access Logging Service
Service name : UALSVC
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : WinMgmt/

UserManager startup parameters :
Display name : User Manager
Service name : UserManager
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/ProfSvc/

UsoSvc startup parameters :
Display name : Update Orchestrator Service
Service name : UsoSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : rpcss/

W32Time startup parameters :
Display name : Windows Time
Service name : W32Time
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService

Wcmsvc startup parameters :
Display name : Windows Connection Manager
Service name : Wcmsvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : RpcSs/NSI/

WinDefend startup parameters :
Display name : Windows Defender Antivirus Service
Service name : WinDefend
Log on as : LocalSystem
Executable path : "C:\Program Files\Windows Defender\MsMpEng.exe"
Dependencies : RpcSs/

WinRM startup parameters :
Display name : Windows Remote Management (WS-Management)
Service name : WinRM
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p
Dependencies : RPCSS/HTTP/

WinTarget startup parameters :
Display name : Microsoft iSCSI Target Server
Service name : WinTarget
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k BlockStorageServices
Dependencies : RPCSS/EventLog/WinMgmt/

Winmgmt startup parameters :
Display name : Windows Management Instrumentation
Service name : Winmgmt
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : RPCSS/

WpnService startup parameters :
Display name : Windows Ũ÷å.å·đÆā ĩüÓđ
Service name : WpnService
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : rpcss/

WpnUserService_b5a703 startup parameters :
Display name : Windows Push Notifications User Service_b5a703
Service name : WpnUserService_b5a703
Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup

ams startup parameters :
Display name : Agentless Management Service
Service name : ams
Log on as : LocalSystem
Executable path : "C:\Program Files\OEM\AMS\service\ams.exe"

gpsvc startup parameters :
Display name : Group Policy Client
Service name : gpsvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : RPCSS/Mup/

iphlpsvc startup parameters :
Display name : IP Helper
Service name : iphlpsvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k NetSvcs -p
Dependencies : RpcSS/winmgmt/tcpip/nsi/WinHttpAutoProxySvc/

macmnsvc startup parameters :
Display name : Trellix Agent Common Services
Service name : macmnsvc
Log on as : NT AUTHORITY\LocalService
Executable path : "C:\Program Files\McAfee\Agent\macmnsvc.exe" /ServiceStart

masvc startup parameters :
Display name : Trellix Agent Service
Service name : masvc
Log on as : LocalSystem
Executable path : "C:\Program Files\McAfee\Agent\masvc.exe" /ServiceStart

mfemms startup parameters :
Display name : Trellix Service Controller
Service name : mfemms
Log on as : LocalSystem
Executable path : "C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe"

mfewc startup parameters :
Display name : Trellix Endpoint Security Web Control Service
Service name : mfewc
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\mfewc.exe"
Dependencies : mfevtp/

mpssvc startup parameters :
Display name : Windows Defender Firewall
Service name : mpssvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
Dependencies : mpsdrv/bfe/

nsi startup parameters :
Display name : Network Store Interface Service
Service name : nsi
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p
Dependencies : rpcss/nsiproxy/

sppsvc startup parameters :
Display name : Software Protection
Service name : sppsvc
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\sppsvc.exe
Dependencies : RpcSs/

The following services must be started manually :

AJRouter startup parameters :
Display name : AllJoyn Router Service
Service name : AJRouter
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p

ALG startup parameters :
Display name : Application Layer Gateway Service
Service name : ALG
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\alg.exe

AppIDSvc startup parameters :
Display name : Application Identity
Service name : AppIDSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : RpcSs/AppID/CryptSvc/

AppMgmt startup parameters :
Display name : Application Management
Service name : AppMgmt
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p

AppReadiness startup parameters :
Display name : App Readiness
Service name : AppReadiness
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k AppReadiness -p

AppXSvc startup parameters :
Display name : AppX Deployment Service (AppXSVC)
Service name : AppXSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k wsappx -p
Dependencies : rpcss/staterepository/

Appinfo startup parameters :
Display name : Application Information
Service name : Appinfo
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/ProfSvc/

AudioEndpointBuilder startup parameters :
Display name : Windows Audio Endpoint Builder
Service name : AudioEndpointBuilder
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p

Audiosrv startup parameters :
Display name : Windows Audio
Service name : Audiosrv
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : AudioEndpointBuilder/RpcSs/

BITS startup parameters :
Display name : Background Intelligent Transfer Service
Service name : BITS
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/

BTAGService startup parameters :
Display name : Bluetooth ŠüĮĢŠ ēüČͧΠĩüÓđ
Service name : BTAGService
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : bthserv/rpcss/

BthAvctpSvc startup parameters :
Display name : AVCTP ĩüÓđ
Service name : BthAvctpSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p
Dependencies : rpcss/

COMSysApp startup parameters :
Display name : COM+ System Application
Service name : COMSysApp
Log on as : LocalSystem
Executable path : C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Dependencies : RpcSs/EventSystem/SENS/

CaptureService_b5a703 startup parameters :
Display name : CaptureService_b5a703
Service name : CaptureService_b5a703
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p

ClipSVC startup parameters :
Display name : Client License Service (ClipSVC)
Service name : ClipSVC
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k wsappx -p
Dependencies : rpcss/

ConsentUxUserSvc_b5a703 startup parameters :
Display name : ConsentUX_b5a703
Service name : ConsentUxUserSvc_b5a703
Executable path : C:\Windows\system32\svchost.exe -k DevicesFlow

DevQueryBroker startup parameters :
Display name : DevQuery Background Discovery Broker
Service name : DevQueryBroker
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p

DeviceAssociationService startup parameters :
Display name : Device Association Service
Service name : DeviceAssociationService
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p

DeviceInstall startup parameters :
Display name : Device Install Service
Service name : DeviceInstall
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p

DevicesFlowUserSvc_b5a703 startup parameters :
Display name : ĮÐĪđ Õíü_b5a703
Service name : DevicesFlowUserSvc_b5a703
Executable path : C:\Windows\system32\svchost.exe -k DevicesFlow

DmEnrollmentSvc startup parameters :
Display name : ĮÐĪđĄ.{2ĩüÓđ
Service name : DmEnrollmentSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : rpcss/

DoSvc startup parameters :
Display name : Delivery Optimization
Service name : DoSvc
Log on as : NT Authority\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p
Dependencies : rpcss/

DsRoleSvc startup parameters :
Display name : DS Role Server
Service name : DsRoleSvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\lsass.exe

DsSvc startup parameters :
Display name : Data Sharing Service
Service name : DsSvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p

DsmSvc startup parameters :
Display name : Device Setup Manager
Service name : DsmSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/

EFS startup parameters :
Display name : Encrypting File System (EFS)
Service name : EFS
Log on as : LocalSystem
Executable path : C:\Windows\System32\lsass.exe
Dependencies : RPCSS/

Eaphost startup parameters :
Display name : Extensible Authentication Protocol
Service name : Eaphost
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p
Dependencies : RPCSS/KeyIso/

EntAppSvc startup parameters :
Display name : Enterprise App Management Service
Service name : EntAppSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k appmodel -p
Dependencies : rpcss/

FDResPub startup parameters :
Display name : Function Discovery Resource Publication
Service name : FDResPub
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
Dependencies : RpcSs/http/fdphost/

FrameServer startup parameters :
Display name : Windows Ŧáé Õėüā ĩüÐü
Service name : FrameServer
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k Camera
Dependencies : rpcss/

HvHost startup parameters :
Display name : HV ÛđČ ĩüÓđ
Service name : HvHost
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : hvservice/

InstallService startup parameters :
Display name : Microsoft Store ĪóđČüë ĩüÓđ
Service name : InstallService
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p
Dependencies : rpcss/

KPSSVC startup parameters :
Display name : KDC Proxy Server service (KPS)
Service name : KPSSVC
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k KpsSvcGroup
Dependencies : rpcss/http/

KdsSvc startup parameters :
Display name : Microsoft Key Distribution Service
Service name : KdsSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : RpcSs/

KeyIso startup parameters :
Display name : CNG Key Isolation
Service name : KeyIso
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : RpcSs/

KtmRm startup parameters :
Display name : KtmRm for Distributed Transaction Coordinator
Service name : KtmRm
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation -p
Dependencies : RPCSS/SamSS/

LicenseManager startup parameters :
Display name : Windows éĪŧóđ ÞÍüļãü ĩüÓđ
Service name : LicenseManager
Log on as : NT Authority\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalService -p
Dependencies : rpcss/

MSSQLFDLauncher startup parameters :
Display name : SQL Full-text Filter Daemon Launcher (MSSQLSERVER)
Service name : MSSQLFDLauncher
Log on as : NT Service\MSSQLFDLauncher
Executable path : "C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe" -s MSSQL16.MSSQLSERVER

MSiSCSI startup parameters :
Display name : Microsoft iSCSI Initiator Service
Service name : MSiSCSI
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p

McAfeeFramework startup parameters :
Display name : Trellix Agent Backwards Compatibility Service
Service name : McAfeeFramework
Log on as : LocalSystem
Executable path : "C:\Program Files\McAfee\Agent\x86\macompatsvc.exe"

MobilePluginService startup parameters :
Display name : Trellix Mobile Plugin Service
Service name : MobilePluginService
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Trellix\ePolicy Orchestrator\MobilePluginService.exe"

NcaSvc startup parameters :
Display name : Network Connectivity Assistant
Service name : NcaSvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k NetSvcs -p
Dependencies : BFE/dnscache/NSI/iphlpsvc/

NcbService startup parameters :
Display name : Network Connection Broker
Service name : NcbService
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : RpcSS/tcpip/

NetSetupSvc startup parameters :
Display name : Network Setup Service
Service name : NetSetupSvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/

Netman startup parameters :
Display name : Network Connections
Service name : Netman
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : RpcSs/nsi/

NgcCtnrSvc startup parameters :
Display name : Microsoft Passport Container
Service name : NgcCtnrSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : RpcSs/

NgcSvc startup parameters :
Display name : Microsoft Passport
Service name : NgcSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : RpcSs/

PcaSvc startup parameters :
Display name : Program Compatibility Assistant Service
Service name : PcaSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : RpcSs/

PerfHost startup parameters :
Display name : Performance Counter DLL Host
Service name : PerfHost
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\SysWow64\perfhost.exe
Dependencies : RPCSS/

PimIndexMaintenanceSvc_b5a703 startup parameters :
Display name : Contact Data_b5a703
Service name : PimIndexMaintenanceSvc_b5a703
Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup

PlugPlay startup parameters :
Display name : Plug and Play
Service name : PlugPlay
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p

PolicyAgent startup parameters :
Display name : IPsec Policy Agent
Service name : PolicyAgent
Log on as : NT Authority\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p
Dependencies : Tcpip/bfe/

PrintNotify startup parameters :
Display name : Printer Extensions and Notifications
Service name : PrintNotify
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k print
Dependencies : RpcSs/

PrintWorkflowUserSvc_b5a703 startup parameters :
Display name : PrintWorkflow_b5a703
Service name : PrintWorkflowUserSvc_b5a703
Executable path : C:\Windows\system32\svchost.exe -k PrintWorkflow

QWAVE startup parameters :
Display name : Quality Windows Audio Video Experience
Service name : QWAVE
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
Dependencies : rpcss/psched/QWAVEdrv/LLTDIO/

RSoPProv startup parameters :
Display name : Resultant Set of Policy Provider
Service name : RSoPProv
Log on as : LocalSystem
Executable path : C:\Windows\system32\RSoPProv.exe
Dependencies : RPCSS/

RasAuto startup parameters :
Display name : Remote Access Auto Connection Manager
Service name : RasAuto
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p
Dependencies : RasAcd/

RpcLocator startup parameters :
Display name : Remote Procedure Call (RPC) Locator
Service name : RpcLocator
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\locator.exe

SCPolicySvc startup parameters :
Display name : Smart Card Removal Policy
Service name : SCPolicySvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RpcSs/

SNMPTRAP startup parameters :
Display name : SNMP ČéÃŨ
Service name : SNMPTRAP
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\snmptrap.exe

SQLSERVERAGENT startup parameters :
Display name : SQL Server Ļüļ§óČ (MSSQLSERVER)
Service name : SQLSERVERAGENT
Log on as : NT Service\SQLSERVERAGENT
Executable path : "C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -i MSSQLSERVER
Dependencies : MSSQLSERVER/

SecurityHealthService startup parameters :
Display name : Windows ŧ­åęÆĢ ĩüÓđ
Service name : SecurityHealthService
Log on as : LocalSystem
Executable path : C:\Windows\system32\SecurityHealthService.exe
Dependencies : RpcSs/

Sense startup parameters :
Display name : Windows Defender Advanced Threat Protection Service
Service name : Sense
Log on as : LocalSystem
Executable path : "C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe"

SensorService startup parameters :
Display name : Sensor Service
Service name : SensorService
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p

SensrSvc startup parameters :
Display name : Sensor Monitoring Service
Service name : SensrSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p

SessionEnv startup parameters :
Display name : Remote Desktop Configuration
Service name : SessionEnv
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p
Dependencies : RPCSS/LanmanWorkstation/

SgrmBroker startup parameters :
Display name : System Guard éóŋĪā âËŋü ÖíüŦü
Service name : SgrmBroker
Log on as : LocalSystem
Executable path : C:\Windows\system32\SgrmBroker.exe
Dependencies : RpcSs/

SstpSvc startup parameters :
Display name : Secure Socket Tunneling Protocol Service
Service name : SstpSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p

StateRepository startup parameters :
Display name : State Repository Service
Service name : StateRepository
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k appmodel -p
Dependencies : rpcss/

StorSvc startup parameters :
Display name : Storage Service
Service name : StorSvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p

TabletInputService startup parameters :
Display name : Touch Keyboard and Handwriting Panel Service
Service name : TabletInputService
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : RpcSs/

TermService startup parameters :
Display name : Remote Desktop Services
Service name : TermService
Log on as : NT Authority\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k termsvcs
Dependencies : RPCSS/

TieringEngineService startup parameters :
Display name : Storage Tiers Management
Service name : TieringEngineService
Log on as : localSystem
Executable path : C:\Windows\system32\TieringEngineService.exe

TimeBrokerSvc startup parameters :
Display name : Time Broker
Service name : TimeBrokerSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p

TokenBroker startup parameters :
Display name : Web ĒŦĶóČ ÞÍüļãü
Service name : TokenBroker
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : UserManager/

TrkWks startup parameters :
Display name : Distributed Link Tracking Client
Service name : TrkWks
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : RpcSs/

TrustedInstaller startup parameters :
Display name : Windows Modules Installer
Service name : TrustedInstaller
Log on as : localSystem
Executable path : C:\Windows\servicing\TrustedInstaller.exe

UmRdpService startup parameters :
Display name : Remote Desktop Services UserMode Port Redirector
Service name : UmRdpService
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : TermService/RDPDR/

UnistoreSvc_b5a703 startup parameters :
Display name : User Data Storage_b5a703
Service name : UnistoreSvc_b5a703
Executable path : C:\Windows\System32\svchost.exe -k UnistackSvcGroup

UserDataSvc_b5a703 startup parameters :
Display name : User Data Access_b5a703
Service name : UserDataSvc_b5a703
Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup

VSS startup parameters :
Display name : Volume Shadow Copy
Service name : VSS
Log on as : LocalSystem
Executable path : C:\Windows\system32\vssvc.exe
Dependencies : RPCSS/

VaultSvc startup parameters :
Display name : Credential Manager
Service name : VaultSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : rpcss/

WEPHOSTSVC startup parameters :
Display name : Windows Encryption Provider Host Service
Service name : WEPHOSTSVC
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k WepHostSvcGroup
Dependencies : rpcss/

WMPNetworkSvc startup parameters :
Display name : Windows Media Player Network Sharing Service
Service name : WMPNetworkSvc
Log on as : NT AUTHORITY\NetworkService
Executable path : "C:\Program Files\Windows Media Player\wmpnetwk.exe"
Dependencies : http/WSearch/

WPDBusEnum startup parameters :
Display name : Portable Device Enumerator Service
Service name : WPDBusEnum
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/

WaaSMedicSvc startup parameters :
Display name : Windows Update Medic Service
Service name : WaaSMedicSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k wusvcs -p
Dependencies : rpcss/

WarpJITSvc startup parameters :
Display name : WarpJITSvc
Service name : WarpJITSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

WbioSrvc startup parameters :
Display name : Windows Biometric Service
Service name : WbioSrvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k WbioSvcGroup
Dependencies : RpcSs/

WdNisSvc startup parameters :
Display name : Windows Defender Antivirus Network Inspection Service
Service name : WdNisSvc
Log on as : NT AUTHORITY\LocalService
Executable path : "C:\Program Files\Windows Defender\NisSrv.exe"
Dependencies : WdNisDrv/

WdiServiceHost startup parameters :
Display name : Diagnostic Service Host
Service name : WdiServiceHost
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalService -p

WdiSystemHost startup parameters :
Display name : Diagnostic System Host
Service name : WdiSystemHost
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p

Wecsvc startup parameters :
Display name : Windows Event Collector
Service name : Wecsvc
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkService -p
Dependencies : HTTP/Eventlog/

WerSvc startup parameters :
Display name : Windows Error Reporting Service
Service name : WerSvc
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k WerSvcGroup

WiaRpc startup parameters :
Display name : Still Image Acquisition Events
Service name : WiaRpc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : RpcSs/

WinHttpAutoProxySvc startup parameters :
Display name : WinHTTP Web Proxy Auto-Discovery Service
Service name : WinHttpAutoProxySvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : Dhcp/

bthserv startup parameters :
Display name : Bluetooth ĩÝüČ ĩüÓđ
Service name : bthserv
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p

camsvc startup parameters :
Display name : _ýĒŊŧđ ÞÍüļãü ĩüÓđ
Service name : camsvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k appmodel -p

cbdhsvc_b5a703 startup parameters :
Display name : ŊęÃŨÜüÉ æüķü ĩüÓđ_b5a703
Service name : cbdhsvc_b5a703
Executable path : C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p

defragsvc startup parameters :
Display name : Optimize drives
Service name : defragsvc
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k defragsvc
Dependencies : RPCSS/

diagnosticshub.standardcollector.service startup parameters :
Display name : Microsoft (R) :­ÏÖ.–ģėŊŋü ĩüÓđ
Service name : diagnosticshub.standardcollector.service
Log on as : LocalSystem
Executable path : C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

dot3svc startup parameters :
Display name : Wired AutoConfig
Service name : dot3svc
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : RpcSs/Ndisuio/Eaphost/

embeddedmode startup parameters :
Display name : ????????????
Service name : embeddedmode
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : BrokerInfrastructure/

fdPHost startup parameters :
Display name : Function Discovery Provider Host
Service name : fdPHost
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p
Dependencies : RpcSs/http/

hidserv startup parameters :
Display name : Human Interface Device Service
Service name : hidserv
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p

lmhosts startup parameters :
Display name : TCP/IP NetBIOS Helper
Service name : lmhosts
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : Afd/

mfefire startup parameters :
Display name : Trellix Firewall Core Service
Service name : mfefire
Log on as : LocalSystem
Executable path : "C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe"
Dependencies : mfevtp/

mfevtp startup parameters :
Display name : Trellix Validation Trust Protection Service
Service name : mfevtp
Log on as : LocalSystem
Executable path : "C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe"
Dependencies : mfehidk/mfemms/

msiserver startup parameters :
Display name : Windows Installer
Service name : msiserver
Log on as : LocalSystem
Executable path : C:\Windows\system32\msiexec.exe /V
Dependencies : rpcss/

netprofm startup parameters :
Display name : Network List Service
Service name : netprofm
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalService -p
Dependencies : RpcSs/nlasvc/

pla startup parameters :
Display name : Performance Logs & Alerts
Service name : pla
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p
Dependencies : RPCSS/

sacsvr startup parameters :
Display name : Special Administration Console Helper
Service name : sacsvr
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p

seclogon startup parameters :
Display name : Secondary Logon
Service name : seclogon
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p

smphost startup parameters :
Display name : Microsoft Storage Spaces SMP
Service name : smphost
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k smphost
Dependencies : RPCSS/

stisvc startup parameters :
Display name : Windows Image Acquisition (WIA)
Service name : stisvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k imgsvc
Dependencies : RpcSs/

svsvc startup parameters :
Display name : Spot Verifier
Service name : svsvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p

swprv startup parameters :
Display name : Microsoft Software Shadow Copy Provider
Service name : swprv
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k swprv
Dependencies : RPCSS/

tapisrv startup parameters :
Display name : Telephony
Service name : tapisrv
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p
Dependencies : RpcSs/

vds startup parameters :
Display name : Virtual Disk
Service name : vds
Log on as : LocalSystem
Executable path : C:\Windows\System32\vds.exe
Dependencies : RpcSs/

vmicguestinterface startup parameters :
Display name : Hyper-V Guest Service Interface
Service name : vmicguestinterface
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p

vmicheartbeat startup parameters :
Display name : Hyper-V Heartbeat Service
Service name : vmicheartbeat
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k ICService -p

vmickvpexchange startup parameters :
Display name : Hyper-V Data Exchange Service
Service name : vmickvpexchange
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p

vmicrdv startup parameters :
Display name : Hyper-V ęâüČ ĮđŊČÃŨîó.ĩüÓđ
Service name : vmicrdv
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k ICService -p

vmicshutdown startup parameters :
Display name : Hyper-V Guest Shutdown Service
Service name : vmicshutdown
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p

vmictimesync startup parameters :
Display name : Hyper-V Time Synchronization Service
Service name : vmictimesync
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : VmGid/

vmicvmsession startup parameters :
Display name : Hyper-V PowerShell Direct Service
Service name : vmicvmsession
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p

vmicvss startup parameters :
Display name : Hyper-V Üęåüā ·ãÉĶ ģÔü ęŊĻđŋü
Service name : vmicvss
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p

wercplsupport startup parameters :
Display name : Problem Reports and Solutions Control Panel Support
Service name : wercplsupport
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p

wlidsvc startup parameters :
Display name : Microsoft Account Sign-in Assistant
Service name : wlidsvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/

wmiApSrv startup parameters :
Display name : WMI Performance Adapter
Service name : wmiApSrv
Log on as : localSystem
Executable path : C:\Windows\system32\wbem\WmiApSrv.exe

wuauserv startup parameters :
Display name : Windows Update
Service name : wuauserv
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : rpcss/

The following services are disabled :

AppVClient startup parameters :
Display name : Microsoft App-V Client
Service name : AppVClient
Log on as : LocalSystem
Executable path : C:\Windows\system32\AppVClient.exe
Dependencies : RpcSS/netprofm/AppvVfs/AppVStrm/

AxInstSV startup parameters :
Display name : ActiveX Installer (AxInstSV)
Service name : AxInstSV
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k AxInstSVGroup
Dependencies : rpcss/

CscService startup parameters :
Display name : Offline Files
Service name : CscService
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : RpcSs/

DevicePickerUserSvc_b5a703 startup parameters :
Display name : DevicePicker_b5a703
Service name : DevicePickerUserSvc_b5a703
Executable path : C:\Windows\system32\svchost.exe -k DevicesFlow

GraphicsPerfSvc startup parameters :
Display name : GraphicsPerfSvc
Service name : GraphicsPerfSvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup

MapsBroker startup parameters :
Display name : Downloaded Maps Manager
Service name : MapsBroker
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p
Dependencies : rpcss/

NetTcpPortSharing startup parameters :
Display name : Net.Tcp Port Sharing Service
Service name : NetTcpPortSharing
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

NtFrs startup parameters :
Display name : File Replication
Service name : NtFrs
Log on as : LocalSystem
Executable path : C:\Windows\system32\ntfrs.exe
Dependencies : RpcSs/EventSystem/

PhoneSvc startup parameters :
Display name : Phone Service
Service name : PhoneSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p
Dependencies : RpcSs/

PushToInstall startup parameters :
Display name : Windows PushToInstall ĩüÓđ
Service name : PushToInstall
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p
Dependencies : rpcss/

RemoteAccess startup parameters :
Display name : Routing and Remote Access
Service name : RemoteAccess
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RpcSS/Bfe/RasMan/Http/+NetBIOSGroup/

RmSvc startup parameters :
Display name : !ÚĄ.ĩüÓđ
Service name : RmSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : RpcSs/

SEMgrSvc startup parameters :
Display name : /UDJˆs NFC/SE ÞÍüļãü
Service name : SEMgrSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p
Dependencies : RpcSs/

SSDPSRV startup parameters :
Display name : SSDP Discovery
Service name : SSDPSRV
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
Dependencies : HTTP/NSI/

ScDeviceEnum startup parameters :
Display name : Smart Card Device Enumeration Service
Service name : ScDeviceEnum
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

SensorDataService startup parameters :
Display name : Sensor Data Service
Service name : SensorDataService
Log on as : LocalSystem
Executable path : C:\Windows\System32\SensorDataService.exe

SharedAccess startup parameters :
Display name : Internet Connection Sharing (ICS)
Service name : SharedAccess
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p
Dependencies : BFE/

UevAgentService startup parameters :
Display name : æüķü ĻŊđÚęĻóđîó.ĩüÓđ
Service name : UevAgentService
Log on as : LocalSystem
Executable path : C:\Windows\system32\AgentService.exe

WSearch startup parameters :
Display name : Windows Search
Service name : WSearch
Log on as : LocalSystem
Executable path : C:\Windows\system32\SearchIndexer.exe /Embedding
Dependencies : RPCSS/BrokerInfrastructure/

WalletService startup parameters :
Display name : WalletService
Service name : WalletService
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k appmodel -p

dmwappushservice startup parameters :
Display name : ĮÐĪđĄ.ïĪäėđ ĒŨęąü·įó ŨíČģë (WAP) Ũ÷å áÃŧüļ ëüÆĢó° ĩüÓđ
Service name : dmwappushservice
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : rpcss/

icssvc startup parameters :
Display name : Windows âÐĪë ÛÃČđÝÃČ ĩüÓđ
Service name : icssvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : RpcSs/wcmsvc/

lfsvc startup parameters :
Display name : Geolocation Service
Service name : lfsvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/

lltdsvc startup parameters :
Display name : Link-Layer Topology Discovery Mapper
Service name : lltdsvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalService -p
Dependencies : rpcss/lltdio/

shpamsvc startup parameters :
Display name : Shared PC Account Manager
Service name : shpamsvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/ProfSvc/

sma startup parameters :
Display name : System Management Assistant Service
Service name : sma
Log on as : LocalSystem
Executable path : "C:\Program Files\OEM\AMS\service\sma.exe"

ssh-agent startup parameters :
Display name : OpenSSH Authentication Agent
Service name : ssh-agent
Log on as : LocalSystem
Executable path : C:\Windows\System32\OpenSSH\ssh-agent.exe

tzautoupdate startup parameters :
Display name : ŋĪā ūüónęÕô°_ý
Service name : tzautoupdate
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p

upnphost startup parameters :
Display name : UPnP Device Host
Service name : upnphost
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
Dependencies : SSDPSRV/HTTP/

wisvc startup parameters :
Display name : Windows Insider ĩüÓđ
Service name : wisvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : rpcss/

11011 - Microsoft Windows SMB Service Detection
-
Synopsis
A file / print sharing service is listening on the remote host.
Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2002/06/05, Modified: 2021/02/11
Plugin Output

tcp/139/smb


An SMB server is running on this port.

11011 - Microsoft Windows SMB Service Detection
-
Synopsis
A file / print sharing service is listening on the remote host.
Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2002/06/05, Modified: 2021/02/11
Plugin Output

tcp/445/cifs


A CIFS server is running on this port.
10456 - Microsoft Windows SMB Service Enumeration
-
Synopsis
It is possible to enumerate remote services.
Description
This plugin implements the SvcOpenSCManager() and SvcEnumServices() calls to obtain, using the SMB protocol, the list of active and inactive services of the remote host.

An attacker may use this feature to gain better knowledge of the remote host.
Solution
To prevent the listing of the services from being obtained, you should either have tight login restrictions, so that only trusted users can access your host, and/or you should filter incoming traffic to this port.
Risk Factor
None
References
XREF IAVT:0001-T-0751
Plugin Information
Published: 2000/07/03, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


Active Services :

Madb [ ADAM_Madb ]
Active Directory Web Services [ ADWS ]
Agentless Management Service [ ams ]
Application Information [ Appinfo ]
AzureAttestService [ AzureAttestService ]
Base Filtering Engine [ BFE ]
Background Tasks Infrastructure Service [ BrokerInfrastructure ]
Connected Devices Platform Service [ CDPSvc ]
Certificate Propagation [ CertPropSvc ]
Active Directory Certificate Services [ CertSvc ]
Client License Service (ClipSVC) [ ClipSVC ]
CoreMessaging [ CoreMessagingRegistrar ]
Cryptographic Services [ CryptSvc ]
DCOM Server Process Launcher [ DcomLaunch ]
Device Association Service [ DeviceAssociationService ]
DFS Namespace [ Dfs ]
DFS Replication [ DFSR ]
DHCP Client [ Dhcp ]
Connected User Experiences and Telemetry [ DiagTrack ]
DNS Server [ DNS ]
DNS Client [ Dnscache ]
Diagnostic Policy Service [ DPS ]
Device Setup Manager [ DsmSvc ]
Data Sharing Service [ DsSvc ]
Trellix ePolicy Orchestrator 5.10.0 ĩüÐü [ EPOAHAPACHESRV ]
Trellix ePolicy Orchestrator 5.10.0 ĪŲóČ Ņüĩü [ EPOEVENTPARSERSRV ]
Trellix ePolicy Orchestrator 5.10.0 ĒŨęąü·įó ĩüÐü [ EPOTOMCATSRV5100 ]
Windows Event Log [ EventLog ]
COM+ Event System [ EventSystem ]
Function Discovery Provider Host [ fdPHost ]
Windows Font Cache Service [ FontCache ]
Group Policy Client [ gpsvc ]
Human Interface Device Service [ hidserv ]
HPE Smart ĒėĪSAS/SATAĪŲóČ.åĩüÓđ [ HpePqiESrv ]
IKE and AuthIP IPsec Keying Modules [ IKEEXT ]
IP Helper [ iphlpsvc ]
Intersite Messaging [ IsmServ ]
Kerberos Key Distribution Center [ Kdc ]
CNG Key Isolation [ KeyIso ]
Server [ LanmanServer ]
Workstation [ LanmanWorkstation ]
Windows éĪŧóđ ÞÍüļãü ĩüÓđ [ LicenseManager ]
TCP/IP NetBIOS Helper [ lmhosts ]
Local Session Manager [ LSM ]
Trellix Agent Common Services [ macmnsvc ]
EVEMA Pwd Notifier service [ MAPwdNotifier ]
EVEMA Server Service [ MAServer ]
Trellix Agent Service [ masvc ]
Trellix Agent Backwards Compatibility Service [ McAfeeFramework ]
McnMon [ McnMon ]
Trellix Service Controller [ mfemms ]
Trellix Validation Trust Protection Service [ mfevtp ]
Trellix Endpoint Security Web Control Service [ mfewc ]
Windows Defender Firewall [ mpssvc ]
Distributed Transaction Coordinator [ MSDTC ]
SQL Full-text Filter Daemon Launcher (MSSQLSERVER) [ MSSQLFDLauncher ]
SQL Server (MSSQLSERVER) [ MSSQLSERVER ]
Network Connection Broker [ NcbService ]
Netlogon [ Netlogon ]
Network Connections [ Netman ]
Network List Service [ netprofm ]
Network Setup Service [ NetSetupSvc ]
Network Location Awareness [ NlaSvc ]
Network Store Interface Service [ nsi ]
Active Directory Domain Services [ NTDS ]
Program Compatibility Assistant Service [ PcaSvc ]
Plug and Play [ PlugPlay ]
IPsec Policy Agent [ PolicyAgent ]
Power [ Power ]
User Profile Service [ ProfSvc ]
Remote Access Connection Manager [ RasMan ]
Remote Registry [ RemoteRegistry ]
RPC Endpoint Mapper [ RpcEptMapper ]
Remote Procedure Call (RPC) [ RpcSs ]
Security Accounts Manager [ SamSs ]
Task Scheduler [ Schedule ]
Windows ŧ­åęÆĢ ĩüÓđ [ SecurityHealthService ]
System Event Notification Service [ SENS ]
Remote Desktop Configuration [ SessionEnv ]
Shell Hardware Detection [ ShellHWDetection ]
Print Spooler [ Spooler ]
SQL Server Browser [ SQLBrowser ]
SQL Server CEIP service (MSSQLSERVER) [ SQLTELEMETRY ]
SQL Server VSS Writer [ SQLWriter ]
Secure Socket Tunneling Protocol Service [ SstpSvc ]
State Repository Service [ StateRepository ]
Storage Service [ StorSvc ]
SysMain [ SysMain ]
System Events Broker [ SystemEventsBroker ]
Touch Keyboard and Handwriting Panel Service [ TabletInputService ]
Telephony [ tapisrv ]
Remote Desktop Services [ TermService ]
Themes [ Themes ]
Time Broker [ TimeBrokerSvc ]
Web ĒŦĶóČ ÞÍüļãü [ TokenBroker ]
User Access Logging Service [ UALSVC ]
Remote Desktop Services UserMode Port Redirector [ UmRdpService ]
User Manager [ UserManager ]
Update Orchestrator Service [ UsoSvc ]
Virtual Disk [ vds ]
Windows Time [ W32Time ]
Windows Connection Manager [ Wcmsvc ]
Diagnostic Service Host [ WdiServiceHost ]
Windows Defender Antivirus Service [ WinDefend ]
WinHTTP Web Proxy Auto-Discovery Service [ WinHttpAutoProxySvc ]
Windows Management Instrumentation [ Winmgmt ]
Windows Remote Management (WS-Management) [ WinRM ]
Microsoft iSCSI Target Server [ WinTarget ]
Microsoft Account Sign-in Assistant [ wlidsvc ]
Windows Ũ÷å.å·đÆā ĩüÓđ [ WpnService ]
Connected Devices Platform æüķü ĩüÓđ_b5a703 [ CDPUserSvc_b5a703 ]
Contact Data_b5a703 [ PimIndexMaintenanceSvc_b5a703 ]
PrintWorkflow_b5a703 [ PrintWorkflowUserSvc_b5a703 ]
User Data Storage_b5a703 [ UnistoreSvc_b5a703 ]
User Data Access_b5a703 [ UserDataSvc_b5a703 ]
Windows Push Notifications User Service_b5a703 [ WpnUserService_b5a703 ]

Inactive Services :

AllJoyn Router Service [ AJRouter ]
Application Layer Gateway Service [ ALG ]
Application Identity [ AppIDSvc ]
Application Management [ AppMgmt ]
App Readiness [ AppReadiness ]
Microsoft App-V Client [ AppVClient ]
AppX Deployment Service (AppXSVC) [ AppXSvc ]
Windows Audio Endpoint Builder [ AudioEndpointBuilder ]
Windows Audio [ Audiosrv ]
ActiveX Installer (AxInstSV) [ AxInstSV ]
Background Intelligent Transfer Service [ BITS ]
Bluetooth ŠüĮĢŠ ēüČͧΠĩüÓđ [ BTAGService ]
AVCTP ĩüÓđ [ BthAvctpSvc ]
Bluetooth ĩÝüČ ĩüÓđ [ bthserv ]
_ýĒŊŧđ ÞÍüļãü ĩüÓđ [ camsvc ]
COM+ System Application [ COMSysApp ]
Offline Files [ CscService ]
Optimize drives [ defragsvc ]
Device Install Service [ DeviceInstall ]
DevQuery Background Discovery Broker [ DevQueryBroker ]
Microsoft (R) :­ÏÖ.–ģėŊŋü ĩüÓđ [ diagnosticshub.standardcollector.service ]
ĮÐĪđĄ.{2ĩüÓđ [ DmEnrollmentSvc ]
ĮÐĪđĄ.ïĪäėđ ĒŨęąü·įó ŨíČģë (WAP) Ũ÷å áÃŧüļ ëüÆĢó° ĩüÓđ [ dmwappushservice ]
Delivery Optimization [ DoSvc ]
Wired AutoConfig [ dot3svc ]
DS Role Server [ DsRoleSvc ]
Extensible Authentication Protocol [ Eaphost ]
Encrypting File System (EFS) [ EFS ]
???????????? [ embeddedmode ]
Enterprise App Management Service [ EntAppSvc ]
Function Discovery Resource Publication [ FDResPub ]
Windows Ŧáé Õėüā ĩüÐü [ FrameServer ]
GraphicsPerfSvc [ GraphicsPerfSvc ]
HV ÛđČ ĩüÓđ [ HvHost ]
Windows âÐĪë ÛÃČđÝÃČ ĩüÓđ [ icssvc ]
Microsoft Store ĪóđČüë ĩüÓđ [ InstallService ]
Microsoft Key Distribution Service [ KdsSvc ]
KDC Proxy Server service (KPS) [ KPSSVC ]
KtmRm for Distributed Transaction Coordinator [ KtmRm ]
Geolocation Service [ lfsvc ]
Link-Layer Topology Discovery Mapper [ lltdsvc ]
Downloaded Maps Manager [ MapsBroker ]
Trellix Firewall Core Service [ mfefire ]
Trellix Mobile Plugin Service [ MobilePluginService ]
Microsoft iSCSI Initiator Service [ MSiSCSI ]
Windows Installer [ msiserver ]
Network Connectivity Assistant [ NcaSvc ]
Net.Tcp Port Sharing Service [ NetTcpPortSharing ]
Microsoft Passport Container [ NgcCtnrSvc ]
Microsoft Passport [ NgcSvc ]
File Replication [ NtFrs ]
Performance Counter DLL Host [ PerfHost ]
Phone Service [ PhoneSvc ]
Performance Logs & Alerts [ pla ]
Printer Extensions and Notifications [ PrintNotify ]
Windows PushToInstall ĩüÓđ [ PushToInstall ]
Quality Windows Audio Video Experience [ QWAVE ]
Remote Access Auto Connection Manager [ RasAuto ]
Routing and Remote Access [ RemoteAccess ]
!ÚĄ.ĩüÓđ [ RmSvc ]
Remote Procedure Call (RPC) Locator [ RpcLocator ]
Resultant Set of Policy Provider [ RSoPProv ]
Special Administration Console Helper [ sacsvr ]
Smart Card [ SCardSvr ]
Smart Card Device Enumeration Service [ ScDeviceEnum ]
Smart Card Removal Policy [ SCPolicySvc ]
Secondary Logon [ seclogon ]
/UDJˆs NFC/SE ÞÍüļãü [ SEMgrSvc ]
Windows Defender Advanced Threat Protection Service [ Sense ]
Sensor Data Service [ SensorDataService ]
Sensor Service [ SensorService ]
Sensor Monitoring Service [ SensrSvc ]
System Guard éóŋĪā âËŋü ÖíüŦü [ SgrmBroker ]
Internet Connection Sharing (ICS) [ SharedAccess ]
Shared PC Account Manager [ shpamsvc ]
System Management Assistant Service [ sma ]
Microsoft Storage Spaces SMP [ smphost ]
SNMP ČéÃŨ [ SNMPTRAP ]
Software Protection [ sppsvc ]
SQL Server Ļüļ§óČ (MSSQLSERVER) [ SQLSERVERAGENT ]
SSDP Discovery [ SSDPSRV ]
OpenSSH Authentication Agent [ ssh-agent ]
Windows Image Acquisition (WIA) [ stisvc ]
Integrated Smart Update Tools [ SUTService ]
Spot Verifier [ svsvc ]
Microsoft Software Shadow Copy Provider [ swprv ]
Storage Tiers Management [ TieringEngineService ]
Distributed Link Tracking Client [ TrkWks ]
Windows Modules Installer [ TrustedInstaller ]
ŋĪā ūüónęÕô°_ý [ tzautoupdate ]
æüķü ĻŊđÚęĻóđîó.ĩüÓđ [ UevAgentService ]
UPnP Device Host [ upnphost ]
Credential Manager [ VaultSvc ]
Hyper-V Guest Service Interface [ vmicguestinterface ]
Hyper-V Heartbeat Service [ vmicheartbeat ]
Hyper-V Data Exchange Service [ vmickvpexchange ]
Hyper-V ęâüČ ĮđŊČÃŨîó.ĩüÓđ [ vmicrdv ]
Hyper-V Guest Shutdown Service [ vmicshutdown ]
Hyper-V Time Synchronization Service [ vmictimesync ]
Hyper-V PowerShell Direct Service [ vmicvmsession ]
Hyper-V Üęåüā ·ãÉĶ ģÔü ęŊĻđŋü [ vmicvss ]
Volume Shadow Copy [ VSS ]
Windows Update Medic Service [ WaaSMedicSvc ]
WalletService [ WalletService ]
WarpJITSvc [ WarpJITSvc ]
Windows Biometric Service [ WbioSrvc ]
Diagnostic System Host [ WdiSystemHost ]
Windows Defender Antivirus Network Inspection Service [ WdNisSvc ]
Windows Event Collector [ Wecsvc ]
Windows Encryption Provider Host Service [ WEPHOSTSVC ]
Problem Reports and Solutions Control Panel Support [ wercplsupport ]
Windows Error Reporting Service [ WerSvc ]
Still Image Acquisition Events [ WiaRpc ]
Windows Insider ĩüÓđ [ wisvc ]
WMI Performance Adapter [ wmiApSrv ]
Windows Media Player Network Sharing Service [ WMPNetworkSvc ]
Portable Device Enumerator Service [ WPDBusEnum ]
Windows Search [ WSearch ]
Windows Update [ wuauserv ]
CaptureService_b5a703 [ CaptureService_b5a703 ]
ŊęÃŨÜüÉ æüķü ĩüÓđ_b5a703 [ cbdhsvc_b5a703 ]
ConsentUX_b5a703 [ ConsentUxUserSvc_b5a703 ]
DevicePicker_b5a703 [ DevicePickerUserSvc_b5a703 ]
ĮÐĪđ Õíü_b5a703 [ DevicesFlowUserSvc_b5a703 ]

92373 - Microsoft Windows SMB Sessions
-
Synopsis
Nessus was able to collect and report SMB session information from the remote host.
Description
Nessus was able to collect details of SMB sessions from the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2024/03/26
Plugin Output

tcp/0

Administrator

Extended SMB session information attached.

23974 - Microsoft Windows SMB Share Hosting Office Files
-
Synopsis
The remote share contains Office-related files.
Description
This plugin connects to the remotely accessible SMB shares and attempts to find office related files (such as .doc, .ppt, .xls, .pdf etc).
Solution
Make sure that the files containing confidential information have proper access controls set on them.
Risk Factor
None
Plugin Information
Published: 2007/01/04, Modified: 2011/03/21
Plugin Output

tcp/445/cifs


Here is a list of office files which have been found on the remote SMB
shares :

+ C$ :

- C:\Windows\System32\MSDRM\MsoIrmProtector.doc
- C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1_none_08e5c4718206e3dd\MsoIrmProtector.doc
- C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1697_none_6594d176fbbe42d1\MsoIrmProtector.doc
- C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1_none_fe911a1f4da621e2\MsoIrmProtector.doc
- C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1697_none_5b402724c75d80d6\MsoIrmProtector.doc
- C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc
- C:\Windows\System32\MSDRM\MsoIrmProtector.ppt
- C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1_none_08e5c4718206e3dd\MsoIrmProtector.ppt
- C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1697_none_6594d176fbbe42d1\MsoIrmProtector.ppt
- C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1_none_fe911a1f4da621e2\MsoIrmProtector.ppt
- C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1697_none_5b402724c75d80d6\MsoIrmProtector.ppt
- C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.ppt
- C:\Windows\System32\MSDRM\MsoIrmProtector.xls
- C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1_none_08e5c4718206e3dd\MsoIrmProtector.xls
- C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1697_none_6594d176fbbe42d1\MsoIrmProtector.xls
- C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1_none_fe911a1f4da621e2\MsoIrmProtector.xls
- C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1697_none_5b402724c75d80d6\MsoIrmProtector.xls
- C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.xls
- C:\Program Files (x86)\Microsoft SQL Server Management Studio 19\Licenses\1033\SSMS License Terms.docx
11777 - Microsoft Windows SMB Share Hosting Possibly Copyrighted Material
-
Synopsis
The remote host may contain material (movies/audio) infringing copyright.
Description
This plugin displays a list of media files (such as .mp3, .ogg, .mpg, .avi) which have been found on the remote SMB shares.

Some of these files may contain copyrighted materials, such as commercial movies or music files, that are being shared without the owner's permission.

If any of these files actually contain copyrighted material, and if they are freely swapped around, your organization might be held liable for copyright infringement by associations such as the RIAA or the MPAA.
Solution
Delete the files infringing copyright.
Risk Factor
None
Plugin Information
Published: 2003/06/26, Modified: 2012/11/29
Plugin Output

tcp/445/cifs


Here is a list of files which have been found on the remote SMB shares.
Some of these files may contain copyrighted materials, such as commercial
movies or music files.

+ C$ :

C:\Users\Administrator\AppData\Local\localsum\assets\media\notify.mp3

60119 - Microsoft Windows SMB Share Permissions Enumeration
-
Synopsis
It was possible to enumerate the permissions of remote network shares.
Description
By using the supplied credentials, Nessus was able to enumerate the permissions of network shares. User permissions are enumerated for each network share that has a list of access control entries (ACEs).
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2012/07/25, Modified: 2022/08/11
Plugin Output

tcp/445/cifs


Share path : \\masked_hostname\NETLOGON
Local path : C:\Windows\SYSVOL\sysvol\gcc.EMSOCCS.gsdf.mods.go.jp\SCRIPTS
Comment : Logon server share
[*] Allow ACE for Everyone (S-1-1-0): 0x001200a9
MAXIMUM_ALLOWED: NO
FILE_TRAVERSE: YES
FILE_GENERIC_READ: YES
STANDARD_RIGHTS_ALL: YES
ACCESS_ALL: YES
FILE_LIST_DIRECTORY: YES
GENERIC_ALL: NO
FILE_DELETE_CHILD: NO
ACCESS_SYSTEM_SECURITY: NO
FILE_WRITE_EA: NO
FILE_ADD_FILE: NO
FILE_READ_EA: YES
FILE_READ_ATTRIBUTES: YES
STANDARD_RIGHTS_EXECUTE: YES
FILE_ALL_ACCESS: YES
GENERIC_READ: NO
WRITE_DAC: NO
DELETE: NO
ACCESS_GROUP: NO
STANDARD_RIGHTS_REQUIRED: YES
WRITE_OWNER: NO
FILE_GENERIC_EXECUTE: YES
GENERIC_WRITE: NO
SYNCHRONIZE: YES
FILE_GENERIC_WRITE: NO
FILE_CREATE_PIPE_INSTANCE: NO
FILE_WRITE_ATTRIBUTES: NO
[*] Allow ACE for BUILTIN\Administrators (S-1-5-32-544): 0x001f01ff
MAXIMUM_ALLOWED: NO
FILE_TRAVERSE: YES
FILE_GENERIC_READ: YES
STANDARD_RIGHTS_ALL: YES
ACCESS_ALL: YES
FILE_LIST_DIRECTORY: YES
GENERIC_ALL: NO
FILE_DELETE_CHILD: YES
ACCESS_SYSTEM_SECURITY: NO
FILE_WRITE_EA: YES
FILE_ADD_FILE: YES
FILE_READ_EA: YES
FILE_READ_ATTRIBUTES: YES
STANDARD_RIGHTS_EXECUTE: YES
FILE_ALL_ACCESS: YES
GENERIC_READ: NO
WRITE_DAC: YES
DELETE: YES
ACCESS_GROUP: NO
STANDARD_RIGHTS_REQUIRED: YES
WRITE_OWNER: YES
FILE_GENERIC_EXECUTE: YES
GENERIC_WRITE: NO
SYNCHRONIZE: YES
FILE_GENERIC_WRITE: YES
FILE_CREATE_PIPE_INSTANCE: YES
FILE_WRITE_ATTRIBUTES: YES

Share path : \\masked_hostname\SYSVOL
Local path : C:\Windows\SYSVOL\sysvol
Comment : Logon server share
[*] Allow ACE for Everyone (S-1-1-0): 0x001200a9
MAXIMUM_ALLOWED: NO
FILE_TRAVERSE: YES
FILE_GENERIC_READ: YES
STANDARD_RIGHTS_ALL: YES
ACCESS_ALL: YES
FILE_LIST_DIRECTORY: YES
GENERIC_ALL: NO
FILE_DELETE_CHILD: NO
ACCESS_SYSTEM_SECURITY: NO
FILE_WRITE_EA: NO
FILE_ADD_FILE: NO
FILE_READ_EA: YES
FILE_READ_ATTRIBUTES: YES
STANDARD_RIGHTS_EXECUTE: YES
FILE_ALL_ACCESS: YES
GENERIC_READ: NO
WRITE_DAC: NO
DELETE: NO
ACCESS_GROUP: NO
STANDARD_RIGHTS_REQUIRED: YES
WRITE_OWNER: NO
FILE_GENERIC_EXECUTE: YES
GENERIC_WRITE: NO
SYNCHRONIZE: YES
FILE_GENERIC_WRITE: NO
FILE_CREATE_PIPE_INSTANCE: NO
FILE_WRITE_ATTRIBUTES: NO
[*] Allow ACE for BUILTIN\Administrators (S-1-5-32-544): 0x001f01ff
MAXIMUM_ALLOWED: NO
FILE_TRAVERSE: YES
FILE_GENERIC_READ: YES
STANDARD_RIGHTS_ALL: YES
ACCESS_ALL: YES
FILE_LIST_DIRECTORY: YES
GENERIC_ALL: NO
FILE_DELETE_CHILD: YES
ACCESS_SYSTEM_SECURITY: NO
FILE_WRITE_EA: YES
FILE_ADD_FILE: YES
FILE_READ_EA: YES
FILE_READ_ATTRIBUTES: YES
STANDARD_RIGHTS_EXECUTE: YES
FILE_ALL_ACCESS: YES
GENERIC_READ: NO
WRITE_DAC: YES
DELETE: YES
ACCESS_GROUP: NO
STANDARD_RIGHTS_REQUIRED: YES
WRITE_OWNER: YES
FILE_GENERIC_EXECUTE: YES
GENERIC_WRITE: NO
SYNCHRONIZE: YES
FILE_GENERIC_WRITE: YES
FILE_CREATE_PIPE_INSTANCE: YES
FILE_WRITE_ATTRIBUTES: YES
[*] Allow ACE for NT AUTHORITY\Authenticated Users (S-1-5-11): 0x001f01ff
MAXIMUM_ALLOWED: NO
FILE_TRAVERSE: YES
FILE_GENERIC_READ: YES
STANDARD_RIGHTS_ALL: YES
ACCESS_ALL: YES
FILE_LIST_DIRECTORY: YES
GENERIC_ALL: NO
FILE_DELETE_CHILD: YES
ACCESS_SYSTEM_SECURITY: NO
FILE_WRITE_EA: YES
FILE_ADD_FILE: YES
FILE_READ_EA: YES
FILE_READ_ATTRIBUTES: YES
STANDARD_RIGHTS_EXECUTE: YES
FILE_ALL_ACCESS: YES
GENERIC_READ: NO
WRITE_DAC: YES
DELETE: YES
ACCESS_GROUP: NO
STANDARD_RIGHTS_REQUIRED: YES
WRITE_OWNER: YES
FILE_GENERIC_EXECUTE: YES
GENERIC_WRITE: NO
SYNCHRONIZE: YES
FILE_GENERIC_WRITE: YES
FILE_CREATE_PIPE_INSTANCE: YES
FILE_WRITE_ATTRIBUTES: YES

Share path : \\masked_hostname\Users
Local path : C:\Users
[*] Allow ACE for BUILTIN\Administrators (S-1-5-32-544): 0x001f01ff
MAXIMUM_ALLOWED: NO
FILE_TRAVERSE: YES
FILE_GENERIC_READ: YES
STANDARD_RIGHTS_ALL: YES
ACCESS_ALL: YES
FILE_LIST_DIRECTORY: YES
GENERIC_ALL: NO
FILE_DELETE_CHILD: YES
ACCESS_SYSTEM_SECURITY: NO
FILE_WRITE_EA: YES
FILE_ADD_FILE: YES
FILE_READ_EA: YES
FILE_READ_ATTRIBUTES: YES
STANDARD_RIGHTS_EXECUTE: YES
FILE_ALL_ACCESS: YES
GENERIC_READ: NO
WRITE_DAC: YES
DELETE: YES
ACCESS_GROUP: NO
STANDARD_RIGHTS_REQUIRED: YES
WRITE_OWNER: YES
FILE_GENERIC_EXECUTE: YES
GENERIC_WRITE: NO
SYNCHRONIZE: YES
FILE_GENERIC_WRITE: YES
FILE_CREATE_PIPE_INSTANCE: YES
FILE_WRITE_ATTRIBUTES: YES
[*] Allow ACE for Everyone (S-1-1-0): 0x001f01ff
MAXIMUM_ALLOWED: NO
FILE_TRAVERSE: YES
FILE_GENERIC_READ: YES
STANDARD_RIGHTS_ALL: YES
ACCESS_ALL: YES
FILE_LIST_DIRECTORY: YES
GENERIC_ALL: NO
FILE_DELETE_CHILD: YES
ACCESS_SYSTEM_SECURITY: NO
FILE_WRITE_EA: YES
FILE_ADD_FILE: YES
FILE_READ_EA: YES
FILE_READ_ATTRIBUTES: YES
STANDARD_RIGHTS_EXECUTE: YES
FILE_ALL_ACCESS: YES
GENERIC_READ: NO
WRITE_DAC: YES
DELETE: YES
ACCESS_GROUP: NO
STANDARD_RIGHTS_REQUIRED: YES
WRITE_OWNER: YES
FILE_GENERIC_EXECUTE: YES
GENERIC_WRITE: NO
SYNCHRONIZE: YES
FILE_GENERIC_WRITE: YES
FILE_CREATE_PIPE_INSTANCE: YES
FILE_WRITE_ATTRIBUTES: YES
10396 - Microsoft Windows SMB Shares Access
-
Synopsis
It is possible to access a network share.
Description
The remote has one or more Windows shares that can be accessed through the network with the given credentials.

Depending on the share rights, it may allow an attacker to read / write confidential data.
Solution
To restrict access under Windows, open Explorer, do a right click on each share, go to the 'sharing' tab, and click on 'permissions'.
Risk Factor
None
Plugin Information
Published: 2000/05/09, Modified: 2021/10/04
Plugin Output

tcp/445/cifs


The following shares can be accessed as Administrator :

- ADMIN$ - (readable,writable)
+ Content of this share :
..
ADAM
ADFS
ADWS
appcompat
apppatch
AppReadiness
assembly
bcastdvr
bfsvc.exe
Boot
bootstat.dat
Branding
CbsTemp
certenroll.log
certocm.log
Containers
CSC
Cursors
debug
DfsrAdmin.exe
DfsrAdmin.exe.config
diagnostics
DigitalLocker
Downloaded Program Files
drivers
DtcInstall.log
ELAMBKUP
en-US
explorer.exe
Fonts
Globalization
Help
HelpPane.exe
hh.exe
hsperfdata_SYSTEM
IdentityCRL
IME
ImmersiveControlPanel
INF
InputMethod
Installer
ja-JP
L2Schemas
LiveKernelReports
Logs
lsasetup.log
media
mib.bin
Microsoft.NET
Migration
ModemLogs
notepad.exe
NTDS
OCR
ODBC.INI
Offline Web Pages
Panther
Performance
PFRO.log
PLA
PolicyDefinitions
Prefetch
PrintDialog
Provisioning
py.exe
pyshellext.amd64.dll
pyw.exe
regedit.exe
Registration
RemotePackages
rescache
Resources
SchCache
schemas
security
ServerStandard.xml
ServiceProfiles
ServiceState
servicing
Setup
setuperr.log
ShellComponents
ShellExperiences
SKB
SoftwareDistribution
Speech
Speech_OneCore
splwow64.exe
storelibdebug.txt
System
system.ini
System32

- Users - (readable,writable)
+ Content of this share :
..
Administrator
All Users
Default
Default User
desktop.ini
EVEMAuser
Public
testuser1

- SYSVOL - (readable,writable)
+ Content of this share :
..
gcc.EMSOCCS.gsdf.mods.go.jp

- NETLOGON - (readable,writable)
+ Content of this share :
..

- C$ - (readable,writable)
+ Content of this share :
$Recycle.Bin
Acronis
bootTel.dat
Config.Msi
cpqsystem
Documents and Settings
newscp
pagefile.sys
PerfLogs
Program Files
Program Files (x86)
ProgramData
Quarantine
Recovery
System Volume Information
tmp
Users
Windows
10395 - Microsoft Windows SMB Shares Enumeration
-
Synopsis
It is possible to enumerate remote network shares.
Description
By connecting to the remote host, Nessus was able to enumerate the network share names.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2000/05/09, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


Here are the SMB shares available on the remote host when logged in as Administrator:

- ADMIN$
- C$
- IPC$
- NETLOGON
- SYSVOL
- Users
100871 - Microsoft Windows SMB Versions Supported (remote check)
-
Synopsis
It was possible to obtain information about the version of SMB running on the remote host.
Description
Nessus was able to obtain the version of SMB running on the remote host by sending an authentication request to port 139 or 445.

Note that this plugin is a remote check and does not work on agents.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2017/06/19, Modified: 2019/11/22
Plugin Output

tcp/445/cifs


The remote host supports the following versions of SMB :
SMBv2
106716 - Microsoft Windows SMB2 and SMB3 Dialects Supported (remote check)
-
Synopsis
It was possible to obtain information about the dialects of SMB2 and SMB3 available on the remote host.
Description
Nessus was able to obtain the set of SMB2 and SMB3 dialects running on the remote host by sending an authentication request to port 139 or 445.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2018/02/09, Modified: 2020/03/11
Plugin Output

tcp/445/cifs


The remote host supports the following SMB dialects :
_version_ _introduced in windows version_
2.0.2 Windows 2008
2.1 Windows 7
3.0 Windows 8
3.0.2 Windows 8.1
3.1.1 Windows 10

The remote host does NOT support the following SMB dialects :
_version_ _introduced in windows version_
2.2.2 Windows 8 Beta
2.2.4 Windows 8 Beta
3.1 Windows 10

92368 - Microsoft Windows Scripting Host Settings
-
Synopsis
Nessus was able to collect and report the Windows scripting host settings from the remote host.
Description
Nessus was able to collect system and user level Windows scripting host settings from the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output

tcp/0

HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\displaylogo : 1
HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\usewinsafer : 1
HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\silentterminate : 0
HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\activedebugging : 1
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\displaylogo : 1
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\usewinsafer : 1
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\silentterminate : 0
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\activedebugging : 1

Windows scripting host configuration attached.

58452 - Microsoft Windows Startup Software Enumeration
-
Synopsis
It is possible to enumerate startup software.
Description
This plugin lists software that is configured to run on system startup by crawling the registry entries in :

- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersi on\Run
Solution
Review the list of applications and remove any that are not compliant with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2012/03/23, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


The following startup item was found :

McAfeeUpdaterUI - C:\Program Files\McAfee\Agent\x86\UpdaterUI.exe
SecurityHealth - %windir%\system32\SecurityHealthSystray.exe
38153 - Microsoft Windows Summary of Missing Patches
-
Synopsis
The remote host is missing several Microsoft security patches.
Description
This plugin summarizes updates for Microsoft Security Bulletins or Knowledge Base (KB) security updates that have not been installed on the remote Windows host based on the results of either a credentialed check using the supplied credentials or a check done using a supported third-party patch management tool.

Note the results of missing patches also include superseded patches.

Review the summary and apply any missing updates in order to be up to date.
Solution
Run Windows Update on the remote host or use a patch management solution.
Risk Factor
None
Plugin Information
Published: 2009/04/24, Modified: 2019/06/13
Plugin Output

tcp/445/cifs

The patches for the following bulletins or KBs are missing on the remote host :

- KB4532947 ( https://support.microsoft.com/en-us/help/4532947 )
- KB4552924 ( https://support.microsoft.com/en-us/help/4552924 )
- KB4565625 ( https://support.microsoft.com/en-us/help/4565625 )
- KB4569776 ( https://support.microsoft.com/en-us/help/4569776 )
- KB4578966 ( https://support.microsoft.com/en-us/help/4578966 )
- KB4601060 ( https://support.microsoft.com/en-us/help/4601060 )
- KB5006672 ( https://support.microsoft.com/en-us/help/5006672 )
- KB5007206 ( https://support.microsoft.com/en-us/help/5007206 )
- KB5008218 ( https://support.microsoft.com/en-us/help/5008218 )
- KB5008873 ( https://support.microsoft.com/en-us/help/5008873 )
- KB5009557 ( https://support.microsoft.com/en-us/help/5009557 )
- KB5010351 ( https://support.microsoft.com/en-us/help/5010351 )
- KB5011503 ( https://support.microsoft.com/en-us/help/5011503 )
- KB5012128 ( https://support.microsoft.com/en-us/help/5012128 )
- KB5012647 ( https://support.microsoft.com/en-us/help/5012647 )
- KB5013641 ( https://support.microsoft.com/en-us/help/5013641 )
- KB5013941 ( https://support.microsoft.com/en-us/help/5013941 )
- KB5014692 ( https://support.microsoft.com/en-us/help/5014692 )
- KB5015811 ( https://support.microsoft.com/en-us/help/5015811 )
- KB5016623 ( https://support.microsoft.com/en-us/help/5016623 )
- KB5017315 ( https://support.microsoft.com/en-us/help/5017315 )
- KB5018419 ( https://support.microsoft.com/en-us/help/5018419 )
- KB5019966 ( https://support.microsoft.com/en-us/help/5019966 )
- KB5020627 ( https://support.microsoft.com/en-us/help/5020627 )
- KB5020866 ( https://support.microsoft.com/en-us/help/5020866 )
- KB5021237 ( https://support.microsoft.com/en-us/help/5021237 )
- KB5022286 ( https://support.microsoft.com/en-us/help/5022286 )
- KB5022511 ( https://support.microsoft.com/en-us/help/5022511 )
- KB5022840 ( https://support.microsoft.com/en-us/help/5022840 )
- KB5023702 ( https://support.microsoft.com/en-us/help/5023702 )
- KB5025229 ( https://support.microsoft.com/en-us/help/5025229 )
- KB5026362 ( https://support.microsoft.com/en-us/help/5026362 )
- KB5027131 ( https://support.microsoft.com/en-us/help/5027131 )
- KB5027222 ( https://support.microsoft.com/en-us/help/5027222 )
- KB5028168 ( https://support.microsoft.com/en-us/help/5028168 )
- KB5028960 ( https://support.microsoft.com/en-us/help/5028960 )
- KB5029247 ( https://support.microsoft.com/en-us/help/5029247 )
- KB5029931 ( https://support.microsoft.com/en-us/help/5029931 )
- KB5030214 ( https://support.microsoft.com/en-us/help/5030214 )
- KB5031361 ( https://support.microsoft.com/en-us/help/5031361 )
- KB5031984 ( https://support.microsoft.com/en-us/help/5031984 )
- KB5032196 ( https://support.microsoft.com/en-us/help/5032196 )
- KB5033371 ( https://support.microsoft.com/en-us/help/5033371 )
- KB5033904 ( https://support.microsoft.com/en-us/help/5033904 )
- KB5034127 ( https://support.microsoft.com/en-us/help/5034127 )
- KB5034768 ( https://support.microsoft.com/en-us/help/5034768 )
- KB5035849 ( https://support.microsoft.com/en-us/help/5035849 )
- KB5036604 ( https://support.microsoft.com/en-us/help/5036604 )
- KB5036896 ( https://support.microsoft.com/en-us/help/5036896 )

92369 - Microsoft Windows Time Zone Information
-
Synopsis
Nessus was able to collect and report time zone information from the remote host.
Description
Nessus was able to collect time zone information from the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2023/06/06
Plugin Output

tcp/0

HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\TimeZoneKeyName : Tokyo Standard Time
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardName : @tzres.dll,-632
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightName : @tzres.dll,-631
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DynamicDaylightTimeDisabled : 0x00000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardBias : 0x00000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightBias : 0xFFFFFFC4
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\Bias : 0xFFFFFDE4
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\ActiveTimeBias : 0xFFFFFDE4
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightStart : 00000000000000000000000000000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardStart : 00000000000000000000000000000000

35730 - Microsoft Windows USB Device Usage Report
-
Synopsis
It was possible to get a list of USB devices that may have been connected to the remote system in the past.
Description
Using the supplied credentials, this plugin enumerates USB devices that have been connected to the remote Windows host in the past.
See Also
Solution
Make sure that the use of USB drives is in accordance with your organization's security policy.
Risk Factor
None
Plugin Information
Published: 2009/02/24, Modified: 2022/06/01
Plugin Output

tcp/445/cifs


The following is a list of USB devices that have been connected
to remote system at least once in the past :


Device Name : iLO Virtual DVD-ROM USB Device
Last Inserted Time : unknown

First used : unknown

Device Name : BUFFALO RUF3-HSTV5 USB Device
Last Inserted Time : Aug. 1, 2023 at 07:30:04 GMT

First used : unknown

Device Name : BUFFALO RUF3-HSTV5 USB Device
Last Inserted Time : Aug. 1, 2023 at 07:30:04 GMT

First used : unknown

Device Name : BUFFALO RUF3-HSTV5 USB Device
Last Inserted Time : Sep. 27, 2023 at 02:17:42 GMT

First used : unknown

Device Name : BUFFALO RUF3-HSTV5 USB Device
Last Inserted Time : Sep. 27, 2023 at 02:17:42 GMT

First used : unknown

Device Name : BUFFALO RUF3-HSTV5 USB Device
Last Inserted Time : Aug. 1, 2023 at 08:21:11 GMT

First used : unknown

Device Name : BUFFALO RUF3-HSTV5 USB Device
Last Inserted Time : Aug. 1, 2023 at 08:21:11 GMT

First used : unknown

Device Name : BUFFALO RUF3-HSTV5 USB Device
Last Inserted Time : Jul. 27, 2023 at 02:19:44 GMT

First used : unknown

Device Name : BUFFALO RUF3-HSTV5 USB Device
Last Inserted Time : Jul. 27, 2023 at 02:19:44 GMT

First used : unknown

Device Name : ELECOM MF-PKU3 USB Device
Last Inserted Time : Sep. 14, 2023 at 08:17:01 GMT

First used : unknown

Device Name : ELECOM MF-PKU3 USB Device
Last Inserted Time : Dec. 4, 2023 at 04:04:39 GMT

First used : unknown

Device Name : ELECOM MF-PKU3 USB Device
Last Inserted Time : Dec. 26, 2023 at 05:07:26 GMT

First used : unknown

Device Name : ELECOM MF-PKU3 USB Device
Last Inserted Time : Sep. 1, 2023 at 02:06:57 GMT

First used : unknown

Device Name : ELECOM MF-PKU3 USB Device
Last Inserted Time : Sep. 15, 2023 at 01:01:14 GMT

First used : unknown

Device Name : TM TMPS3 DISK USB Device
Last Inserted Time : Feb. 5, 2024 at 05:12:29 GMT

First used : unknown

Device Name : TM TMPS3 DISK USB Device
Last Inserted Time : Feb. 5, 2024 at 05:12:29 GMT

First used : unknown

(Note that for a complete listing of 'First used' times you should
run this test with the option 'thorough_tests' enabled.)

50344 - Missing or Permissive Content-Security-Policy frame-ancestors HTTP Response Header
-
Synopsis
The remote web server does not take steps to mitigate a class of web application vulnerabilities.
Description
The remote web server in some responses sets a permissive Content-Security-Policy (CSP) frame-ancestors response header or does not set one at all.

The CSP frame-ancestors header has been proposed by the W3C Web Application Security Working Group as a way to mitigate cross-site scripting and clickjacking attacks.
See Also
Solution
Set a non-permissive Content-Security-Policy frame-ancestors header for all requested resources.
Risk Factor
None
Plugin Information
Published: 2010/10/26, Modified: 2021/01/19
Plugin Output

tcp/8443/www


The following pages do not set a Content-Security-Policy frame-ancestors response header or set a permissive policy:

- https://ipaddr:8443/
- https://ipaddr:8443/EPOCore/
- https://ipaddr:8443/EPOCore/block
- https://ipaddr:8443/EPOCore/body
- https://ipaddr:8443/EPOCore/display
- https://ipaddr:8443/EPOCore/j_security_check
- https://ipaddr:8443/EPOCore/loginForm
- https://ipaddr:8443/console/
- https://ipaddr:8443/console/block
- https://ipaddr:8443/console/body
- https://ipaddr:8443/console/display
- https://ipaddr:8443/console/j_security_check
- https://ipaddr:8443/console/loginForm
- https://ipaddr:8443/core/
- https://ipaddr:8443/core/j_security_check
- https://ipaddr:8443/core/orionSplashScreen.do
- https://ipaddr:8443/help/
- https://ipaddr:8443/help/block
- https://ipaddr:8443/help/body
- https://ipaddr:8443/help/display
- https://ipaddr:8443/help/j_security_check
- https://ipaddr:8443/help/loginForm
- https://ipaddr:8443/report/
- https://ipaddr:8443/report/block
- https://ipaddr:8443/report/body
- https://ipaddr:8443/report/display
- https://ipaddr:8443/report/j_security_check
- https://ipaddr:8443/report/loginForm

50344 - Missing or Permissive Content-Security-Policy frame-ancestors HTTP Response Header
-
Synopsis
The remote web server does not take steps to mitigate a class of web application vulnerabilities.
Description
The remote web server in some responses sets a permissive Content-Security-Policy (CSP) frame-ancestors response header or does not set one at all.

The CSP frame-ancestors header has been proposed by the W3C Web Application Security Working Group as a way to mitigate cross-site scripting and clickjacking attacks.
See Also
Solution
Set a non-permissive Content-Security-Policy frame-ancestors header for all requested resources.
Risk Factor
None
Plugin Information
Published: 2010/10/26, Modified: 2021/01/19
Plugin Output

tcp/8444/www


The following pages do not set a Content-Security-Policy frame-ancestors response header or set a permissive policy:

- https://ipaddr:8444/
- https://ipaddr:8444/core/

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2024/03/13
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.4.1
Nessus build : 20091
Plugin feed version : 202404150448
Scanner edition used : Nessus
Scanner OS : WINDOWS
Scanner distribution : win-x86-64
Scan type : Normal
Scan name : masked_systemname Pre
Scan policy used : masked_systemname Pre
Scanner IP : ipaddr4
Port scanner(s) : wmi_netstat
Port range : 1-65535
Ping RTT : Unavailable
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 2
Safe checks : yes
Optimize the test : yes
Credentialed checks : yes, as 'EMSOCCS1\Administrator' via SMB
Patch management checks : None
Display superseded patches : yes (supersedence plugin did not launch)
CGI scanning : enabled
Web application tests : disabled
Max hosts : 5
Max checks : 5
Recv timeout : 3
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2024/4/22 14:55 Tokyo Standard Time
Scan duration : 2540 sec
Scan for malware : yes
58651 - Netstat Active Connections
-
Synopsis
Active connections are enumerated via the 'netstat' command.
Description
This plugin runs 'netstat' on the remote machine to enumerate all active 'ESTABLISHED' or 'LISTENING' tcp/udp connections.

Note: The output for this plugin can be very long, and is not shown by default. To display it, enable verbose reporting in scan settings.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2012/04/10, Modified: 2021/06/29
Plugin Output

tcp/0

report output too big - ending list here

64582 - Netstat Connection Information
-
Synopsis
Nessus was able to parse the results of the 'netstat' command on the remote host.
Description
The remote host has listening ports or established connections that Nessus was able to extract from the results of the 'netstat' command.

Note: The output for this plugin can be very long, and is not shown by default. To display it, enable verbose reporting in scan settings.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/02/13, Modified: 2023/05/23
Plugin Output

tcp/0

report output too big - ending list here

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/0


Note that 2503 UDP ports belonging to DNS.exe have been ignored.

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/53/dns

Port 53/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

udp/53/dns

Port 53/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/80/www

Port 80/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/88

Port 88/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

udp/88

Port 88/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

udp/123/ntp

Port 123/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/135/epmap

Port 135/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

udp/137/netbios-ns

Port 137/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

udp/138

Port 138/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/139/smb

Port 139/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/389/ldap

Port 389/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

udp/389

Port 389/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/443

Port 443/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/445/cifs

Port 445/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/464

Port 464/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

udp/464

Port 464/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

udp/500

Port 500/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/593/http-rpc-epmap

Port 593/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/636/ldap

Port 636/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/1433/mssql

Port 1433/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

udp/1434

Port 1434/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/3260

Port 3260/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/3268/ldap

Port 3268/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/3269/ldap

Port 3269/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/3389/msrdp

Port 3389/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

udp/3389

Port 3389/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

udp/4500

Port 4500/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

udp/5353

Port 5353/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

udp/5355/llmnr

Port 5355/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/5985/www

Port 5985/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/8081

Port 8081/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

udp/8082

Port 8082/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/8443/www

Port 8443/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/8444/www

Port 8444/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/9389

Port 9389/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/10024

Port 10024/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/43553

Port 43553/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

udp/43553

Port 43553/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/43554

Port 43554/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/47001/www

Port 47001/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/49664/dce-rpc

Port 49664/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/49665/dce-rpc

Port 49665/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/49666/dce-rpc

Port 49666/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/49667/dce-rpc

Port 49667/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/49669/dce-rpc

Port 49669/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/49670/dce-rpc

Port 49670/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/49671/ncacn_http

Port 49671/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/49672/dce-rpc

Port 49672/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/49673/dce-rpc

Port 49673/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/49677/dce-rpc

Port 49677/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/49713/dce-rpc

Port 49713/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/49736

Port 49736/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/49738/dce-rpc

Port 49738/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/49742/dce-rpc

Port 49742/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/56042

Port 56042/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

udp/58776

Port 58776/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

udp/65535

Port 65535/udp was found to be open

24272 - Network Interfaces Enumeration (WMI)
-
Synopsis
Nessus was able to obtain the list of network interfaces on the remote host.
Description
Nessus was able, via WMI queries, to extract a list of network interfaces on the remote host and the IP addresses attached to them.
Note that this plugin only enumerates IPv6 addresses for systems running Windows Vista or later.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/02/03, Modified: 2024/03/26
Plugin Output

tcp/0

+ Network Interface Information :

- Network Interface = [00000003] HPE Ethernet 1Gb 4-port 366FLR Adapter
- MAC Address = D4:F5:EF:9F:F6:38
- IPAddress/IPSubnet = ipaddr/255.255.255.0

+ Network Interface Information :

- Network Interface = [00000008] HPE Ethernet 1Gb 4-port 366FLR Adapter
- MAC Address = D4:F5:EF:9F:F6:39
- IPAddress/IPSubnet = fe80::d879:25c2:c57b:1511/64
- IPAddress/IPSubnet = fd01:e2e2:0:e0c0:d879:25c2:c57b:1511/64
- IPAddress/IPSubnet = fd01:e2e2:0:e0c0::1/64


+ Routing Information :

Destination Netmask Gateway
----------- ------- -------
0.0.0.0 0.0.0.0 192.168.100.254
127.0.0.0 255.0.0.0 0.0.0.0
127.0.0.1 255.255.255.255 0.0.0.0
127.255.255.255 255.255.255.255 0.0.0.0
192.168.100.0 255.255.255.0 0.0.0.0
ipaddr 255.255.255.255 0.0.0.0
192.168.100.255 255.255.255.255 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0

10884 - Network Time Protocol (NTP) Server Detection
-
Synopsis
An NTP server is listening on the remote host.
Description
An NTP server is listening on port 123. If not securely configured, it may provide information about its version, current date, current time, and possibly system information.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0934
Plugin Information
Published: 2015/03/20, Modified: 2021/02/24
Plugin Output

udp/123/ntp


An NTP service has been discovered, listening on port 123.

No sensitive information has been disclosed.

Version : unknown

11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2023/11/08
Plugin Output

tcp/0


Remote operating system : Microsoft Windows Server 2019 Standard Build 17763
Confidence level : 100
Method : SMB_OS

Not all fingerprints could give a match. If you think some or all of
the following could be used to identify the host's operating system,
please email them to os-signatures@nessus.org. Be sure to include a
brief description of the host itself, such as the actual operating
system or product / model names.

NTP:!:unknown
HTTP:Server: Microsoft-HTTPAPI/2.0

SinFP:!:
P1:B11113:F0x12:W65392:O0204ffff:M1460:
P2:B11113:F0x12:W65535:O0204ffff0103030801010402:M1460:
P3:B00000:F0x00:W0:O0:M0
P4:190400_7_p=49677
SSLcert:!:i/CN:gcc-masked_hostname-CAs/CN:masked_hostname.gcc.EMSOCCS.gsdf.mods.go.jp
ff39cbfb24457073cc4849ea0e1a3121f61012bb
i/CN:EVEMA_CAs/CN:EVEMA_SERVER
384c73d1554655d344336df6439e3a5cab0a2cdb
i/CN:Orion_CA_masked_hostnamei/O:McAfeei/OU:Orions/CN:Orion_ClientAuth_masked_hostnames/O:McAfees/OU:Orion
a9fe7a5aeb1784bd32493b893c4cdacb12308e52



The remote host is running Microsoft Windows Server 2019 Standard Build 17763

117887 - OS Security Patch Assessment Available
-
Synopsis
Nessus was able to log in to the remote host using the provided credentials and enumerate OS security patch levels.
Description
Nessus was able to determine OS security patch levels by logging into the remote host and running commands to determine the version of the operating system and its components. The remote host was identified as an operating system or device that Nessus supports for patch and update assessment. The necessary information was obtained to perform these checks.
Solution
n/a
Risk Factor
None
References
XREF IAVB:0001-B-0516
Plugin Information
Published: 2018/10/02, Modified: 2021/07/12
Plugin Output

tcp/445/cifs

OS Security Patch Assessment is available.

Account : EMSOCCS1\Administrator
Protocol : SMB

10919 - Open Port Re-check
-
Synopsis
Previously open ports are now closed.
Description
One of several ports that were previously open are now closed or unresponsive.

There are several possible reasons for this :

- The scan may have caused a service to freeze or stop running.

- An administrator may have stopped a particular service during the scanning process.

This might be an availability problem related to the following :

- A network outage has been experienced during the scan, and the remote network cannot be reached anymore by the scanner.

- This scanner may has been blacklisted by the system administrator or by an automatic intrusion detection / prevention system that detected the scan.

- The remote host is now down, either because a user turned it off during the scan or because a select denial of service was effective.

In any case, the audit of the remote host might be incomplete and may need to be done again.
Solution
Steps to resolve this issue include :

- Increase checks_read_timeout and/or reduce max_checks.

- Disable any IPS during the Nessus scan
Risk Factor
None
References
XREF IAVB:0001-B-0509
Plugin Information
Published: 2002/03/19, Modified: 2023/06/20
Plugin Output

tcp/0

Port 10024 was detected as being open but is now closed
92426 - OpenSaveMRU History
-
Synopsis
Nessus was able to enumerate opened and saved files on the remote host.
Description
Nessus was able to generate a report on files that were opened using the shell dialog box or saved using the shell dialog box. This is the box that appears when you attempt to save a document or open a document in Windows Explorer.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output

tcp/0

Open / Save report attached.
66334 - Patch Report
-
Synopsis
The remote host is missing several patches.
Description
The remote host is missing one or more security patches. This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date.

Note: Because the 'Show missing patches that have been superseded' setting in your scan policy depends on this plugin, it will always run and cannot be disabled.
Solution
Install the patches listed below.
Risk Factor
None
Plugin Information
Published: 2013/07/08, Modified: 2024/04/09
Plugin Output

tcp/0



. You need to take the following 24 actions :

+ Install the following Microsoft patches :
- KB5036896 (32 vulnerabilities)The following KBs would be covered:
KB5034768, KB5033371, KB5034127, KB5035849, KB5029247,
KB5030214, KB5031361, KB5025229, KB5022840, KB5026362,
KB5027222, KB5021237, KB5022286, KB5032196, KB5028168,
KB5023702, KB5016623, KB5017315, KB5018419, KB5012647,
KB5010351, KB5013941, KB5014692, KB5008218, KB5009557,
KB5019966, KB5015811, KB5011503, KB5005568, KB5006672,
KB5008602, KB5007266
- KB5036604
- KB5033904
- KB5031984
- KB5029931
- KB5028960
- KB5027131
- KB5022511
- KB5020866
- KB5020627
- KB5013641
- KB5012128
- KB5008873
- KB4601060
- KB4578966
- KB4569776
- KB4565625
- KB4552924
- KB4532947

[ Curl Use-After-Free < 7.87 (CVE-2022-43552) (171859) ]

+ Action to take : Upgrade Curl to version 7.87.0 or later


[ Microsoft Azure Data Studio < 1.48.0 Elevation of Privilege Vulnerability (CVE-2024-26203) (192147) ]

+ Action to take : Upgrade to Microsoft Azure Data Studio version 1.48.0 or later.


[ Security Updates for Microsoft .NET Framework (April 2024) (193217) ]

+ Action to take : Microsoft has released security updates for Microsoft .NET Framework.

+ Impact : Taking this action will resolve the following 39 different vulnerabilities :
CVE-2024-29059, CVE-2024-21409, CVE-2024-21312, CVE-2024-0057, CVE-2024-0056
CVE-2023-36899, CVE-2023-36873, CVE-2023-36796, CVE-2023-36794, CVE-2023-36793
CVE-2023-36792, CVE-2023-36788, CVE-2023-36560, CVE-2023-36049, CVE-2023-36042
CVE-2023-32030, CVE-2023-29331, CVE-2023-29330, CVE-2023-29326, CVE-2023-24936
CVE-2023-24897, CVE-2023-24895, CVE-2023-21808, CVE-2023-21722, CVE-2022-41089
CVE-2022-41064, CVE-2022-30130, CVE-2022-26832, CVE-2022-21911, CVE-2021-24111
CVE-2020-16937, CVE-2020-1476, CVE-2020-1147, CVE-2020-1108, CVE-2020-1066
CVE-2020-1046, CVE-2020-0646, CVE-2020-0606, CVE-2020-0605


[ Security Updates for Microsoft SQL Server ODBC Driver (April 2024) (193160) ]

+ Action to take : Microsoft has released security updates for the Microsoft SQL Driver.

+ Impact : Taking this action will resolve the following 29 different vulnerabilities :
CVE-2024-29043, CVE-2024-28943, CVE-2024-28941, CVE-2024-28938, CVE-2024-28937
CVE-2024-28936, CVE-2024-28935, CVE-2024-28934, CVE-2024-28933, CVE-2024-28932
CVE-2024-28931, CVE-2024-28930, CVE-2024-28929, CVE-2024-0056, CVE-2023-38169
CVE-2023-36785, CVE-2023-36730, CVE-2023-36728, CVE-2023-36420, CVE-2023-36417
CVE-2023-32028, CVE-2023-29349, CVE-2023-23384, CVE-2023-21718, CVE-2023-21713
CVE-2023-21705, CVE-2023-21704, CVE-2023-21568, CVE-2023-21528


[ Security Updates for Microsoft SQL Server OLE DB Driver (April 2024) (193161) ]

+ Action to take : Microsoft has released security updates for the Microsoft SQL OLE DB Driver.

+ Impact : Taking this action will resolve the following 41 different vulnerabilities :
CVE-2024-29985, CVE-2024-29984, CVE-2024-29983, CVE-2024-29982, CVE-2024-29048
CVE-2024-29047, CVE-2024-29046, CVE-2024-29045, CVE-2024-29044, CVE-2024-28945
CVE-2024-28944, CVE-2024-28942, CVE-2024-28940, CVE-2024-28939, CVE-2024-28927
CVE-2024-28926, CVE-2024-28915, CVE-2024-28914, CVE-2024-28913, CVE-2024-28912
CVE-2024-28911, CVE-2024-28910, CVE-2024-28909, CVE-2024-28908, CVE-2024-28906
CVE-2024-0056, CVE-2023-38169, CVE-2023-36785, CVE-2023-36730, CVE-2023-36728
CVE-2023-36420, CVE-2023-36417, CVE-2023-32028, CVE-2023-29349, CVE-2023-23384
CVE-2023-21718, CVE-2023-21713, CVE-2023-21705, CVE-2023-21704, CVE-2023-21568
CVE-2023-21528

139241 - Python Software Foundation Python Installed (Windows)
-
Synopsis
A programming language application is installed on the remote Windows host.
Description
Python, a tool to locally create and run application in the python programming language, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2020/07/31, Modified: 2024/03/26
Plugin Output

tcp/0


Path : C:\Users\Administrator\AppData\Local\Programs\Python\Python311\
Version : 3.11.4

66173 - RDP Screenshot
-
Synopsis
It is possible to take a screenshot of the remote login screen.
Description
This script attempts to connect to the remote host via RDP (Remote Desktop Protocol) and attempts to take a screenshot of the login screen.

While this is not a vulnerability by itself, some versions of Windows display the names of the users who can connect and which ones are connected already.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/04/22, Modified: 2024/03/19
Plugin Output

tcp/3389/msrdp

It was possible to gather the following screenshot of the remote login screen.

92428 - Recent File History
-
Synopsis
Nessus was able to enumerate recently opened files on the remote host.
Description
Nessus was able to gather evidence of files opened by file type from the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output

tcp/0

C:\\Users\testuser1\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini

Recent files found in registry and appdata attached.
92429 - Recycle Bin Files
-
Synopsis
Nessus was able to enumerate files in the recycle bin on the remote host.
Description
Nessus was able to generate a list of all files found in $Recycle.Bin subdirectories.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output

tcp/0

C:\\$Recycle.Bin\\.
C:\\$Recycle.Bin\\..
C:\\$Recycle.Bin\\S-1-5-18
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1304
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-500
C:\\$Recycle.Bin\\S-1-5-18\.
C:\\$Recycle.Bin\\S-1-5-18\..
C:\\$Recycle.Bin\\S-1-5-18\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1304\.
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1304\..
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1304\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\.
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\..
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-500\.
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-500\..
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-500\$IBECIIT.png
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-500\$IN95ZQX.png
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-500\$IUYLOJO
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-500\$RBECIIT.png
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-500\$RN95ZQX.png
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-500\desktop.ini
92430 - Registry Editor Last Accessed
-
Synopsis
Nessus was able to find the last key accessed by the Registry Editor when it was closed on the remote host.
Description
Nessus was able to find evidence of the last key that was opened when the Registry Editor was closed for each user.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output

tcp/0

GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- 丑藻黒HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

10940 - Remote Desktop Protocol Service Detection
-
Synopsis
The remote host has an remote desktop protocol service enabled.
Description
The Remote Desktop Protocol allows a user to remotely obtain a graphical login (and therefore act as a local user on the remote host).

If an attacker gains a valid login and password, this service could be used to gain further access on the remote host. An attacker may also use this service to mount a dictionary attack against the remote host to try to log in remotely.

Note that RDP (the Remote Desktop Protocol) is vulnerable to Man-in-the-middle attacks, making it easy for attackers to steal the credentials of legitimate users by impersonating the Windows server.
Solution
Disable the service if you do not use it, and do not allow this service to run across the Internet.
Risk Factor
None
Plugin Information
Published: 2002/04/20, Modified: 2023/08/21
Plugin Output

tcp/3389/msrdp

62042 - SMB QuickFixEngineering (QFE) Enumeration
-
Synopsis
The remote host has quick-fix engineering updates installed.
Description
By connecting to the host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via the registry.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2012/09/11, Modified: 2022/02/01
Plugin Output

tcp/0


Here is a list of quick-fix engineering updates installed on the
remote system :

KB4515855
KB4519338, Installed on: 2019/10/07
KB4521862, Installed on: 2019/10/07
KB5005112, Installed on: 2023/12/15
KB5005625, Installed on: 2023/12/15
KB5005701, Installed on: 2023/12/15
42897 - SMB Registry : Start the Registry Service during the scan (WMI)
-
Synopsis
The registry service was enabled for the duration of the scan.
Description
To perform a full credentialed scan, Nessus needs the ability to connect to the remote registry service (RemoteRegistry). If the service is down, this plugin will attempt to start for the duration of the scan.

For this plugin to work, you need to select the option 'Start the Remote Registry service during the scan' on the credentials page when you add your Windows credentials.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/11/25, Modified: 2024/03/26
Plugin Output

tcp/0


The registry service was successfully started for the duration of the scan.
35706 - SMB Registry : Stopping the Registry Service after the scan failed
-
Synopsis
The registry service could not be stopped after the scan.
Description
To perform a full credentialed scan, Nessus needs the ability to connect to the remote registry service (RemoteRegistry).

While Nessus successfully started the registry service, it could not stop it after the scan. You might want to disable it manually.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/02/18, Modified: 2011/03/19
Plugin Output

tcp/0


The following error occured :

StopService() failed

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/443


This port supports TLSv1.2.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/636/ldap


This port supports TLSv1.0/TLSv1.1/TLSv1.2.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/1433/mssql


This port supports TLSv1.0/TLSv1.1/TLSv1.2.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/3269/ldap


This port supports TLSv1.0/TLSv1.1/TLSv1.2.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/3389/msrdp


This port supports TLSv1.0/TLSv1.1/TLSv1.2.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/8443/www


This port supports TLSv1.2.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/8444/www


This port supports TLSv1.2.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/10024


This port supports TLSv1.2.

45410 - SSL Certificate 'commonName' Mismatch
-
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Risk Factor
None
Plugin Information
Published: 2010/04/03, Modified: 2021/03/09
Plugin Output

tcp/443


The host names known by Nessus are :

masked_hostname
masked_hostname.emsoccs1

The Common Name in the certificate is :

ah_masked_hostname

The Subject Alternate Name in the certificate is :

ah_masked_hostname

45410 - SSL Certificate 'commonName' Mismatch
-
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Risk Factor
None
Plugin Information
Published: 2010/04/03, Modified: 2021/03/09
Plugin Output

tcp/1433/mssql


The host names known by Nessus are :

masked_hostname
masked_hostname.emsoccs1

The Common Name in the certificate is :

ssl_self_signed_fallback

45410 - SSL Certificate 'commonName' Mismatch
-
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Risk Factor
None
Plugin Information
Published: 2010/04/03, Modified: 2021/03/09
Plugin Output

tcp/8444/www


The host names known by Nessus are :

masked_hostname
masked_hostname.emsoccs1

The Common Name in the certificate is :

orion_clientauth_masked_hostname

The Subject Alternate Name in the certificate is :

orion_clientauth_masked_hostname

45410 - SSL Certificate 'commonName' Mismatch
-
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Risk Factor
None
Plugin Information
Published: 2010/04/03, Modified: 2021/03/09
Plugin Output

tcp/10024


The host names known by Nessus are :

masked_hostname
masked_hostname.emsoccs1

The Common Name in the certificate is :

evema_server

83298 - SSL Certificate Chain Contains Certificates Expiring Soon
-
Synopsis
The remote host has an SSL certificate chain with one or more certificates that are going to expire soon.
Description
The remote host has an SSL certificate chain with one or more SSL certificates that are going to expire soon. Failure to renew these certificates before the expiration date may result in denial of service for users.
Solution
Renew any soon to expire SSL certificates.
Risk Factor
None
Plugin Information
Published: 2015/05/08, Modified: 2015/05/08
Plugin Output

tcp/3389/msrdp


The following soon to expire certificate was part of the certificate
chain sent by the remote host :

|-Subject : CN=masked_hostname.gcc.EMSOCCS.gsdf.mods.go.jp
|-Not After : Jun 16 08:25:55 2024 GMT
42981 - SSL Certificate Expiry - Future Expiry
-
Synopsis
The SSL certificate associated with the remote service will expire soon.
Description
The SSL certificate associated with the remote service will expire soon.
Solution
Purchase or generate a new SSL certificate in the near future to replace the existing one.
Risk Factor
None
Plugin Information
Published: 2009/12/02, Modified: 2020/09/04
Plugin Output

tcp/3389/msrdp


The SSL certificate will expire within 60 days, at
Jun 16 08:25:55 2024 GMT :

Subject : CN=masked_hostname.gcc.EMSOCCS.gsdf.mods.go.jp
Issuer : CN=masked_hostname.gcc.EMSOCCS.gsdf.mods.go.jp
Not valid before : Dec 16 08:25:55 2023 GMT
Not valid after : Jun 16 08:25:55 2024 GMT

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/443

Subject Name:

Organization: McAfee
Organization Unit: ePO
Common Name: AH_masked_hostname

Issuer Name:

Organization: McAfee
Organization Unit: AH
Common Name: AH_CA_masked_hostname

Serial Number: 66 FA F6 32 BD AA 6A D4

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Jan 01 00:00:00 1970 GMT
Not Valid After: Aug 08 05:45:07 2053 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 BA 9D 0F E1 5C 94 BF 1D 18 4D B5 CC 65 CF 50 4A 27 50 AF
97 87 13 4F 06 22 F7 65 65 BB 86 62 6D E8 4A A3 62 3D 25 2B
8D C0 32 9F A1 A1 A5 DB 12 17 34 60 AE DD 14 10 79 28 9E 22
06 54 5A 83 AE 19 97 53 F4 D3 FF 12 6E 38 21 5D 9E 55 D4 0A
7D E6 E7 88 57 85 27 FF 7D 81 96 F3 BB D5 42 5A 6B 22 E8 5B
ED 52 9B 2F 98 38 14 FC 62 43 BB 12 61 D3 F1 EF 47 FE 8B C5
9A 3E AC DA CE FE CC 91 C9 95 E9 19 8C C7 8E 09 B2 B4 8D D0
12 CB 95 A6 A1 3B A8 26 F0 73 51 25 39 82 06 2D BC 67 F7 84
3C 54 2A 25 47 C7 33 E7 39 9B B8 E8 38 D5 3D 6C A6 1E C1 FC
D9 7D C6 D6 6C 3E FB 07 18 BD D9 DC 56 31 5E 64 5C 04 19 F0
1A D8 86 EE 83 63 78 04 23 56 07 B3 06 F1 C0 60 A1 CA 68 46
C6 BF 02 C7 B1 38 C7 3D 19 E4 96 D4 0F 54 75 C1 A1 0F 34 E1
12 C2 4D 5A 64 59 AA 6A 6C F9 39 42 8B A8 D0 AB 1B
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 68 D6 5F 2F 0E 26 45 71 93 DC DE 27 05 E5 00 70 B6 52 23
AA 32 D2 EB 47 32 4E B1 1F 1B 93 E7 1A 6F AB 69 78 26 5D 23
2B 54 8A EC F7 72 70 A1 A1 C5 1F 67 0D DF B8 76 94 6A 99 02
F2 F8 A2 FD 96 EB AA 31 C8 69 E9 71 59 A4 37 F1 7A 80 8B 03
16 B1 DE CB 2A A6 9C 81 58 02 0A 78 D0 C9 EA 1C C9 F8 DF 6D
D7 38 12 7E 0F 53 A2 25 93 F8 EC CD 8C 10 26 5B 11 6B 8C 9A
75 26 E8 E5 24 41 9D A9 52 70 12 01 41 0C 75 30 A4 84 00 8B
89 46 02 B4 91 A1 BA 24 8F B5 6E 59 A2 DB 5B 2B C4 96 DB 37
35 56 93 BF A5 B0 E1 DE B0 F7 13 71 86 E8 C7 3A 40 F5 95 EE
5E 63 D7 7A A0 F4 98 00 C7 FC 6A CE C2 0F 26 42 9B CD 6C C2
6F 8C 20 98 40 4A 55 6B 00 D9 15 22 D0 00 01 92 7B 68 DE 0C
F0 A7 D4 B7 F9 B3 50 1C 96 C5 F4 26 11 90 B7 2E 34 39 D3 7E
F9 F5 AD 01 42 A5 94 83 31 CF 3E 4A 3C 16 AC 8B E9

Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: AH_masked_hostname


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 4A EC CB A5 6C C9 B7 F8 F8 37 25 26 B6 9B 64 D1 13 A7 C6 1D


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 69 EB 7D 17 04 74 BC E1 78 EE DE 16 15 81 A7 5D EE A6 87 3D


Fingerprints :

SHA-256 Fingerprint: A6 C0 5B D1 5B 54 2B 3D 20 D3 3D 6D BD 76 77 01 4E 26 85 F1
86 3E BB 4F 42 3B 3D F4 38 88 92 70
SHA-1 Fingerprint: 50 1A 4A FE 10 69 2A 29 81 79 BC 65 5A 02 98 5A 42 42 27 BD
MD5 Fingerprint: DE 6E 2A 7B 6C 58 51 06 DA FD 34 40 3B 88 FF B3


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIDYTCCAkmgAwIBAgIIZvr2Mr2qatQwDQYJKoZIhvcNAQELBQAwOjEPMA0GA1UECgwGTWNBZmVlMQswCQYDVQQLDAJBSDEaMBgGA1UEAwwRQUhfQ0FfQUQtU0VSVkVSLTEwIBcNNzAwMTAxMDAwMDAwWhgPMjA1MzA4MDgwNTQ1MDdaMDgxDzANBgNVBAoMBk1jQWZlZTEMMAoGA1UECwwDZVBPMRcwFQYDVQQDDA5BSF9BRC1TRVJWRVItMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqdD+FclL8dGE21zGXPUEonUK+XhxNPBiL3ZWW7hmJt6EqjYj0lK43AMp+hoaXbEhc0YK7dFBB5KJ4iBlRag64Zl1P00/8SbjghXZ5V1Ap95ueIV4Un/32BlvO71UJaayLoW+1Smy+YOBT8YkO7EmHT8e9H/ovFmj6s2s7+zJHJlekZjMeOCbK0jdASy5WmoTuoJvBzUSU5ggYtvGf3hDxUKiVHxzPnOZu46DjVPWymHsH82X3G1mw++wcYvdncVjFeZFwEGfAa2Ibug2N4BCNWB7MG8cBgocpoRsa/AsexOMc9GeSW1A9UdcGhDzThEsJNWmRZqmps+TlCi6jQqxsCAwEAAaNrMGkwDAYDVR0TAQH/BAIwADAZBgNVHREEEjAQgg5BSF9BRC1TRVJWRVItMTAdBgNVHQ4EFgQUSuzLpWzJt/j4NyUmtptk0ROnxh0wHwYDVR0jBBgwFoAUaet9FwR0vOF47t4WFYGnXe6mhz0wDQYJKoZIhvcNAQELBQADggEBAGjWXy8OJkVxk9zeJwXlAHC2UiOqMtLrRzJOsR8bk+cab6tpeCZdIytUiuz3cnChocUfZw3fuHaUapkC8vii/ZbrqjHIaelxWaQ38XqAiwMWsd7LKqacgVgCCnjQyeocyfjfbdc4En4PU6Ilk/jszYwQJlsRa4yadSbo5SRBnalScBIBQQx1MKSEAIuJRgK0kaG6JI+1blmi21srxJbbNzVWk7+lsOHesPcTcYboxzpA9ZXuXmPXeqD0mADH/GrOwg8mQpvNbMJvjCCYQEpVawDZFSLQAAGSe2jeDPCn1Lf5s1AclsX0JhGQty40OdN++fWtAUKllIMxzz5KPBasi+k=
-----END CERTIFICATE-----

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/636/ldap

Subject Name:

Common Name: masked_hostname.gcc.EMSOCCS.gsdf.mods.go.jp

Issuer Name:

Domain Component: jp
Domain Component: go
Domain Component: mods
Domain Component: gsdf
Domain Component: EMSOCCS
Domain Component: gcc
Common Name: gcc-masked_hostname-CA

Serial Number: 6A 00 00 00 02 27 AE 1D 4E 4A 8B 9E 9F 00 00 00 00 00 02

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Jul 21 09:46:39 2023 GMT
Not Valid After: Jul 20 09:46:39 2024 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 AA 33 DA 60 BA 77 18 1E 24 B4 E2 80 AD 07 C5 D2 9C 45 6A
ED 2B 24 45 A9 B7 0C E6 DE 16 78 1F 86 6D 72 C7 1D 88 F4 08
BA 5D 6F 97 3C D8 8F 6C ED 89 5F 28 71 02 42 1A E8 75 DB 70
85 AD 6E 44 B1 A6 90 3F CB 21 51 92 C5 60 86 29 4B 9F 9B 98
AD 4B 20 26 82 50 CE 88 0B A3 EA FF E3 19 BD 06 7A EF 09 D5
AD FE 04 3D 58 19 E2 80 B2 8C 34 C7 21 E5 C1 05 E7 D1 DA 13
24 AA B2 9D D2 4F F2 54 F4 4D 14 29 CB 67 20 A9 59 30 5B FD
CA 60 91 9A C3 A1 72 B7 FE 44 D7 37 3D 53 E8 FD 4C F9 CE F6
1C FB 65 18 90 E7 C6 DB FF F9 DE CF AE D5 06 4F 78 32 3B 5B
E1 E9 3C B7 82 01 DD CA 79 04 81 89 5F 32 7C 58 CB 86 37 78
C4 5C 00 B1 81 13 AE EF D1 5E 1C 11 82 AB 7E EA E1 D8 1E 91
F8 9D 44 3E 85 4D E5 C9 32 6D BB 1E A6 ED 27 7F 6D EB 24 3C
60 7A 2D 48 20 6D 97 D8 16 60 DA 9B FA 18 C3 01 4D
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 74 E2 D4 03 9E 84 D9 42 4D 42 1A 7A 29 15 1F DB 84 4F D3
52 FC 9F A1 3D 42 F3 86 0B 7B C5 2E E8 02 C2 2D 65 EA E3 42
04 61 21 A4 6D 28 85 97 96 BE 22 FF 57 17 53 76 33 38 D2 69
F2 F6 FB 0B 8E BC 1F E8 21 15 13 52 43 87 17 2F 02 05 61 A7
5D D5 D0 08 FD EA 31 80 C2 A5 3F 92 AF 95 54 18 B0 87 40 47
01 C2 B3 CE 6B 05 3F 29 64 1D 9F AA 02 EC A1 B5 B0 6B 48 C8
88 B3 80 9A 9B 98 1D DB 6C E5 34 E3 AB 50 FE 42 DB AF 09 AF
45 76 90 44 0D C6 FB 47 1B 28 86 FD 5F 1A 76 02 4B FB 91 FF
24 4D 60 8B 0A 6D AC 55 9C 56 53 AD 98 2E F5 DE F9 3D FE AC
40 27 A5 60 AA 1F 38 D3 34 68 85 84 97 9D 9F 70 81 91 6A AD
25 18 03 94 58 8A 48 A8 D8 27 0F A7 7E 33 DE 4A 7A 7A B5 7D
7E B9 D7 45 96 DD 20 1E 61 55 3E E7 3E C8 54 AE 3B 42 29 19
58 F4 74 A8 22 F8 DD BD 88 1C 55 63 F1 35 3D ED B9

Extension: Certificate Template Name (1.3.6.1.4.1.311.20.2)
Critical: 0
Template: DomainController


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Client Authentication (1.3.6.1.5.5.7.3.2)
Purpose#2: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: S/MIME Capabilities (1.2.840.113549.1.9.15)
Critical: 0
Data: 30 69 30 0E 06 08 2A 86 48 86 F7 0D 03 02 02 02 00 80 30 0E
06 08 2A 86 48 86 F7 0D 03 04 02 02 00 80 30 0B 06 09 60 86
48 01 65 03 04 01 2A 30 0B 06 09 60 86 48 01 65 03 04 01 2D
30 0B 06 09 60 86 48 01 65 03 04 01 02 30 0B 06 09 60 86 48
01 65 03 04 01 05 30 07 06 05 2B 0E 03 02 07 30 0A 06 08 2A
86 48 86 F7 0D 03 07


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 76 41 49 2F B5 74 C7 29 EE 6F 66 88 88 79 0E E2 D9 FB 74 BC


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 1B 96 BD C5 B8 51 92 87 3C CA 52 95 A7 13 51 69 26 4C A5 BE


Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: ldap:///CN=gcc-masked_hostname-CA,CN=masked_hostname,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp?certificateRevocationList?base?objectClass=cRLDistributionPoint


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Certificate Authority Issuers
URI: ldap:///CN=gcc-masked_hostname-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp?cACertificate?base?objectClass=certificationAuthority


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
Other Name: 06 09 2B 06 01 04 01 82 37 19 01 A0 12 04 10 0B D0 52 13 5C
47 5E 4A 81 76 8B 9C 8C EB 8E 38
DNS: masked_hostname.gcc.EMSOCCS.gsdf.mods.go.jp


Fingerprints :

SHA-256 Fingerprint: 37 1B 49 32 BF 82 57 F4 33 FF DB BC C5 39 CD 03 70 CD 75 2B
CC EB F0 54 F5 0B 6C 10 F4 15 CB 5C
SHA-1 Fingerprint: FF 39 CB FB 24 45 70 73 CC 48 49 EA 0E 1A 31 21 F6 10 12 BB
MD5 Fingerprint: CF B5 BF E7 0E ED 3B 82 DF 4C 0E 53 45 6A FB 28


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIGqjCCBZKgAwIBAgITagAAAAInrh1OSouenwAAAAAAAjANBgkqhkiG9w0BAQsFADCBnzESMBAGCgmSJomT8ixkARkWAmpwMRIwEAYKCZImiZPyLGQBGRYCZ28xFDASBgoJkiaJk/IsZAEZFgRtb2RzMRQwEgYKCZImiZPyLGQBGRYEZ3NkZjEXMBUGCgmSJomT8ixkARkWB0VNU09DQ1MxEzARBgoJkiaJk/IsZAEZFgNnY2MxGzAZBgNVBAMTEmdjYy1BRC1TRVJWRVItMS1DQTAeFw0yMzA3MjEwOTQ2MzlaFw0yNDA3MjAwOTQ2MzlaMDIxMDAuBgNVBAMTJ0FELVNFUlZFUi0xLmdjYy5FTVNPQ0NTLmdzZGYubW9kcy5nby5qcDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKoz2mC6dxgeJLTigK0HxdKcRWrtKyRFqbcM5t4WeB+GbXLHHYj0CLpdb5c82I9s7YlfKHECQhroddtwha1uRLGmkD/LIVGSxWCGKUufm5itSyAmglDOiAuj6v/jGb0Geu8J1a3+BD1YGeKAsow0xyHlwQXn0doTJKqyndJP8lT0TRQpy2cgqVkwW/3KYJGaw6Fyt/5E1zc9U+j9TPnO9hz7ZRiQ58bb//nez67VBk94Mjtb4ek8t4IB3cp5BIGJXzJ8WMuGN3jEXACxgROu79FeHBGCq37q4dgekfidRD6FTeXJMm27HqbtJ39t6yQ8YHotSCBtl9gWYNqb+hjDAU0CAwEAAaOCA0kwggNFMC8GCSsGAQQBgjcUAgQiHiAARABvAG0AYQBpAG4AQwBvAG4AdAByAG8AbABsAGUAcjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDgYDVR0PAQH/BAQDAgWgMHgGCSqGSIb3DQEJDwRrMGkwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDALBglghkgBZQMEASowCwYJYIZIAWUDBAEtMAsGCWCGSAFlAwQBAjALBglghkgBZQMEAQUwBwYFKw4DAgcwCgYIKoZIhvcNAwcwHQYDVR0OBBYEFHZBSS+1dMcp7m9miIh5DuLZ+3S8MB8GA1UdIwQYMBaAFBuWvcW4UZKHPMpSlacTUWkmTKW+MIHwBgNVHR8EgegwgeUwgeKggd+ggdyGgdlsZGFwOi8vL0NOPWdjYy1BRC1TRVJWRVItMS1DQSxDTj1BRC1TRVJWRVItMSxDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1nY2MsREM9RU1TT0NDUyxEQz1nc2RmLERDPW1vZHMsREM9Z28sREM9anA/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MIHgBggrBgEFBQcBAQSB0zCB0DCBzQYIKwYBBQUHMAKGgcBsZGFwOi8vL0NOPWdjYy1BRC1TRVJWRVItMS1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1nY2MsREM9RU1TT0NDUyxEQz1nc2RmLERDPW1vZHMsREM9Z28sREM9anA/Y0FDZXJ0aWZpY2F0ZT9iYXNlP29iamVjdENsYXNzPWNlcnRpZmljYXRpb25BdXRob3JpdHkwUwYDVR0RBEwwSqAfBgkrBgEEAYI3GQGgEgQQC9BSE1xHXkqBdoucjOuOOIInQUQtU0VSVkVSLTEuZ2NjLkVNU09DQ1MuZ3NkZi5tb2RzLmdvLmpwMA0GCSqGSIb3DQEBCwUAA4IBAQB04tQDnoTZQk1CGnopFR/bhE/TUvyfoT1C84YLe8Uu6ALCLWXq40IEYSGkbSiFl5a+Iv9XF1N2MzjSafL2+wuOvB/oIRUTUkOHFy8CBWGnXdXQCP3qMYDCpT+Sr5VUGLCHQEcBwrPOawU/KWQdn6oC7KG1sGtIyIizgJqbmB3bbOU046tQ/kLbrwmvRXaQRA3G+0cbKIb9Xxp2Akv7kf8kTWCLCm2sVZxWU62YLvXe+T3+rEAnpWCqHzjTNGiFhJedn3CBkWqtJRgDlFiKSKjYJw+nfjPeSnp6tX1+uddFlt0gHmFVPuc+yFSuO0IpGVj0dKgi+N29iBxVY/E1Pe25
-----END CERTIFICATE-----

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/1433/mssql

Subject Name:

Common Name: SSL_Self_Signed_Fallback

Issuer Name:

Common Name: SSL_Self_Signed_Fallback

Serial Number: 5A 2E F5 B1 72 82 07 BB 42 60 31 9B C3 EF 7B 32

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Mar 22 06:25:16 2024 GMT
Not Valid After: Mar 22 06:25:16 2054 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 3072 bits
Public Key: 00 BE A2 5A 2D FD C7 3E 66 E3 DA 2A 8F 04 D5 95 D1 42 B1 45
C5 67 98 87 89 2B 8B 2E 55 30 C0 7B F9 51 BF 51 BD 1E 69 5B
DD 37 B0 A4 78 06 89 BF 4F 8E CB D4 E1 61 46 EB 0C F4 7F F8
84 CA 10 D7 4E 98 36 87 81 7F 37 E1 72 D0 89 8B 11 F2 E3 3C
2D 34 5D 4A FE 3B 13 0C C3 73 EA 73 AD 85 91 97 CA C5 BA B6
A6 E8 10 06 52 33 16 B7 A0 77 AB FE 54 EA 07 A1 B1 13 E6 63
01 7D 3F BD E4 AB 02 29 24 97 6F 63 E4 31 E3 A6 30 DF B1 E8
FC 90 10 8C 48 E5 92 7B 6B A3 F6 32 0E 97 31 DD 1F 3A EE BE
AC A3 AF 2A 02 86 40 88 FB 84 CD A3 87 9A CB 4F D0 04 32 D5
03 49 14 78 FB DE 67 3E 23 CF 28 E6 5A 96 DC F3 F6 36 DA 40
65 ED 2B 0D 13 45 0C A2 BD 2E 8E C9 1A 65 F0 5D D4 8B B9 5C
22 8B 6B 53 21 FD 49 6C 73 E7 24 A8 8E A1 EF CC 4A 56 A6 93
A3 FF 5B 68 F2 A4 4B B4 D8 92 57 14 84 FD E4 C7 41 E0 53 F1
3D 19 B0 97 E3 65 F3 E8 E8 C6 87 0F C0 F4 E0 2D F5 A9 BA 46
CF 1F 98 0C F6 01 C6 09 E5 25 51 39 D9 DE 36 DF C8 A7 A7 D1
38 8A BE 03 60 48 45 58 F8 B2 F8 0D 8A 50 37 5D 97 9B 3C B8
9F 85 DA 7D B6 69 FC 70 36 76 82 B7 CF F0 F4 96 07 19 62 E4
DD DD 7A C8 F5 20 A7 36 43 76 A3 65 EE D8 AD E5 9E 49 56 B2
95 D4 9F B5 70 C9 E9 37 CF F7 25 EF B0 E8 F7 F1 5C 19 24 AC
B5 0B 1E 59 ED
Exponent: 01 00 01

Signature Length: 384 bytes / 3072 bits
Signature: 00 2B 16 78 40 C5 9A 0C 7C 69 2A 49 B4 05 3B 1B C1 8B 57 B0
12 0E 24 01 A0 C5 C7 D4 E3 92 FB 88 77 74 33 EA 6C 5B CA C4
73 4A BB C9 CA 1B 2E 2D 58 EC F5 9E 37 29 75 50 ED 38 8F 13
14 DC ED 36 A8 08 2B 43 4E B5 B9 72 42 94 F7 9E 43 93 B2 95
F7 FB 98 AD 67 63 72 8D 39 08 BD 2F 96 95 B4 55 DB CB 4E 17
A7 40 F3 5E 33 2D 51 7F 36 74 56 36 D9 EF 41 71 59 3F 0E D8
1C 59 6B E8 1F 19 B0 2A 48 A9 5E 4B 2E B2 38 0E 38 D1 8A 8C
D3 76 6F 11 BE 29 4F 0D CA 4C 1D FD 2E BD 0B 73 28 25 5A 1F
11 1C 49 0C 0B 41 EC 98 39 40 72 EB C4 06 BA EE 6B 64 3D 70
F8 C5 FE 64 C1 7E B2 3B E8 43 88 D0 AE 33 FB 57 BE FD 17 A6
2D 90 D3 FA D3 54 53 9B F1 B7 D7 A7 FC B7 1C 37 5E C4 8A B6
5F E7 04 A7 91 54 F1 74 3E 2C 32 53 3E 91 17 B5 EB 31 F1 25
F4 43 7C ED C6 37 87 95 60 8E 80 A8 FA 2B 53 6C A9 71 02 F6
4E C5 9F AA 8D A9 20 F9 8B 39 AB 93 AD B7 21 B3 C5 E7 3A CD
FD 6F 48 E1 62 EA E5 88 B3 7D 94 49 A8 92 62 07 53 8A E8 AB
1E 4A AF B6 62 A3 82 E3 37 51 81 C3 12 B7 87 B4 18 04 60 35
21 E2 FD 8B 8C 36 0F 07 07 AF B0 B5 64 C4 4F 04 1A 74 D1 38
6E 83 7E DB BD C1 01 40 5A 6B 39 3C 93 AB E6 E3 E1 46 76 20
AA 77 56 C5 33 64 3B 98 43 92 AF 03 EA 87 79 6B BB 76 53 D7
47 8C B4 3C 19

Fingerprints :

SHA-256 Fingerprint: A6 FA 0C 2E 2E AB 56 4A E3 1A 37 B4 BC 0C 7C 20 A9 CB 39 97
B8 45 20 23 51 AA 25 69 A2 A4 24 ED
SHA-1 Fingerprint: B1 34 80 D7 6A 1F 65 FF 3F FA F1 A9 43 AF 6E 1A 18 97 8F C3
MD5 Fingerprint: 8D 61 FE 0A 9E 7F 59 08 E4 C3 37 51 29 75 56 3D


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIEADCCAmigAwIBAgIQWi71sXKCB7tCYDGbw+97MjANBgkqhkiG9w0BAQsFADA7MTkwNwYDVQQDHjAAUwBTAEwAXwBTAGUAbABmAF8AUwBpAGcAbgBlAGQAXwBGAGEAbABsAGIAYQBjAGswIBcNMjQwMzIyMDYyNTE2WhgPMjA1NDAzMjIwNjI1MTZaMDsxOTA3BgNVBAMeMABTAFMATABfAFMAZQBsAGYAXwBTAGkAZwBuAGUAZABfAEYAYQBsAGwAYgBhAGMAazCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAL6iWi39xz5m49oqjwTVldFCsUXFZ5iHiSuLLlUwwHv5Ub9RvR5pW903sKR4Bom/T47L1OFhRusM9H/4hMoQ106YNoeBfzfhctCJixHy4zwtNF1K/jsTDMNz6nOthZGXysW6tqboEAZSMxa3oHer/lTqB6GxE+ZjAX0/veSrAikkl29j5DHjpjDfsej8kBCMSOWSe2uj9jIOlzHdHzruvqyjryoChkCI+4TNo4eay0/QBDLVA0kUePveZz4jzyjmWpbc8/Y22kBl7SsNE0UMor0ujskaZfBd1Iu5XCKLa1Mh/Ulsc+ckqI6h78xKVqaTo/9baPKkS7TYklcUhP3kx0HgU/E9GbCX42Xz6OjGhw/A9OAt9am6Rs8fmAz2AcYJ5SVROdneNt/Ip6fROIq+A2BIRVj4svgNilA3XZebPLifhdp9tmn8cDZ2grfP8PSWBxli5N3desj1IKc2Q3ajZe7YreWeSVayldSftXDJ6TfP9yXvsOj38VwZJKy1Cx5Z7QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBgQArFnhAxZoMfGkqSbQFOxvBi1ewEg4kAaDFx9TjkvuId3Qz6mxbysRzSrvJyhsuLVjs9Z43KXVQ7TiPExTc7TaoCCtDTrW5ckKU955Dk7KV9/uYrWdjco05CL0vlpW0VdvLThenQPNeMy1RfzZ0VjbZ70FxWT8O2BxZa+gfGbAqSKleSy6yOA440YqM03ZvEb4pTw3KTB39Lr0LcyglWh8RHEkMC0HsmDlAcuvEBrrua2Q9cPjF/mTBfrI76EOI0K4z+1e+/RemLZDT+tNUU5vxt9en/LccN17EirZf5wSnkVTxdD4sMlM+kRe16zHxJfRDfO3GN4eVYI6AqPorU2ypcQL2TsWfqo2pIPmLOauTrbchs8XnOs39b0jhYurliLN9lEmokmIHU4roqx5Kr7Zio4LjN1GBwxK3h7QYBGA1IeL9i4w2DwcHr7C1ZMRPBBp00Thug37bvcEBQFprOTyTq+bj4UZ2IKp3VsUzZDuYQ5KvA+qHeWu7dlPXR4y0PBk=
-----END CERTIFICATE-----

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/3269/ldap

Subject Name:

Common Name: masked_hostname.gcc.EMSOCCS.gsdf.mods.go.jp

Issuer Name:

Domain Component: jp
Domain Component: go
Domain Component: mods
Domain Component: gsdf
Domain Component: EMSOCCS
Domain Component: gcc
Common Name: gcc-masked_hostname-CA

Serial Number: 6A 00 00 00 02 27 AE 1D 4E 4A 8B 9E 9F 00 00 00 00 00 02

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Jul 21 09:46:39 2023 GMT
Not Valid After: Jul 20 09:46:39 2024 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 AA 33 DA 60 BA 77 18 1E 24 B4 E2 80 AD 07 C5 D2 9C 45 6A
ED 2B 24 45 A9 B7 0C E6 DE 16 78 1F 86 6D 72 C7 1D 88 F4 08
BA 5D 6F 97 3C D8 8F 6C ED 89 5F 28 71 02 42 1A E8 75 DB 70
85 AD 6E 44 B1 A6 90 3F CB 21 51 92 C5 60 86 29 4B 9F 9B 98
AD 4B 20 26 82 50 CE 88 0B A3 EA FF E3 19 BD 06 7A EF 09 D5
AD FE 04 3D 58 19 E2 80 B2 8C 34 C7 21 E5 C1 05 E7 D1 DA 13
24 AA B2 9D D2 4F F2 54 F4 4D 14 29 CB 67 20 A9 59 30 5B FD
CA 60 91 9A C3 A1 72 B7 FE 44 D7 37 3D 53 E8 FD 4C F9 CE F6
1C FB 65 18 90 E7 C6 DB FF F9 DE CF AE D5 06 4F 78 32 3B 5B
E1 E9 3C B7 82 01 DD CA 79 04 81 89 5F 32 7C 58 CB 86 37 78
C4 5C 00 B1 81 13 AE EF D1 5E 1C 11 82 AB 7E EA E1 D8 1E 91
F8 9D 44 3E 85 4D E5 C9 32 6D BB 1E A6 ED 27 7F 6D EB 24 3C
60 7A 2D 48 20 6D 97 D8 16 60 DA 9B FA 18 C3 01 4D
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 74 E2 D4 03 9E 84 D9 42 4D 42 1A 7A 29 15 1F DB 84 4F D3
52 FC 9F A1 3D 42 F3 86 0B 7B C5 2E E8 02 C2 2D 65 EA E3 42
04 61 21 A4 6D 28 85 97 96 BE 22 FF 57 17 53 76 33 38 D2 69
F2 F6 FB 0B 8E BC 1F E8 21 15 13 52 43 87 17 2F 02 05 61 A7
5D D5 D0 08 FD EA 31 80 C2 A5 3F 92 AF 95 54 18 B0 87 40 47
01 C2 B3 CE 6B 05 3F 29 64 1D 9F AA 02 EC A1 B5 B0 6B 48 C8
88 B3 80 9A 9B 98 1D DB 6C E5 34 E3 AB 50 FE 42 DB AF 09 AF
45 76 90 44 0D C6 FB 47 1B 28 86 FD 5F 1A 76 02 4B FB 91 FF
24 4D 60 8B 0A 6D AC 55 9C 56 53 AD 98 2E F5 DE F9 3D FE AC
40 27 A5 60 AA 1F 38 D3 34 68 85 84 97 9D 9F 70 81 91 6A AD
25 18 03 94 58 8A 48 A8 D8 27 0F A7 7E 33 DE 4A 7A 7A B5 7D
7E B9 D7 45 96 DD 20 1E 61 55 3E E7 3E C8 54 AE 3B 42 29 19
58 F4 74 A8 22 F8 DD BD 88 1C 55 63 F1 35 3D ED B9

Extension: Certificate Template Name (1.3.6.1.4.1.311.20.2)
Critical: 0
Template: DomainController


Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Client Authentication (1.3.6.1.5.5.7.3.2)
Purpose#2: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: S/MIME Capabilities (1.2.840.113549.1.9.15)
Critical: 0
Data: 30 69 30 0E 06 08 2A 86 48 86 F7 0D 03 02 02 02 00 80 30 0E
06 08 2A 86 48 86 F7 0D 03 04 02 02 00 80 30 0B 06 09 60 86
48 01 65 03 04 01 2A 30 0B 06 09 60 86 48 01 65 03 04 01 2D
30 0B 06 09 60 86 48 01 65 03 04 01 02 30 0B 06 09 60 86 48
01 65 03 04 01 05 30 07 06 05 2B 0E 03 02 07 30 0A 06 08 2A
86 48 86 F7 0D 03 07


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 76 41 49 2F B5 74 C7 29 EE 6F 66 88 88 79 0E E2 D9 FB 74 BC


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 1B 96 BD C5 B8 51 92 87 3C CA 52 95 A7 13 51 69 26 4C A5 BE


Extension: CRL Distribution Points (2.5.29.31)
Critical: 0
URI: ldap:///CN=gcc-masked_hostname-CA,CN=masked_hostname,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp?certificateRevocationList?base?objectClass=cRLDistributionPoint


Extension: Authority Information Access (1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Certificate Authority Issuers
URI: ldap:///CN=gcc-masked_hostname-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp?cACertificate?base?objectClass=certificationAuthority


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
Other Name: 06 09 2B 06 01 04 01 82 37 19 01 A0 12 04 10 0B D0 52 13 5C
47 5E 4A 81 76 8B 9C 8C EB 8E 38
DNS: masked_hostname.gcc.EMSOCCS.gsdf.mods.go.jp


Fingerprints :

SHA-256 Fingerprint: 37 1B 49 32 BF 82 57 F4 33 FF DB BC C5 39 CD 03 70 CD 75 2B
CC EB F0 54 F5 0B 6C 10 F4 15 CB 5C
SHA-1 Fingerprint: FF 39 CB FB 24 45 70 73 CC 48 49 EA 0E 1A 31 21 F6 10 12 BB
MD5 Fingerprint: CF B5 BF E7 0E ED 3B 82 DF 4C 0E 53 45 6A FB 28


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIGqjCCBZKgAwIBAgITagAAAAInrh1OSouenwAAAAAAAjANBgkqhkiG9w0BAQsFADCBnzESMBAGCgmSJomT8ixkARkWAmpwMRIwEAYKCZImiZPyLGQBGRYCZ28xFDASBgoJkiaJk/IsZAEZFgRtb2RzMRQwEgYKCZImiZPyLGQBGRYEZ3NkZjEXMBUGCgmSJomT8ixkARkWB0VNU09DQ1MxEzARBgoJkiaJk/IsZAEZFgNnY2MxGzAZBgNVBAMTEmdjYy1BRC1TRVJWRVItMS1DQTAeFw0yMzA3MjEwOTQ2MzlaFw0yNDA3MjAwOTQ2MzlaMDIxMDAuBgNVBAMTJ0FELVNFUlZFUi0xLmdjYy5FTVNPQ0NTLmdzZGYubW9kcy5nby5qcDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKoz2mC6dxgeJLTigK0HxdKcRWrtKyRFqbcM5t4WeB+GbXLHHYj0CLpdb5c82I9s7YlfKHECQhroddtwha1uRLGmkD/LIVGSxWCGKUufm5itSyAmglDOiAuj6v/jGb0Geu8J1a3+BD1YGeKAsow0xyHlwQXn0doTJKqyndJP8lT0TRQpy2cgqVkwW/3KYJGaw6Fyt/5E1zc9U+j9TPnO9hz7ZRiQ58bb//nez67VBk94Mjtb4ek8t4IB3cp5BIGJXzJ8WMuGN3jEXACxgROu79FeHBGCq37q4dgekfidRD6FTeXJMm27HqbtJ39t6yQ8YHotSCBtl9gWYNqb+hjDAU0CAwEAAaOCA0kwggNFMC8GCSsGAQQBgjcUAgQiHiAARABvAG0AYQBpAG4AQwBvAG4AdAByAG8AbABsAGUAcjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDgYDVR0PAQH/BAQDAgWgMHgGCSqGSIb3DQEJDwRrMGkwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDALBglghkgBZQMEASowCwYJYIZIAWUDBAEtMAsGCWCGSAFlAwQBAjALBglghkgBZQMEAQUwBwYFKw4DAgcwCgYIKoZIhvcNAwcwHQYDVR0OBBYEFHZBSS+1dMcp7m9miIh5DuLZ+3S8MB8GA1UdIwQYMBaAFBuWvcW4UZKHPMpSlacTUWkmTKW+MIHwBgNVHR8EgegwgeUwgeKggd+ggdyGgdlsZGFwOi8vL0NOPWdjYy1BRC1TRVJWRVItMS1DQSxDTj1BRC1TRVJWRVItMSxDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1nY2MsREM9RU1TT0NDUyxEQz1nc2RmLERDPW1vZHMsREM9Z28sREM9anA/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MIHgBggrBgEFBQcBAQSB0zCB0DCBzQYIKwYBBQUHMAKGgcBsZGFwOi8vL0NOPWdjYy1BRC1TRVJWRVItMS1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1nY2MsREM9RU1TT0NDUyxEQz1nc2RmLERDPW1vZHMsREM9Z28sREM9anA/Y0FDZXJ0aWZpY2F0ZT9iYXNlP29iamVjdENsYXNzPWNlcnRpZmljYXRpb25BdXRob3JpdHkwUwYDVR0RBEwwSqAfBgkrBgEEAYI3GQGgEgQQC9BSE1xHXkqBdoucjOuOOIInQUQtU0VSVkVSLTEuZ2NjLkVNU09DQ1MuZ3NkZi5tb2RzLmdvLmpwMA0GCSqGSIb3DQEBCwUAA4IBAQB04tQDnoTZQk1CGnopFR/bhE/TUvyfoT1C84YLe8Uu6ALCLWXq40IEYSGkbSiFl5a+Iv9XF1N2MzjSafL2+wuOvB/oIRUTUkOHFy8CBWGnXdXQCP3qMYDCpT+Sr5VUGLCHQEcBwrPOawU/KWQdn6oC7KG1sGtIyIizgJqbmB3bbOU046tQ/kLbrwmvRXaQRA3G+0cbKIb9Xxp2Akv7kf8kTWCLCm2sVZxWU62YLvXe+T3+rEAnpWCqHzjTNGiFhJedn3CBkWqtJRgDlFiKSKjYJw+nfjPeSnp6tX1+uddFlt0gHmFVPuc+yFSuO0IpGVj0dKgi+N29iBxVY/E1Pe25
-----END CERTIFICATE-----

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/3389/msrdp

Subject Name:

Common Name: masked_hostname.gcc.EMSOCCS.gsdf.mods.go.jp

Issuer Name:

Common Name: masked_hostname.gcc.EMSOCCS.gsdf.mods.go.jp

Serial Number: 30 BC 9F BE 67 00 6A 92 40 3D 7F B7 6A 4A 41 D9

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Dec 16 08:25:55 2023 GMT
Not Valid After: Jun 16 08:25:55 2024 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 DB 3B 18 79 DB 32 D1 70 5D FF 59 9B DC 41 26 A5 BF 56 5E
2E C3 97 88 E4 28 54 5E 83 8E 8A 1E EF C0 C7 EC E9 A0 2A 0E
4A 33 4C 33 B0 E2 63 C7 4C D4 D9 37 E6 06 8C 09 B9 D2 D8 21
41 98 1C 29 AB CD 36 29 E9 99 C0 F0 96 5A CC 07 CF DA 45 8D
69 25 6A 51 FE 7C B4 A8 38 44 B7 58 19 C1 52 0D 9B 80 ED 0C
32 EA D2 18 6E 0C 09 E0 98 3E B4 59 FD 32 9F 05 38 29 39 C8
B1 E7 CC 63 6B 93 D5 52 33 FB F1 A4 54 DC 0B 21 55 57 90 72
DB 53 67 D9 19 62 FB 01 07 D3 7F 7B 93 F2 32 71 6E 26 DF D6
6B 35 01 4A 41 18 97 3E 68 C0 5C 3C 15 F1 90 61 AD 72 1F 58
45 2C F4 A7 AE B1 90 A1 28 11 CE D3 C2 86 C3 A3 10 80 A6 7A
D9 5A 4D 56 91 11 9A C9 B1 CF 5F 90 78 51 6D 29 C7 2B 45 67
FE 1A FC DC AF 37 56 97 F5 16 89 EA A9 CF FE 0E 0D 23 86 6D
A6 2D 13 FB 43 05 45 28 FD 1F 8B EB E0 26 1C A0 71
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 09 59 EB B1 08 A8 46 B9 0E A5 5A F5 A9 E8 29 1B 98 6A 01
65 21 E3 14 F4 C4 A0 4F 97 EB 8F D3 49 96 CF E7 80 95 1A 0C
D7 9A 55 7C 97 E0 3B E7 3A FB FA E1 C1 0E 18 E6 BC 19 EE 7A
29 BF B8 D7 15 29 53 06 1A 85 79 51 04 12 0A B1 98 30 02 D4
B3 A5 8D 4F 05 A3 0C 2C 09 49 FA FD 43 EB 9B DE F8 79 3C CD
92 A0 E0 26 97 97 F8 7F 30 45 EB B2 C3 64 50 15 70 A8 37 AF
E9 08 66 6E 8F 8E 0C 88 DA 41 9D C8 8C CB 4F C6 D6 27 17 A5
5F 17 F0 8B B4 50 36 68 CA 95 A6 A3 D4 81 29 13 38 B5 89 62
2A C9 B1 49 7C 40 8C 5C A5 46 C9 13 47 92 C3 EB BC BF DF FA
F2 2A 08 3A 6E 91 40 B1 54 E0 E8 82 9D F2 C6 E5 B4 9F 94 CE
75 D7 38 D8 1F 05 2C 88 14 4F 91 2C 4A 07 93 34 04 EF E9 72
2F 5E 85 9F CA 0C 23 AF 97 96 9A 6E A6 0B 4B D1 C2 4D 5E AD
22 9B 35 3A 6C 6F F9 44 EA 42 8F 58 39 9E AB B7 5A

Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment


Fingerprints :

SHA-256 Fingerprint: CD 6A 3B F0 6D C9 43 02 F2 71 89 A9 E0 B3 70 DE 32 B6 D6 E7
4A 63 12 5A 1A 7C 3E 5E 24 8C 63 83
SHA-1 Fingerprint: A4 0C 9E 63 64 AC 6F B2 91 64 FD CC 7A E9 15 3B F7 C6 64 5B
MD5 Fingerprint: 8D DA 05 9C 2F 07 FF 84 65 79 46 90 44 6F 64 76


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIDEjCCAfqgAwIBAgIQMLyfvmcAapJAPX+3akpB2TANBgkqhkiG9w0BAQsFADAyMTAwLgYDVQQDEydBRC1TRVJWRVItMS5nY2MuRU1TT0NDUy5nc2RmLm1vZHMuZ28uanAwHhcNMjMxMjE2MDgyNTU1WhcNMjQwNjE2MDgyNTU1WjAyMTAwLgYDVQQDEydBRC1TRVJWRVItMS5nY2MuRU1TT0NDUy5nc2RmLm1vZHMuZ28uanAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbOxh52zLRcF3/WZvcQSalv1ZeLsOXiOQoVF6Djooe78DH7OmgKg5KM0wzsOJjx0zU2TfmBowJudLYIUGYHCmrzTYp6ZnA8JZazAfP2kWNaSVqUf58tKg4RLdYGcFSDZuA7Qwy6tIYbgwJ4Jg+tFn9Mp8FOCk5yLHnzGNrk9VSM/vxpFTcCyFVV5By21Nn2Rli+wEH0397k/IycW4m39ZrNQFKQRiXPmjAXDwV8ZBhrXIfWEUs9KeusZChKBHO08KGw6MQgKZ62VpNVpERmsmxz1+QeFFtKccrRWf+GvzcrzdWl/UWieqpz/4ODSOGbaYtE/tDBUUo/R+L6+AmHKBxAgMBAAGjJDAiMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIEMDANBgkqhkiG9w0BAQsFAAOCAQEACVnrsQioRrkOpVr1qegpG5hqAWUh4xT0xKBPl+uP00mWz+eAlRoM15pVfJfgO+c6+/rhwQ4Y5rwZ7nopv7jXFSlTBhqFeVEEEgqxmDAC1LOljU8FowwsCUn6/UPrm974eTzNkqDgJpeX+H8wReuyw2RQFXCoN6/pCGZuj44MiNpBnciMy0/G1icXpV8X8Iu0UDZoypWmo9SBKRM4tYliKsmxSXxAjFylRskTR5LD67y/3/ryKgg6bpFAsVTg6IKd8sbltJ+UznXXONgfBSyIFE+RLEoHkzQE7+lyL16Fn8oMI6+XlppupgtL0cJNXq0imzU6bG/5ROpCj1g5nqu3Wg==
-----END CERTIFICATE-----

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/8443/www

Subject Name:

Organization: McAfee
Organization Unit: Orion
Common Name: masked_hostname

Issuer Name:

Organization: McAfee
Organization Unit: Orion
Common Name: Orion_CA_masked_hostname

Serial Number: 72 8B F7 16 5E 77 E5 50

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Jan 01 00:00:00 1970 GMT
Not Valid After: Aug 09 05:35:24 2053 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 F2 38 A1 02 58 75 0A 78 06 16 9E AF 3E 60 45 AE 2F D2 4B
CC 30 F2 53 38 AC 30 4A 3E DE 55 AB B8 19 DD 1C FA 47 4F 0E
19 AB 1B 2B 3B 99 6C 03 93 A9 04 30 03 01 86 7D E2 A6 A3 94
74 F5 A8 C0 B7 4E CD B8 06 F1 6B 7E D4 3D EF 6C 5F AE A8 53
4F BD 90 78 14 23 8A B8 F5 2B 7D 5E CA B6 05 31 4F 7C C6 AE
2D 88 14 B6 E4 51 2D FD 48 B4 A3 99 B6 E9 E5 D2 A5 2A 2D F8
7C 3D 20 93 A8 93 C3 D3 AE 1A AC A8 33 89 CC 82 77 F9 B4 F8
82 26 77 09 8A ED 30 71 FB 87 5D CA F9 1B 3F 04 47 54 16 36
BD BD 40 AA 9B D0 AB 5B A6 FD 7A B8 F2 68 64 D5 9F 5D E7 2E
F3 FD A0 5C 36 FE C7 AE A1 69 C2 8B 43 5D 8E AD 26 C1 AB D8
4B 3D 57 04 DD 77 AE F3 B4 18 4A 97 C7 F5 E3 F4 21 12 48 E2
BE 23 C9 D9 AA 04 02 29 D6 F5 2D 8A E9 B3 43 60 A5 2D 33 3C
40 8F 44 F1 FB C9 5C 59 2C 49 4D 42 EA 62 7C 0E 7F
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 3A 26 FC DA D0 05 EC 06 EE DC CF F5 B7 36 B7 C9 26 B1 E3
A1 3C 04 FA EB AD 3F C8 C6 A0 78 8B 00 C9 A0 E4 DE 74 9E 1A
EF 8D 46 A9 42 7E BC 58 A8 DF 4C 18 8D CA 4E 92 36 50 E1 54
F5 BB 60 79 E3 FB EC 21 72 98 91 40 DD 4B BB 13 B6 C0 DA 76
0D 2A B7 56 D0 6B CA C6 C2 71 E0 7C 49 46 8D EA 86 EC C0 01
15 6A 54 1E 88 41 93 2E CF 7F 1D 7E C1 2F 22 6B 16 51 74 AC
17 6C EE 47 57 05 40 18 44 54 44 0F A5 3B 16 BC 93 07 B3 0F
C0 BA AB C6 08 90 8C DB F4 56 BE 91 24 4C EE 2A DF F2 FB C9
84 00 AB 67 AB CD D7 DD 65 03 62 45 B1 9F CB E1 3E F4 6D 13
44 49 6B DB 12 ED F6 C3 3B B2 D9 CA DA BB A5 84 20 7D 57 86
77 D2 FD D1 E5 6A 48 10 00 EA 0A 6D B1 E6 94 6A FA A2 0D 1C
D9 88 6D 91 61 54 1F 01 DB A4 D3 50 E6 5D A7 43 EF E9 B8 6A
CC C5 60 4B CC E9 D4 9C D0 73 57 85 85 F2 51 49 48

Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: masked_hostname


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 17 98 9E 36 6C E7 53 37 B1 D2 57 58 70 7B 41 D2 23 45 57 F6


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 9A F4 54 4B 0F 24 73 F7 A7 85 F7 CB 81 4C 48 99 0D 2E 83 B5


Fingerprints :

SHA-256 Fingerprint: 4B 35 64 00 DD 1D C8 B0 81 1D C9 1C C0 0E C0 60 AA E7 95 DB
77 19 47 93 18 EF 77 B9 F7 7F 37 FF
SHA-1 Fingerprint: A9 62 25 29 36 86 DC 64 90 6D 89 B9 21 D7 39 9B C1 D8 37 8F
MD5 Fingerprint: DD FB 77 19 A3 41 5C 3C 44 95 14 2A C1 46 16 1B


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIDYzCCAkugAwIBAgIIcov3Fl535VAwDQYJKoZIhvcNAQELBQAwQDEPMA0GA1UECgwGTWNBZmVlMQ4wDAYDVQQLDAVPcmlvbjEdMBsGA1UEAwwUT3Jpb25fQ0FfQUQtU0VSVkVSLTEwIBcNNzAwMTAxMDAwMDAwWhgPMjA1MzA4MDkwNTM1MjRaMDcxDzANBgNVBAoMBk1jQWZlZTEOMAwGA1UECwwFT3Jpb24xFDASBgNVBAMMC0FELVNFUlZFUi0xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8jihAlh1CngGFp6vPmBFri/SS8ww8lM4rDBKPt5Vq7gZ3Rz6R08OGasbKzuZbAOTqQQwAwGGfeKmo5R09ajAt07NuAbxa37UPe9sX66oU0+9kHgUI4q49St9Xsq2BTFPfMauLYgUtuRRLf1ItKOZtunl0qUqLfh8PSCTqJPD064arKgzicyCd/m0+IImdwmK7TBx+4ddyvkbPwRHVBY2vb1AqpvQq1um/Xq48mhk1Z9d5y7z/aBcNv7HrqFpwotDXY6tJsGr2Es9VwTdd67ztBhKl8f14/QhEkjiviPJ2aoEAinW9S2K6bNDYKUtMzxAj0Tx+8lcWSxJTULqYnwOfwIDAQABo2gwZjAMBgNVHRMBAf8EAjAAMBYGA1UdEQQPMA2CC0FELVNFUlZFUi0xMB0GA1UdDgQWBBQXmJ42bOdTN7HSV1hwe0HSI0VX9jAfBgNVHSMEGDAWgBSa9FRLDyRz96eF98uBTEiZDS6DtTANBgkqhkiG9w0BAQsFAAOCAQEAOib82tAF7Abu3M/1tza3ySax46E8BPrrrT/IxqB4iwDJoOTedJ4a741GqUJ+vFio30wYjcpOkjZQ4VT1u2B54/vsIXKYkUDdS7sTtsDadg0qt1bQa8rGwnHgfElGjeqG7MABFWpUHohBky7Pfx1+wS8iaxZRdKwXbO5HVwVAGERURA+lOxa8kwezD8C6q8YIkIzb9Fa+kSRM7irf8vvJhACrZ6vN191lA2JFsZ/L4T70bRNESWvbEu32wzuy2crau6WEIH1XhnfS/dHlakgQAOoKbbHmlGr6og0c2YhtkWFUHwHbpNNQ5l2nQ+/puGrMxWBLzOnUnNBzV4WF8lFJSA==
-----END CERTIFICATE-----

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/8444/www

Subject Name:

Organization: McAfee
Organization Unit: Orion
Common Name: Orion_ClientAuth_masked_hostname

Issuer Name:

Organization: McAfee
Organization Unit: Orion
Common Name: Orion_CA_masked_hostname

Serial Number: 64 E9 F9 55 70 1B 80 4A

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Jan 01 00:00:00 1970 GMT
Not Valid After: Aug 08 05:35:25 2053 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 A4 32 74 48 09 97 77 54 8E 8F E8 AA 52 A5 9A FD 2E E6 A5
E2 A0 0B 07 CE ED 6F 4E 23 88 C4 61 43 5D 86 28 9C 86 35 C4
D9 B6 DC C6 9E 72 CF D7 E9 9D 63 32 08 18 83 DF 0E 7D 35 B4
66 DD 34 97 5D CE 4A 50 AE CF F3 01 85 CC E3 27 5A 0D 63 3B
0C AC 22 EF 78 38 A3 F9 CF 90 5E E5 FD B9 FA 9E 28 C7 29 16
97 85 5B 03 6A CA F2 25 27 10 3C 9B 64 B6 9E FC 49 CD C5 2D
62 45 76 B1 42 C0 52 15 65 12 38 7B BD 22 9D F5 2A 3D 84 8A
56 D6 AF 29 61 57 0E B6 09 B0 17 A5 83 09 C4 20 48 D5 73 54
6E 8B E5 51 AC 45 37 CE 47 D8 66 54 5F EC A1 C0 BA E1 27 BD
5C E3 F9 10 24 D5 15 D9 4B C4 EE 87 6B 14 C6 CB F0 0E 7B BE
4C C9 68 4F 8D 29 DF B6 E7 08 5D A3 23 FE 2E 6C A5 57 C1 67
F4 8A 14 E3 FB B0 A9 D0 CD EF 37 B3 F3 E4 04 19 EA BC 1B 34
8E C0 AF 35 F1 B7 0A 30 7D A3 E8 DA 90 CD 84 F7 EF
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 4E 35 DD 17 5E 5E 02 F1 92 DF 21 5B 39 1C 0F F8 EA 5A 66
2A 45 71 82 F9 F2 F2 59 87 43 2F B9 3E 03 00 C3 A8 69 EA 60
BF 36 D3 8A 6D AC 4E 08 8E 2C 7D F4 0B 85 07 E8 5F B9 2B 50
5B B5 F4 3A 96 A2 A0 53 CE AA 5B AF E9 E9 A8 87 26 BB D4 1E
BD 96 29 B1 36 C6 3E E2 A3 C3 3D B0 14 6D 84 49 CE 7C 31 CD
7E C1 5C 59 DC 5D C9 F6 4A 47 44 3C E7 DD C7 62 44 98 0C 0C
13 7A CD 75 FB A9 D8 AD 43 38 AE D3 2B 69 89 25 04 5F 6A 5E
4B 88 80 AD 63 39 34 47 DF 2A 63 87 62 F9 E4 7D 16 E8 6F 06
E8 BF 04 48 35 04 1D C2 7E C8 C2 C4 0B C2 9E F9 CF B4 94 5C
A0 D4 70 27 0E D5 AA 3E DB AC 1D 72 53 77 42 58 9D 11 64 CB
02 A0 85 FD 85 42 08 D4 D0 D8 FF 4E F4 15 2B ED 12 32 E5 C0
92 42 3C C4 68 63 84 6B 92 B7 12 94 F1 00 F0 FF EC 07 3A F0
2A 7B 57 5E 1F 5B 08 CE 8F DA 37 76 B3 3F 53 16 42

Extension: Basic Constraints (2.5.29.19)
Critical: 1


Extension: Subject Alternative Name (2.5.29.17)
Critical: 0
DNS: Orion_ClientAuth_masked_hostname


Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 49 26 37 D8 B1 5A 3D 52 E9 E1 D7 D7 36 05 8D 93 0C 77 B0 70


Extension: Authority Key Identifier (2.5.29.35)
Critical: 0
Key Identifier: 9A F4 54 4B 0F 24 73 F7 A7 85 F7 CB 81 4C 48 99 0D 2E 83 B5


Fingerprints :

SHA-256 Fingerprint: 35 E9 3B F5 CB D3 39 9F 45 7B 26 74 48 F5 AB 3E F9 90 0B 48
D7 06 47 79 13 9D AE 38 15 2A AD C6
SHA-1 Fingerprint: A9 FE 7A 5A EB 17 84 BD 32 49 3B 89 3C 4C DA CB 12 30 8E 52
MD5 Fingerprint: CD 67 0E 01 23 0C 52 41 78 0E 20 63 F9 29 DF 74


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIDhTCCAm2gAwIBAgIIZOn5VXAbgEowDQYJKoZIhvcNAQELBQAwQDEPMA0GA1UECgwGTWNBZmVlMQ4wDAYDVQQLDAVPcmlvbjEdMBsGA1UEAwwUT3Jpb25fQ0FfQUQtU0VSVkVSLTEwIBcNNzAwMTAxMDAwMDAwWhgPMjA1MzA4MDgwNTM1MjVaMEgxDzANBgNVBAoMBk1jQWZlZTEOMAwGA1UECwwFT3Jpb24xJTAjBgNVBAMMHE9yaW9uX0NsaWVudEF1dGhfQUQtU0VSVkVSLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkMnRICZd3VI6P6KpSpZr9Lual4qALB87tb04jiMRhQ12GKJyGNcTZttzGnnLP1+mdYzIIGIPfDn01tGbdNJddzkpQrs/zAYXM4ydaDWM7DKwi73g4o/nPkF7l/bn6nijHKRaXhVsDasryJScQPJtktp78Sc3FLWJFdrFCwFIVZRI4e70infUqPYSKVtavKWFXDrYJsBelgwnEIEjVc1Rui+VRrEU3zkfYZlRf7KHAuuEnvVzj+RAk1RXZS8Tuh2sUxsvwDnu+TMloT40p37bnCF2jI/4ubKVXwWf0ihTj+7Cp0M3vN7Pz5AQZ6rwbNI7ArzXxtwowfaPo2pDNhPfvAgMBAAGjeTB3MAwGA1UdEwEB/wQCMAAwJwYDVR0RBCAwHoIcT3Jpb25fQ2xpZW50QXV0aF9BRC1TRVJWRVItMTAdBgNVHQ4EFgQUSSY32LFaPVLp4dfXNgWNkwx3sHAwHwYDVR0jBBgwFoAUmvRUSw8kc/enhffLgUxImQ0ug7UwDQYJKoZIhvcNAQELBQADggEBAE413RdeXgLxkt8hWzkcD/jqWmYqRXGC+fLyWYdDL7k+AwDDqGnqYL8204ptrE4Ijix99AuFB+hfuStQW7X0OpaioFPOqluv6emohya71B69limxNsY+4qPDPbAUbYRJznwxzX7BXFncXcn2SkdEPOfdx2JEmAwME3rNdfup2K1DOK7TK2mJJQRfal5LiICtYzk0R98qY4di+eR9FuhvBui/BEg1BB3CfsjCxAvCnvnPtJRcoNRwJw7Vqj7brB1yU3dCWJ0RZMsCoIX9hUII1NDY/070FSvtEjLlwJJCPMRoY4RrkrcSlPEA8P/sBzrwKntXXh9bCM6P2jd2sz9TFkI=
-----END CERTIFICATE-----

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/10024

Subject Name:

Common Name: EVEMA_SERVER

Issuer Name:

Common Name: EVEMA_CA

Serial Number: 02

Version: 1

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Nov 27 13:22:02 2007 GMT
Not Valid After: Apr 14 13:22:02 2035 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 9C 95 97 22 AF 25 13 C1 71 33 0D EA A9 03 8E D0 0C 9F 6F
B6 E9 BF 61 A6 B5 7C 2A F8 2F 13 D7 41 F4 30 66 B6 C8 69 3D
60 76 7E 75 B5 3D A6 C7 51 D0 27 6B 43 C7 EB 53 C6 4C 38 E4
0F 84 74 37 6B 13 D5 7C 16 51 23 A9 06 8D D1 81 E1 3C 66 9D
5D AF 14 D2 F9 16 4D 9B 55 F7 C6 49 A2 CC 32 B6 5F 04 94 9B
8C 82 50 48 73 99 38 63 A8 38 89 5C 6D 2D 50 6A 2F A5 3B 1D
34 68 B5 00 F7 B6 B7 13 A1 9D CC BD 35 BB C1 FC 11 0D CA FE
DD E3 37 2E 8F 37 63 2A DE 2A 09 12 D8 96 A4 55 F3 C7 BA 09
47 F4 D2 84 C9 22 AD F9 EA FC 2A 59 9D 52 74 0D 6F 40 CD CF
23 68 11 35 0C 76 38 AB CF 89 CE BD C1 81 2D 87 FD 0F 2F 4D
F9 5B 86 C4 18 E2 A6 9F 45 86 E4 95 08 3C 70 C1 99 AE 26 13
E3 C5 56 3F 04 FC DF 75 A6 D7 28 5C CC 3B 4F 23 87 A6 EF 5D
51 7A 41 18 EC 3D 11 6E 93 39 D3 02 6B A5 71 48 C9
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 52 EA 67 EC 41 3C C7 16 D5 9B D1 CE 7C 29 35 1B BD DA B0
5D BE A1 B7 89 37 23 C0 39 F7 32 7A 9C C0 51 60 51 87 AB CA
D7 2D 49 89 DF B2 7D 06 8A A4 F3 6A 93 6D F0 D6 BF 0A FB 6C
0D AB 52 A5 1B 1A 33 1D 2F DB 42 46 D1 90 CC 9C F2 B5 7B E4
BA A4 B5 4F 04 21 DE FB EF 0A 9F E3 65 21 D8 49 37 72 4E 71
AF CC 69 61 F4 CC AD 5E 9A 2F 94 90 D1 31 8E CD 13 F6 F9 32
7A 77 89 F6 D3 B8 AB 1F 1A B9 77 B7 6D EA 62 AF 94 27 70 53
F6 C3 86 68 50 A7 87 65 A1 96 D4 C6 43 6B 82 67 D3 CD D8 6A
BD 7F 1D F1 5D DC 5C B8 61 50 0E 1C 1B A1 7A E6 FC 72 E3 F7
F2 8F EF 7C 32 48 E8 C6 B4 C4 19 DA 4E 35 BA 16 EC 37 82 81
5A D9 EB 6B 14 F7 17 C6 8C 49 D9 6C B7 1E E8 C3 6D 69 C8 6C
7C 8A 9A FA 2F C4 88 E4 8D FE EE 93 7D 36 29 25 94 59 37 51
8D A6 7D A9 14 C3 9B 67 98 CC 89 2D 71 70 53 0C D9

Fingerprints :

SHA-256 Fingerprint: 51 93 F7 92 4F 08 42 72 E7 FC 1A 85 33 04 18 95 CF 36 31 CE
0D 34 B4 B1 63 31 D9 25 A7 6F CA FC
SHA-1 Fingerprint: 38 4C 73 D1 55 46 55 D3 44 33 6D F6 43 9E 3A 5C AB 0A 2C DB
MD5 Fingerprint: 86 69 32 AB 23 41 B2 B8 F9 55 8B 55 78 41 D6 4F


PEM certificate :

-----BEGIN CERTIFICATE-----
MIICnjCCAYYCAQIwDQYJKoZIhvcNAQEFBQAwEzERMA8GA1UEAxQIRVZFTUFfQ0EwHhcNMDcxMTI3MTMyMjAyWhcNMzUwNDE0MTMyMjAyWjAXMRUwEwYDVQQDFAxFVkVNQV9TRVJWRVIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCclZciryUTwXEzDeqpA47QDJ9vtum/Yaa1fCr4LxPXQfQwZrbIaT1gdn51tT2mx1HQJ2tDx+tTxkw45A+EdDdrE9V8FlEjqQaN0YHhPGadXa8U0vkWTZtV98ZJoswytl8ElJuMglBIc5k4Y6g4iVxtLVBqL6U7HTRotQD3trcToZ3MvTW7wfwRDcr+3eM3Lo83YyreKgkS2JakVfPHuglH9NKEySKt+er8KlmdUnQNb0DNzyNoETUMdjirz4nOvcGBLYf9Dy9N+VuGxBjipp9FhuSVCDxwwZmuJhPjxVY/BPzfdabXKFzMO08jh6bvXVF6QRjsPRFukznTAmulcUjJAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAFLqZ+xBPMcW1ZvRznwpNRu92rBdvqG3iTcjwDn3MnqcwFFgUYerytctSYnfsn0GiqTzapNt8Na/CvtsDatSpRsaMx0v20JG0ZDMnPK1e+S6pLVPBCHe++8Kn+NlIdhJN3JOca/MaWH0zK1emi+UkNExjs0T9vkyeneJ9tO4qx8auXe3bepir5QncFP2w4ZoUKeHZaGW1MZDa4Jn083Yar1/HfFd3Fy4YVAOHBuheub8cuP38o/vfDJI6Ma0xBnaTjW6Fuw3goFa2etrFPcXxoxJ2Wy3HujDbWnIbHyKmvovxIjkjf7uk302KSWUWTdRjaZ9qRTDm2eYzIktcXBTDNk=
-----END CERTIFICATE-----

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/443


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/636/ldap


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/1433/mssql


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/3269/ldap


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/3389/msrdp


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/8443/www


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/8444/www


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/10024


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-CAMELLIA-CBC-128 0xC0, 0x76 ECDH RSA Camellia-CBC(128) SHA256
ECDHE-RSA-CAMELLIA-CBC-256 0xC0, 0x77 ECDH RSA Camellia-CBC(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AECDH-AES128-SHA 0xC0, 0x18 ECDH None AES-CBC(128) SHA1
AECDH-AES256-SHA 0xC0, 0x19 ECDH None AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
RSA-CAMELLIA128-SHA256 0x00, 0xBA RSA RSA Camellia-CBC(128) SHA256
RSA-CAMELLIA256-SHA256 0x00, 0xC0 RSA RSA Camellia-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/443


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/636/ldap


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256


SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1


SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/1433/mssql


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256


SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1


SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

Note that this service does not encrypt traffic by default but does
support upgrading to an encrypted connection using STARTTLS.

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/3269/ldap


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256


SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1


SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/3389/msrdp


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256


SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1


SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

Note that this service does not encrypt traffic by default but does
support upgrading to an encrypted connection using STARTTLS.

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/8443/www


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/8444/www


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/10024


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-CAMELLIA-CBC-128 0xC0, 0x76 ECDH RSA Camellia-CBC(128) SHA256
ECDHE-RSA-CAMELLIA-CBC-256 0xC0, 0x77 ECDH RSA Camellia-CBC(256) SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256) SHA256
RSA-AES-128-CCM-AEAD 0xC0, 0x9C RSA RSA AES-CCM(128) AEAD
RSA-AES-128-CCM8-AEAD 0xC0, 0xA0 RSA RSA AES-CCM8(128) AEAD
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES-256-CCM-AEAD 0xC0, 0x9D RSA RSA AES-CCM(256) AEAD
RSA-AES-256-CCM8-AEAD 0xC0, 0xA1 RSA RSA AES-CCM8(256) AEAD
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AECDH-AES128-SHA 0xC0, 0x18 ECDH None AES-CBC(128) SHA1
AECDH-AES256-SHA 0xC0, 0x19 ECDH None AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
RSA-CAMELLIA128-SHA256 0x00, 0xBA RSA RSA Camellia-CBC(128) SHA256
RSA-CAMELLIA256-SHA256 0x00, 0xC0 RSA RSA Camellia-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/443


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/636/ldap


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/1433/mssql


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/3269/ldap


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/3389/msrdp


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/8443/www


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/8444/www


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/10024


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-CAMELLIA-CBC-128 0xC0, 0x76 ECDH RSA Camellia-CBC(128) SHA256
ECDHE-RSA-CAMELLIA-CBC-256 0xC0, 0x77 ECDH RSA Camellia-CBC(256) SHA384
ECDHE-RSA-CHACHA20-POLY1305 0xCC, 0xA8 ECDH RSA ChaCha20-Poly1305(256) SHA256
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

94761 - SSL Root Certification Authority Certificate Information
-
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
See Also
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2016/11/14, Modified: 2018/11/15
Plugin Output

tcp/8443/www


The following root Certification Authority certificate was found :

|-Subject : O=McAfee/OU=Orion/CN=Orion_CA_masked_hostname
|-Issuer : O=McAfee/OU=Orion/CN=Orion_CA_masked_hostname
|-Valid From : Jan 01 00:00:00 1970 GMT
|-Valid To : Aug 09 05:35:24 2053 GMT
|-Signature Algorithm : SHA-256 With RSA Encryption

94761 - SSL Root Certification Authority Certificate Information
-
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
See Also
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2016/11/14, Modified: 2018/11/15
Plugin Output

tcp/8444/www


The following root Certification Authority certificate was found :

|-Subject : O=McAfee/OU=Orion/CN=Orion_CA_masked_hostname
|-Issuer : O=McAfee/OU=Orion/CN=Orion_CA_masked_hostname
|-Valid From : Jan 01 00:00:00 1970 GMT
|-Valid To : Aug 09 05:35:24 2053 GMT
|-Signature Algorithm : SHA-256 With RSA Encryption

35297 - SSL Service Requests Client Certificate
-
Synopsis
The remote service requests an SSL client certificate.
Description
The remote service encrypts communications using SSL/TLS, requests a client certificate, and may require a valid certificate in order to establish a connection to the underlying service.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/01/06, Modified: 2022/04/11
Plugin Output

tcp/636/ldap


A TLSv1/TLSv11/TLSv12 server is listening on this port that requests a client certificate.

35297 - SSL Service Requests Client Certificate
-
Synopsis
The remote service requests an SSL client certificate.
Description
The remote service encrypts communications using SSL/TLS, requests a client certificate, and may require a valid certificate in order to establish a connection to the underlying service.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/01/06, Modified: 2022/04/11
Plugin Output

tcp/3269/ldap


A TLSv1/TLSv11/TLSv12 server is listening on this port that requests a client certificate.

35297 - SSL Service Requests Client Certificate
-
Synopsis
The remote service requests an SSL client certificate.
Description
The remote service encrypts communications using SSL/TLS, requests a client certificate, and may require a valid certificate in order to establish a connection to the underlying service.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/01/06, Modified: 2022/04/11
Plugin Output

tcp/10024


A TLSv12 server is listening on this port that requests a client certificate.

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2024/02/12
Plugin Output

tcp/443

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256) SHA384
DHE-RSA-AES128-SHA256 0x00, 0x67 DH RSA AES-CBC(128) SHA256
DHE-RSA-AES256-SHA256 0x00, 0x6B DH RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2024/02/12
Plugin Output

tcp/636/ldap

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256) SHA384
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2024/02/12
Plugin Output

tcp/1433/mssql

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256) SHA384
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2024/02/12
Plugin Output

tcp/3269/ldap

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256) SHA384
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2024/02/12
Plugin Output

tcp/3389/msrdp

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DH RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DH RSA AES-GCM(256) SHA384
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2024/02/12
Plugin Output

tcp/8443/www

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2024/02/12
Plugin Output

tcp/8444/www

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2024/02/12
Plugin Output

tcp/10024

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-CAMELLIA-CBC-128 0xC0, 0x76 ECDH RSA Camellia-CBC(128) SHA256
ECDHE-RSA-CAMELLIA-CBC-256 0xC0, 0x77 ECDH RSA Camellia-CBC(256) SHA384
RSA-AES-128-CCM-AEAD 0xC0, 0x9C RSA RSA AES-CCM(128) AEAD
RSA-AES-128-CCM8-AEAD 0xC0, 0xA0 RSA RSA AES-CCM8(128) AEAD
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES-256-CCM-AEAD 0xC0, 0x9D RSA RSA AES-CCM(256) AEAD
RSA-AES-256-CCM8-AEAD 0xC0, 0xA1 RSA RSA AES-CCM8(256) AEAD
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AECDH-AES128-SHA 0xC0, 0x18 ECDH None AES-CBC(128) SHA1
AECDH-AES256-SHA 0xC0, 0x19 ECDH None AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
CAMELLIA128-SHA 0x00, 0x41 RSA RSA Camellia-CBC(128) SHA1
CAMELLIA256-SHA 0x00, 0x84 RSA RSA Camellia-CBC(256) SHA1
SEED-SHA 0x00, 0x96 RSA RSA SEED-CBC(128) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
RSA-CAMELLIA128-SHA256 0x00, 0xBA RSA RSA Camellia-CBC(128) SHA256
RSA-CAMELLIA256-SHA256 0x00, 0xC0 RSA RSA Camellia-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
91263 - SSL/TLS Service Requires Client Certificate
-
Synopsis
The remote service requires an SSL client certificate to establish an SSL/TLS connection.
Description
The remote service encrypts communications using SSL/TLS and requires a client certificate in order to establish an SSL/TLS connection.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/05/19, Modified: 2016/05/19
Plugin Output

tcp/10024


A TLSv12 server is listening on this port and requires client certificate verification.

160486 - Server Message Block (SMB) Protocol Version Detection
-
Synopsis
Verify the version of SMB on the remote host.
Description
The Server Message Block (SMB) Protocol provides shared access to files and printers across nodes on a network.
See Also
Solution
Disable SMB version 1 and block all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices.
Risk Factor
None
Plugin Information
Published: 2022/05/04, Modified: 2022/05/04
Plugin Output

tcp/445/cifs

- SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB2 : Key not found.
- SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB3 : Key not found.
- SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 : Key not found.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2024/03/26
Plugin Output

tcp/80/www

A web server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2024/03/26
Plugin Output

tcp/443

A TLSv1.2 server answered on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2024/03/26
Plugin Output

tcp/593/http-rpc-epmap

An http-rpc-epmap is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2024/03/26
Plugin Output

tcp/636/ldap

A TLSv1 server answered on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2024/03/26
Plugin Output

tcp/3269/ldap

A TLSv1 server answered on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2024/03/26
Plugin Output

tcp/5985/www

A web server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2024/03/26
Plugin Output

tcp/8443/www

A TLSv1.2 server answered on this port.

tcp/8443/www

A web server is running on this port through TLSv1.2.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2024/03/26
Plugin Output

tcp/8444/www

A TLSv1.2 server answered on this port.

tcp/8444/www

A web server is running on this port through TLSv1.2.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2024/03/26
Plugin Output

tcp/10024

A TLSv1.2 server answered on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2024/03/26
Plugin Output

tcp/43554

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2024/03/26
Plugin Output

tcp/47001/www

A web server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2024/03/26
Plugin Output

tcp/49671/ncacn_http

An ncacn_http server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2024/03/26
Plugin Output

tcp/49736

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

84821 - TLS ALPN Supported Protocol Enumeration
-
Synopsis
The remote host supports the TLS ALPN extension.
Description
The remote host supports the TLS ALPN extension. This plugin enumerates the protocols the extension supports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2015/07/17, Modified: 2023/11/16
Plugin Output

tcp/443


http/1.1

121010 - TLS Version 1.1 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1.
TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
References
XREF CWE:327
Plugin Information
Published: 2019/01/08, Modified: 2023/04/19
Plugin Output

tcp/636/ldap

TLSv1.1 is enabled and the server supports at least one cipher.

121010 - TLS Version 1.1 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1.
TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
References
XREF CWE:327
Plugin Information
Published: 2019/01/08, Modified: 2023/04/19
Plugin Output

tcp/1433/mssql

TLSv1.1 is enabled and the server supports at least one cipher.

121010 - TLS Version 1.1 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1.
TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
References
XREF CWE:327
Plugin Information
Published: 2019/01/08, Modified: 2023/04/19
Plugin Output

tcp/3269/ldap

TLSv1.1 is enabled and the server supports at least one cipher.

121010 - TLS Version 1.1 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1.
TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
References
XREF CWE:327
Plugin Information
Published: 2019/01/08, Modified: 2023/04/19
Plugin Output

tcp/3389/msrdp

TLSv1.1 is enabled and the server supports at least one cipher.

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/443

TLSv1.2 is enabled and the server supports at least one cipher.

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/636/ldap

TLSv1.2 is enabled and the server supports at least one cipher.

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/1433/mssql

TLSv1.2 is enabled and the server supports at least one cipher.

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/3269/ldap

TLSv1.2 is enabled and the server supports at least one cipher.

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/3389/msrdp

TLSv1.2 is enabled and the server supports at least one cipher.

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/8443/www

TLSv1.2 is enabled and the server supports at least one cipher.

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/8444/www

TLSv1.2 is enabled and the server supports at least one cipher.

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/10024

TLSv1.2 is enabled and the server supports at least one cipher.

110095 - Target Credential Issues by Authentication Protocol - No Issues Found
-
Synopsis
Nessus was able to log in to the remote host using the provided credentials. No issues were reported with access, privilege, or intermittent failure.
Description
Valid credentials were provided for an authentication protocol on the remote target and Nessus did not log any subsequent errors or failures for the authentication protocol.

When possible, Nessus tracks errors or failures related to otherwise valid credentials in order to highlight issues that may result in incomplete scan results or limited scan coverage. The types of issues that are tracked include errors that indicate that the account used for scanning did not have sufficient permissions for a particular check, intermittent protocol failures which are unexpected after the protocol has been negotiated successfully earlier in the scan, and intermittent authentication failures which are unexpected after a credential set has been accepted as valid earlier in the scan. This plugin reports when none of the above issues have been logged during the course of the scan for at least one authenticated protocol. See plugin output for details, including protocol, port, and account.

Please note the following :

- This plugin reports per protocol, so it is possible for issues to be encountered for one protocol and not another.
For example, authentication to the SSH service on the remote target may have consistently succeeded with no privilege errors encountered, while connections to the SMB service on the remote target may have failed intermittently.

- Resolving logged issues for all available authentication protocols may improve scan coverage, but the value of resolving each issue for a particular protocol may vary from target to target depending upon what data (if any) is gathered from the target via that protocol and what particular check failed. For example, consistently successful checks via SSH are more critical for Linux targets than for Windows targets, and likewise consistently successful checks via SMB are more critical for Windows targets than for Linux targets.
Solution
n/a
Risk Factor
None
References
XREF IAVB:0001-B-0520
Plugin Information
Published: 2018/05/24, Modified: 2024/03/25
Plugin Output

tcp/445/cifs


Nessus was able to log into the remote host with no privilege or access
problems via the following :

User: 'EMSOCCS1\Administrator'
Port: 445
Proto: SMB
Method: password
141118 - Target Credential Status by Authentication Protocol - Valid Credentials Provided
-
Synopsis
Valid credentials were provided for an available authentication protocol.
Description
Nessus was able to determine that valid credentials were provided for an authentication protocol available on the remote target because it was able to successfully authenticate directly to the remote target using that authentication protocol at least once. Authentication was successful because the authentication protocol service was available remotely, the service was able to be identified, the authentication protocol was able to be negotiated successfully, and a set of credentials provided in the scan policy for that authentication protocol was accepted by the remote service. See plugin output for details, including protocol, port, and account.

Please note the following :

- This plugin reports per protocol, so it is possible for valid credentials to be provided for one protocol and not another. For example, authentication may succeed via SSH but fail via SMB, while no credentials were provided for an available SNMP service.

- Providing valid credentials for all available authentication protocols may improve scan coverage, but the value of successful authentication for a given protocol may vary from target to target depending upon what data (if any) is gathered from the target via that protocol. For example, successful authentication via SSH is more valuable for Linux targets than for Windows targets, and likewise successful authentication via SMB is more valuable for Windows targets than for Linux targets.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2020/10/15, Modified: 2024/03/25
Plugin Output

tcp/445/cifs


Nessus was able to log in to the remote host via the following :

User: 'EMSOCCS1\Administrator'
Port: 445
Proto: SMB
Method: password

92433 - Terminal Services History
-
Synopsis
Nessus was able to gather terminal service connection information.
Description
Nessus was able to generate a report on terminal service connections on the target system.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output

tcp/0

Terminal Services Client
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator


Terminal Services Server
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes
- S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003_Classes


Extended Terminal Services report attached.

64814 - Terminal Services Use SSL/TLS
-
Synopsis
The remote Terminal Services use SSL/TLS.
Description
The remote Terminal Services is configured to use SSL/TLS.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/02/22, Modified: 2023/07/10
Plugin Output

tcp/3389/msrdp

Subject Name:

Common Name: masked_hostname.gcc.EMSOCCS.gsdf.mods.go.jp

Issuer Name:

Common Name: masked_hostname.gcc.EMSOCCS.gsdf.mods.go.jp

Serial Number: 30 BC 9F BE 67 00 6A 92 40 3D 7F B7 6A 4A 41 D9

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Dec 16 08:25:55 2023 GMT
Not Valid After: Jun 16 08:25:55 2024 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 DB 3B 18 79 DB 32 D1 70 5D FF 59 9B DC 41 26 A5 BF 56 5E
2E C3 97 88 E4 28 54 5E 83 8E 8A 1E EF C0 C7 EC E9 A0 2A 0E
4A 33 4C 33 B0 E2 63 C7 4C D4 D9 37 E6 06 8C 09 B9 D2 D8 21
41 98 1C 29 AB CD 36 29 E9 99 C0 F0 96 5A CC 07 CF DA 45 8D
69 25 6A 51 FE 7C B4 A8 38 44 B7 58 19 C1 52 0D 9B 80 ED 0C
32 EA D2 18 6E 0C 09 E0 98 3E B4 59 FD 32 9F 05 38 29 39 C8
B1 E7 CC 63 6B 93 D5 52 33 FB F1 A4 54 DC 0B 21 55 57 90 72
DB 53 67 D9 19 62 FB 01 07 D3 7F 7B 93 F2 32 71 6E 26 DF D6
6B 35 01 4A 41 18 97 3E 68 C0 5C 3C 15 F1 90 61 AD 72 1F 58
45 2C F4 A7 AE B1 90 A1 28 11 CE D3 C2 86 C3 A3 10 80 A6 7A
D9 5A 4D 56 91 11 9A C9 B1 CF 5F 90 78 51 6D 29 C7 2B 45 67
FE 1A FC DC AF 37 56 97 F5 16 89 EA A9 CF FE 0E 0D 23 86 6D
A6 2D 13 FB 43 05 45 28 FD 1F 8B EB E0 26 1C A0 71
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 09 59 EB B1 08 A8 46 B9 0E A5 5A F5 A9 E8 29 1B 98 6A 01
65 21 E3 14 F4 C4 A0 4F 97 EB 8F D3 49 96 CF E7 80 95 1A 0C
D7 9A 55 7C 97 E0 3B E7 3A FB FA E1 C1 0E 18 E6 BC 19 EE 7A
29 BF B8 D7 15 29 53 06 1A 85 79 51 04 12 0A B1 98 30 02 D4
B3 A5 8D 4F 05 A3 0C 2C 09 49 FA FD 43 EB 9B DE F8 79 3C CD
92 A0 E0 26 97 97 F8 7F 30 45 EB B2 C3 64 50 15 70 A8 37 AF
E9 08 66 6E 8F 8E 0C 88 DA 41 9D C8 8C CB 4F C6 D6 27 17 A5
5F 17 F0 8B B4 50 36 68 CA 95 A6 A3 D4 81 29 13 38 B5 89 62
2A C9 B1 49 7C 40 8C 5C A5 46 C9 13 47 92 C3 EB BC BF DF FA
F2 2A 08 3A 6E 91 40 B1 54 E0 E8 82 9D F2 C6 E5 B4 9F 94 CE
75 D7 38 D8 1F 05 2C 88 14 4F 91 2C 4A 07 93 34 04 EF E9 72
2F 5E 85 9F CA 0C 23 AF 97 96 9A 6E A6 0B 4B D1 C2 4D 5E AD
22 9B 35 3A 6C 6F F9 44 EA 42 8F 58 39 9E AB B7 5A

Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment

161691 - The Microsoft Windows Support Diagnostic Tool (MSDT) RCE Workaround Detection (CVE-2022-30190)
-
Synopsis
Checks for the HKEY_CLASSES_ROOT\ms-msdt registry key.
Description
The remote host has the HKEY_CLASSES_ROOT\ms-msdt registry key. This is a known exposure for CVE-2022-30190.

Note that Nessus has not tested for CVE-2022-30190. It is only checking if the registry key exists. The recommendation is to apply the latest patch.
See Also
Solution
Apply the latest Cumulative Update.
Risk Factor
None
Plugin Information
Published: 2022/05/31, Modified: 2022/07/28
Plugin Output

tcp/445/cifs

The HKEY_CLASSES_ROOT\ms-msdt registry key exists on the target. This may indicate that the target is vulnerable to CVE-2022-30190, if the vendor patch is not applied.

56468 - Time of Last System Startup
-
Synopsis
The system has been started.
Description
Using the supplied credentials, Nessus was able to determine when the host was last started.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/10/12, Modified: 2018/06/19
Plugin Output

tcp/0


20240322152415.190701+540

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/12/04
Plugin Output

udp/0

For your information, here is the traceroute from ipaddr4 to ipaddr :
ipaddr4
ipaddr

Hop Count: 1

66318 - Trellix ePolicy Orchestrator Application Server Detection
-
Synopsis
A web management interface for a security management application was detected on the remote host.
Description
ePolicy Orchestrator (ePO) Application Server, a web interface for ePO, was detected on the remote host.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0858
Plugin Information
Published: 2013/05/04, Modified: 2024/03/14
Plugin Output

tcp/8443/www


URL : https://ipaddr:8443/core/orionSplashScreen.do
Version : 5.10.0

92434 - User Download Folder Files
-
Synopsis
Nessus was able to enumerate downloaded files on the remote host.
Description
Nessus was able to generate a report of all files listed in the default user download folder.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/16
Plugin Output

tcp/0

C:\\Users\Administrator\Downloads\desktop.ini
C:\\Users\Administrator\Downloads\ePO_µήκό_μέόΘ.pdf
C:\\Users\Administrator\Downloads\Linux_rule (1).xml
C:\\Users\Administrator\Downloads\Linux_rule.xml
C:\\Users\Administrator\Downloads\TrellixSmartInstall.exe
C:\\Users\EVEMAuser\Downloads\desktop.ini
C:\\Users\Public\Downloads\desktop.ini
C:\\Users\testuser1\Downloads\desktop.ini

Download folder content report attached.
92431 - User Shell Folders Settings
-
Synopsis
Nessus was able to find the folder paths for user folders on the remote host.
Description
Nessus was able to gather a list of settings from the target system that store common user folder locations. A few of the more common locations are listed below :

- Administrative Tools
- AppData
- Cache
- CD Burning
- Cookies
- Desktop
- Favorites
- Fonts
- History
- Local AppData
- My Music
- My Pictures
- My Video
- NetHood
- Personal
- PrintHood
- Programs
- Recent
- SendTo
- Start Menu
- Startup
- Templates
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/16
Plugin Output

tcp/0

GCC.EMSOCCS.GSDF.MODS.GO.JP\Administrator
- {7d1d3a04-debb-4115-95cf-2f29da2920da} : C:\Users\Administrator\Searches
- {1b3ea5dc-b587-4786-b4ef-bd1dc332aeae} : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Libraries
- {374de290-123f-4565-9164-39c4925e467b} : C:\Users\Administrator\Downloads
- recent : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent
- my video : C:\Users\Administrator\Videos
- my music : C:\Users\Administrator\Music
- {56784854-c6cb-462b-8169-88e350acb882} : C:\Users\Administrator\Contacts
- {bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968} : C:\Users\Administrator\Links
- {a520a1a4-1780-4ff6-bd18-167343c5af16} : C:\Users\Administrator\AppData\LocalLow
- sendto : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo
- start menu : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu
- cookies : C:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCookies
- personal : C:\Users\Administrator\Documents
- administrative tools : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
- startup : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
- nethood : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts
- history : C:\Users\Administrator\AppData\Local\Microsoft\Windows\History
- {4c5c32ff-bb9d-43b0-b5b4-2d72e54eaaa4} : C:\Users\Administrator\Saved Games
- {00bcfc5a-ed94-4e48-96a1-3f6217f21990} : C:\Users\Administrator\AppData\Local\Microsoft\Windows\RoamingTiles
- !do not use this registry key : Use the SHGetFolderPath or SHGetKnownFolderPath function instead
- local appdata : C:\Users\Administrator\AppData\Local
- my pictures : C:\Users\Administrator\Pictures
- templates : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates
- printhood : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
- cache : C:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache
- desktop : C:\Users\Administrator\Desktop
- programs : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
- fonts : C:\Windows\Fonts
- cd burning : C:\Users\Administrator\AppData\Local\Microsoft\Windows\Burn\Burn
- favorites : C:\Users\Administrator\Favorites
- appdata : C:\Users\Administrator\AppData\Roaming
92435 - UserAssist Execution History
-
Synopsis
Nessus was able to enumerate program execution history on the remote host.
Description
Nessus was able to gather evidence from the UserAssist registry key that has a list of programs that have been executed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2019/11/12
Plugin Output

tcp/0

{6d809377-6af0-444b-8957-a3773f02200e}\microsoft sql server\160\setup bootstrap\sql2022\x64\scenarioengine.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\netplwiz.exe
ueme_ctlsession
microsoft.autogenerated.{9ad5a3a4-1821-c8f2-f6cd-500884b24b63}
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\snippingtool.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\trellix\trellix endpoint security.lnk
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{05dfc727-3d71-498b-bb85-513dd00a2989}\.cr\ssms-setup-enu.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\windowspowershell\v1.0\powershell_ise.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\rundll32.exe
microsoft.windows.sechealthui_cw5n1h2txyewy!sechealthui
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\remote desktop connection.lnk
c:\users\administrator\desktop\installnewscp.cmd
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\easeofaccessdialog.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\group policy management.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\services.lnk
microsoft.internetexplorer.default
c:\users\administrator\appdata\local\temp\2\open_hs.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\adam install.lnk
d:\sql2022-ssei-eval.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mmc.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{8890d29b-f955-4f67-95d9-98c4771ca642}\.cr\vc_redist.x64.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\accessories\internet explorer.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\compmgmt.msc
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\task scheduler.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\active directory domains and trusts.lnk
c:\users\administrator\desktop\ctct_work\windows20xx\windows20xx\win201x_shell\windows_check_main.bat
\\192.168.100.241\r1515\sakura\sakura.exe
microsoft.autogenerated.{65b2550f-8800-bee3-9597-14560458f050}
{d65231b0-b2f1-4857-a4ce-a8e7c6ea7d27}\cmd.exe
microsoft.autogenerated.{97880e4e-9653-3da7-99dc-d2454e1f6f2e}
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\certsrv.msc
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server tools 19\sql server management studio management studio 19.lnk
{6d809377-6af0-444b-8957-a3773f02200e}\dds\evema\server\maserver.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\adsiedit.lnk
c:\users\administrator\desktop\trellix\epo5100_servicepack1_4098_lr1\epomain.exe
c:\users\administrator\desktop\trellixsmartinstall.exe
microsoft.windows.administrativetools
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\system tools\task manager.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\paint.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\odbc data sources (64-bit).lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\security configuration management.lnk
f:\tmps\tmpsinit.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\shutdown.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\wbadmin.msc
c:\users\administrator\appdata\local\temp\webmerclient.exe
c:\users\administrator\desktop\mer.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\notepad.exe
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\internet explorer.lnk
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\snipping tool.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\systempropertiescomputername.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{5916cf9b-796f-457b-9484-f29131efdaec}\.cr\vc_redist.x64.exe
c:\users\administrator\desktop\trellix\epo5100_servicepack1_4098_lr1\setup.exe
{6d809377-6af0-444b-8957-a3773f02200e}\strings\strings64.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{2c81343f-fa0e-4376-bd6d-cd737ea29690}\.cr\python-3.11.4-amd64.exe
microsoft.windows.explorer
ueme_ctlcuacount:ctor
microsoft.windows.cortana_cw5n1h2txyewy!runtimebroker07f4358a809ac99a64a67c1
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\msiexec.exe
c:\tmp\trellix\epo5100_servicepack1_4098_lr1\setup.exe
d:\x64\landingpage.exe
{6d809377-6af0-444b-8957-a3773f02200e}\microsoft\azureattestservice\azureattestserviceinstaller.exe
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\file explorer.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\systempropertiesadvanced.exe
microsoft.autogenerated.{51c7adde-5601-5e65-e072-fd8558a034b3}
{6d809377-6af0-444b-8957-a3773f02200e}\windows photo viewer\imagingdevices.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\lbfoadmin.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\regedit.exe
microsoft.autogenerated.{d8702a88-1b06-781e-6205-9ab298688f46}
f:\open_hs.exe
d:\setup.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\active directory administrative center.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\slui.exe
microsoft.autogenerated.{41476d71-5e98-e51d-36fa-ac5fdd658ed8}
microsoft.windows.controlpanel
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\credentialuibroker.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\control panel.lnk
c:\users\administrator\appdata\local\temp\{e2c3579a-6b3b-40f6-88e8-be08e78c8d1a}\setlicense.exe
c:\users\administrator\appdata\local\temp\3\{e2c3579a-6b3b-40f6-88e8-be08e78c8d1a}\epoip\epip.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\wscript.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\unlodctr.exe
c:\users\administrator\pictures\winlock.bat
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\domain.msc
mcafee.endpointsecurity.alerttoasts
{6d809377-6af0-444b-8957-a3773f02200e}\sut\bin\sut.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\windowspowershell\v1.0\powershell.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\registry editor.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server management studio 19\common7\ide\ssms.exe
{6d809377-6af0-444b-8957-a3773f02200e}\microsoft sql server\160\setup bootstrap\sql2022\x64\landingpage.exe
{d65231b0-b2f1-4857-a4ce-a8e7c6ea7d27}\msdt.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\computer management.lnk
microsoft.windows.apprep.chxapp_cw5n1h2txyewy!app
microsoft.windows.windowsinstaller
c:\users\administrator\desktop\sql2022-ssei-eval.exe
c:\users\administrator\desktop\trell\mer.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\systempropertiesremote.exe
{6d809377-6af0-444b-8957-a3773f02200e}\microsoft sql server\160\dts\binn\dtswizard.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\administrative tools.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\wordpad.lnk
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\file explorer.lnk
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{6d9af7e2-98c2-4dec-9ddd-894e6727c316}\.cr\python-3.11.4-amd64.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\msinfo32.exe
f:\launcher.exe
d:\x64\scenarioengine.exe
c:\tmp\trellix\mer.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\command prompt.lnk
d:\evema\software\x64\server\maserver_x64_3.33.0.47573.exe
{6d809377-6af0-444b-8957-a3773f02200e}\microsoft sql server\160\setup bootstrap\sql2022\x64\setuparp.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{6ba124b4-0a72-4200-b777-40e53a77d43c}\.cr\python-3.11.4-amd64.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\odbcad32.exe
c:\tmp\trellix\epo5100_servicepack1_4098_lr1\epomain.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mspaint.exe
{6d809377-6af0-444b-8957-a3773f02200e}\windows nt\accessories\wordpad.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\adsiedit.msc
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\event viewer.lnk
c:\users\administrator\appdata\local\temp\{e2c3579a-6b3b-40f6-88e8-be08e78c8d1a}\epoip\epip.exe
microsoft.windows.remotedesktop
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\dssite.msc
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\speech\speechux\speechuxwiz.exe
c:\users\administrator\appdata\local\temp\f\tmdmon.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\changepk.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\active directory users and computers.lnk
microsoft.windows.cortana_cw5n1h2txyewy!cortanaui
c:\users\administrator\appdata\local\temp\open_hs.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\adam\adaminstall.exe
microsoft.windows.mediaplayer32
microsoft.autogenerated.{17057676-e6d9-9391-bec1-258039d37d32}
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\comexp.msc
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\taskhostw.exe
c:\users\administrator\evema\tools\maconfig.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\dns.lnk
microsoft.autogenerated.{df277dff-1dfc-44ef-ad22-220ad35575e1}
c:\users\administrator\downloads\trellixsmartinstall.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\server manager.lnk
c:\users\administrator\desktop\sakura\sakura.exe
microsoft.autogenerated.{bdc156e0-d483-afd6-52cf-2eae7d7b3336}
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\msconfig.exe
microsoft.windows.shell.rundialog
{6d809377-6af0-444b-8957-a3773f02200e}\smart storage administrator\ssa\bin\ssaclient.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\lodctr.exe
microsoft.windows.shellexperiencehost_cw5n1h2txyewy!app
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\snipping tool.lnk
{6d809377-6af0-444b-8957-a3773f02200e}\mcafee\agent\x86\updaterui.exe
windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\servermanager.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\cmd.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\wf.msc
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\wusa.exe
microsoft.autogenerated.{39f6c662-8714-8560-9e9b-bb0fdee24fbd}
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\active directory sites and services.lnk
c:\users\administrator\appdata\local\temp\2\tmps_bd05070831e0e0aecb51\workingimage\x64\scantool.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\phoneactivate.exe
c:\users\administrator\desktop\ssms-setup-enu.exe
c:\users\administrator\evema\passwdchgreq\mapwdnotifier_x64_3.33.0.47573.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\dsac.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\dsa.msc
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\openwith.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\services.msc
microsoft.autogenerated.{866e6d2b-1c11-b7b7-2ebb-50d2b949f0b4}
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\accessories\notepad.lnk
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\windows powershell\windows powershell.lnk
c:\users\administrator\appdata\local\temp\2\webmerclient.exe

Extended userassist report attached.

24269 - WMI Available
-
Synopsis
WMI queries can be made against the remote host.
Description
The supplied credentials can be used to make WMI (Windows Management Instrumentation) requests against the remote host over DCOM.

These requests can be used to gather information about the remote host, such as its current state, network interface configuration, etc.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/02/03, Modified: 2024/03/26
Plugin Output

tcp/445/cifs

The remote host returned the following caption from Win32_OperatingSystem:

Microsoft Windows Server 2019 Standard

52001 - WMI QuickFixEngineering (QFE) Enumeration
-
Synopsis
The remote Windows host has quick-fix engineering updates installed.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via WMI.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/02/16, Modified: 2024/03/26
Plugin Output

tcp/0


Here is a list of quick-fix engineering updates installed on the
remote system :

+ KB4515855
- Description : Update
- InstalledOn : 10/6/2019
- SystemName : masked_hostname
- Caption : http://support.microsoft.com/?kbid=4515855

+ KB4521862
- Description : Security Update
- InstalledOn : 10/6/2019
- SystemName : masked_hostname
- Caption : http://support.microsoft.com/?kbid=4521862

+ KB5005112
- Description : Security Update
- InstalledOn : 12/15/2023
- SystemName : masked_hostname
- InstalledBy : EMSOCCS1\Administrator
- Caption : https://support.microsoft.com/help/5005112

+ KB5005625
- Description : Update
- InstalledOn : 12/15/2023
- SystemName : masked_hostname
- InstalledBy : NT AUTHORITY\SYSTEM
- Caption : https://support.microsoft.com/help/5005625

+ KB5005701
- Description : Security Update
- InstalledOn : 12/15/2023
- SystemName : masked_hostname
- InstalledBy : EMSOCCS1\Administrator
44871 - WMI Windows Feature Enumeration
-
Synopsis
It is possible to enumerate Windows features using WMI.
Description
Nessus was able to enumerate the server features of the remote host by querying the 'Win32_ServerFeature' class of the '\Root\cimv2' WMI namespace for Windows Server versions or the 'Win32_OptionalFeature' class of the '\Root\cimv2' WMI namespace for Windows Desktop versions.

Note that Features can only be enumerated for Windows 7 and later for desktop versions.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0754
Plugin Information
Published: 2010/02/24, Modified: 2024/03/26
Plugin Output

tcp/0


Nessus enumerated the following Windows features :

- .жaßWµ0ü0Ó0¹0
- .NET Framework 4.7
- .NET Framework 4.7 Features
- <Š.f_j¢•
- <Š.f_j¢•¡{.tÄ0ü0ë0
- A

33139 - WS-Management Server Detection
-
Synopsis
The remote web server is used for remote management.
Description
The remote web server supports the Web Services for Management (WS-Management) specification, a general web services protocol based on SOAP for managing systems, applications, and other such entities.
See Also
Solution
Limit incoming traffic to this port if desired.
Risk Factor
None
Plugin Information
Published: 2008/06/11, Modified: 2021/05/19
Plugin Output

tcp/5985/www


Here is some information about the WS-Management Server :

Product Vendor : Microsoft Corporation
Product Version : OS: 0.0.0 SP: 0.0 Stack: 3.0

91815 - Web Application Sitemap
-
Synopsis
The remote web server hosts linkable content that can be crawled by Nessus.
Description
The remote web server contains linkable content that can be used to gather information about a target.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/06/24, Modified: 2016/06/24
Plugin Output

tcp/8443/www


The following sitemap was created from crawling linkable content on the target host :

- https://ipaddr:8443/
- https://ipaddr:8443/EPOCore/
- https://ipaddr:8443/EPOCore/block
- https://ipaddr:8443/EPOCore/body
- https://ipaddr:8443/EPOCore/display
- https://ipaddr:8443/EPOCore/images/favicon.ico
- https://ipaddr:8443/EPOCore/j_security_check
- https://ipaddr:8443/EPOCore/loginForm
- https://ipaddr:8443/console/
- https://ipaddr:8443/console/block
- https://ipaddr:8443/console/body
- https://ipaddr:8443/console/display
- https://ipaddr:8443/console/j_security_check
- https://ipaddr:8443/console/loginForm
- https://ipaddr:8443/core/
- https://ipaddr:8443/core/core.css
- https://ipaddr:8443/core/j_security_check
- https://ipaddr:8443/core/orionSplashScreen.do
- https://ipaddr:8443/core/tag/component/infobox/infobox.css
- https://ipaddr:8443/help/
- https://ipaddr:8443/help/block
- https://ipaddr:8443/help/body
- https://ipaddr:8443/help/display
- https://ipaddr:8443/help/j_security_check
- https://ipaddr:8443/help/loginForm
- https://ipaddr:8443/report/
- https://ipaddr:8443/report/block
- https://ipaddr:8443/report/body
- https://ipaddr:8443/report/display
- https://ipaddr:8443/report/j_security_check
- https://ipaddr:8443/report/loginForm

Attached is a copy of the sitemap file.

91815 - Web Application Sitemap
-
Synopsis
The remote web server hosts linkable content that can be crawled by Nessus.
Description
The remote web server contains linkable content that can be used to gather information about a target.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/06/24, Modified: 2016/06/24
Plugin Output

tcp/8444/www


The following sitemap was created from crawling linkable content on the target host :

- https://ipaddr:8444/
- https://ipaddr:8444/core/
- https://ipaddr:8444/core/core.css
- https://ipaddr:8444/core/tag/component/infobox/infobox.css

Attached is a copy of the sitemap file.

11032 - Web Server Directory Enumeration
-
Synopsis
It is possible to enumerate directories on the web server.
Description
This plugin attempts to determine the presence of various common directories on the remote web server. By sending a request for a directory, the web server response code indicates if it is a valid directory or not.
See Also
Solution
n/a
Risk Factor
None
References
XREF OWASP:OWASP-CM-006
Plugin Information
Published: 2002/06/26, Modified: 2021/08/17
Plugin Output

tcp/8443/www


The following directories were discovered:
/console, /core, /help, /report

While this is not, in and of itself, a bug, you should manually inspect
these directories to ensure that they are in compliance with company
security standards

11032 - Web Server Directory Enumeration
-
Synopsis
It is possible to enumerate directories on the web server.
Description
This plugin attempts to determine the presence of various common directories on the remote web server. By sending a request for a directory, the web server response code indicates if it is a valid directory or not.
See Also
Solution
n/a
Risk Factor
None
References
XREF OWASP:OWASP-CM-006
Plugin Information
Published: 2002/06/26, Modified: 2021/08/17
Plugin Output

tcp/8444/www


The following directories were discovered:
/console, /core, /help, /report

While this is not, in and of itself, a bug, you should manually inspect
these directories to ensure that they are in compliance with company
security standards

10662 - Web mirroring
-
Synopsis
Nessus can crawl the remote website.
Description
This plugin makes a mirror of the remote website(s) and extracts the list of CGIs that are used by the remote host.

It is suggested that you change the number of pages to mirror in the 'Options' section of the client.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/05/04, Modified: 2024/03/19
Plugin Output

tcp/8443/www


Webmirror performed 48 queries in 14s (3.0428 queries per second)

The following CGIs have been discovered :


+ CGI : /core/j_security_check
Methods : POST
Argument : j_password
Argument : j_username


+ CGI : /console/j_security_check
Methods : POST
Argument : j_password
Argument : j_username


+ CGI : /help/j_security_check
Methods : POST
Argument : j_password
Argument : j_username


+ CGI : /report/j_security_check
Methods : POST
Argument : j_password
Argument : j_username


+ CGI : /EPOCore/j_security_check
Methods : POST
Argument : j_password
Argument : j_username

162174 - Windows Always Installed Elevated Status
-
Synopsis
Windows AlwaysInstallElevated policy status was found on the remote Windows host
Description
Windows AlwaysInstallElevated policy status was found on the remote Windows host.
You can use the AlwaysInstallElevated policy to install a Windows Installer package with elevated (system) privileges This option is equivalent to granting full administrative rights, which can pose a massive security risk. Microsoft strongly discourages the use of this setting.
Solution
If enabled, disable AlwaysInstallElevated policy per your corporate security guidelines.
Risk Factor
None
Plugin Information
Published: 2022/06/14, Modified: 2022/06/14
Plugin Output

tcp/445/cifs

AlwaysInstallElevated policy is not enabled under HKEY_LOCAL_MACHINE.
AlwaysInstallElevated policy is not enabled under HKEY_USERS user:S-1-5-21-3388008032-3793481426-1508724218-500

48337 - Windows ComputerSystemProduct Enumeration (WMI)
-
Synopsis
It is possible to obtain product information from the remote host using WMI.
Description
By querying the WMI class 'Win32_ComputerSystemProduct', it is possible to extract product information about the computer system such as UUID, IdentifyingNumber, vendor, etc.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/08/16, Modified: 2024/03/26
Plugin Output

tcp/0


+ ³0ó0Ô0å0ü0¿0ü0

159817 - Windows Credential Guard Status
-
Synopsis
Retrieves the status of Windows Credential Guard.
Description
Retrieves the status of Windows Credential Guard.
Credential Guard prevents attacks such as such as Pass-the-Hash or Pass-The-Ticket by protecting NTLM password hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications as domain credentials.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2022/04/18, Modified: 2023/08/25
Plugin Output

tcp/445/cifs


Windows Credential Guard is not fully enabled.
The following registry keys have not been set :
- System\CurrentControlSet\Control\DeviceGuard\RequirePlatformSecurityFeatures : Key not found.
- System\CurrentControlSet\Control\LSA\LsaCfgFlags : Key not found.
- System\CurrentControlSet\Control\DeviceGuard\EnableVirtualizationBasedSecurity : Key not found.
58181 - Windows DNS Server Enumeration
-
Synopsis
Nessus enumerated the DNS servers being used by the remote Windows host.
Description
Nessus was able to enumerate the DNS servers configured on the remote Windows host by looking in the registry.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2012/03/01, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


Nessus enumerated DNS servers for the following interfaces :

Interface: {04668d3b-ea94-4e8e-a7b7-339d40a7fb7e}
Network Connection : Embedded FlexibleLOM 1 Port 2
NameServer: 127.0.0.1

Interface: {2326a8aa-8dc8-4aeb-b9c7-a9954d5ab849}
Network Connection : Embedded FlexibleLOM 1 Port 1
NameServer: 127.0.0.1

131023 - Windows Defender Installed
-
Synopsis
Windows Defender is installed on the remote Windows host.
Description
Windows Defender, an antivirus component of Microsoft Windows is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2019/11/15, Modified: 2024/03/26
Plugin Output

tcp/0


Path : C:\Program Files\Windows Defender\
Version : 4.18.1807.18075
Disabled : 1
Engine Version : 1.1.15100.1
Malware Signature Timestamp : Aug. 6, 2018 at 16:17:55 GMT
Malware Signature Version : 1.273.933.0
72482 - Windows Display Driver Enumeration
-
Synopsis
Nessus was able to enumerate one or more of the display drivers on the remote host.
Description
Nessus was able to enumerate one or more of the display drivers on the remote host via WMI.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0756
Plugin Information
Published: 2014/02/06, Modified: 2024/03/26
Plugin Output

tcp/0


Device Name : Matrox G200eh3 (HPE) WDDM 2.0
Driver File Version : 4.5.0.5
Driver Date : 05/26/2021
Video Processor : Matrox G200eH
171956 - Windows Enumerate Accounts
-
Synopsis
Enumerate Windows accounts.
Description
Enumerate Windows accounts.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/02/28, Modified: 2024/04/03
Plugin Output

tcp/0

Windows accounts enumerated. Results output to DB.
User data gathered in scan starting at : 2024/4/22 14:55 Tokyo Standard Time
92423 - Windows Explorer Recently Executed Programs
-
Synopsis
Nessus was able to enumerate recently executed programs on the remote host.
Description
Nessus was able to find evidence of program execution using Windows Explorer registry logs and settings.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2019/08/15
Plugin Output

tcp/0

OpenWith.exePO :i+00/C:\1/WPROGRA~1t/Ma:/W.EJxProgram Files@shell32.dll,-21781~1FOWindows Photo ViewerZ/Ma:FO.Windows Photo Viewer$
mmc.exePO :i+00/C:\T1rX%newscp>/XrX%.,Unewscp`1rX%MOD-SC~1HrX%rX%.mod-scripts
SnippingTool.exePO :i+00:.:,LB)A&&Wc%k%k
NOTEPAD.EXEDGYr?DUk0|tCFSF1:WSEVEMAtY^Hg3(gVAGk</Wl:WS.]\n7EVEMA@b1:W&SPASSWD~1J:WR:W&S./pPasswdChgReq
mspaint.exePO :i+00:.:$i0EAz&&Wc<<T1WQ231226>WIWR./231226
iexplore.exePO :i+00.:,LB)A
mstsc.exePO :i+00:.:,LB)A&&Wc~~
{B5E83989-4076-4ED0-A33E-9B8E9870B07F}PO :i+00/C:\J1aWqtmp8W.aWq.]F'tmpV1AXXTrellix@WqAXX.n>ITrellixb1AX\Y202401~2J>XSJAX\Y.r7-20240130_DAT
slui 4\1
C:\Windows\System32\drivers\etc\hosts\1
cmd\1
regedit\1
mstsc\1
sysdm.cpl\1
control\1
msc\1
gpedit.msc\1
diskmgmt.msc\1
dmilfkjghecba
Certlm.msc\1
lusrmgr.msc\1
C:\Windows\System32\drivers\etc\\1
mmc.exer
IEXPLORE.EXE@
regedit.exew\r
\n
mstsc.exe+3SM
SnippingTool.exe33
PickerHost.exeHN3
notepad.exe:4ABgb
OpenWith.exeT\
WebMERClient.exewaT
mspaint.exefNcn.
{B5E83989-4076-4ED0-A33E-9B8E9870B07F}6|3
X\r,!PCsg<
x@_dP/N

MRU programs details in attached report.
92418 - Windows Explorer Typed Paths
-
Synopsis
Nessus was able to enumerate the directory paths that users visited by typing the full directory path into Windows Explorer.
Description
Nessus was able to enumerate the directory paths that users visited by manually typing the full directory path into Windows Explorer. The generated folder list report contains folders local to the system, folders from past mounted network drives, and folders from mounted devices.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output

tcp/0

cmd
C:\newscp
C:\tmp\Trellix\client

\\ad-server-2\c$
\\db-server-1\c$
\\192.168.100.250
\\ipaddr52
\\192.168.100.241
C:\Program Files\DDS\EVEMA
C:\Users\Administrator
C:\Users\Administrator\EVEMA
C:\tmp\Trellix
C:\
\\192.168.100.241\r1515

\\192.168.100.241\r1515\Trellix_-\20240206_SERVER_\masked_hostname

Extended explorer typed paths report attached.

159929 - Windows LSA Protection Status
-
Synopsis
Windows LSA Protection is disabled on the remote Windows host.
Description
The LSA Protection validates users for local and remote sign-ins and enforces local security policies to prevent reading memory and code injection by non-protected processes. This provides added security for the credentials that the LSA stores and manages. This protects against Pass-the-Hash or Mimikatz-style attacks.
Solution
Enable LSA Protection per your corporate security guidelines.
Risk Factor
None
Plugin Information
Published: 2022/04/20, Modified: 2022/05/25
Plugin Output

tcp/445/cifs


LSA Protection Key \SYSTEM\CurrentControlSet\Control\Lsa\RunAsPPL not found.

148541 - Windows Language Settings Detection
-
Synopsis
This plugin enumerates language files on a windows host.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates language IDs listed on the host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2021/04/14, Modified: 2022/02/01
Plugin Output

tcp/0

Default Install Language Code: 1041

Default Active Language Code: 1041

Other common microsoft Language packs may be scanned as well.

10150 - Windows NetBIOS / SMB Remote Host Information Disclosure
-
Synopsis
It was possible to obtain the network name of the remote host.
Description
The remote host is listening on UDP port 137 or TCP port 445, and replies to NetBIOS nbtscan or SMB requests.

Note that this plugin gathers information to be used in other plugins, but does not itself generate a report.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/10/12, Modified: 2021/02/10
Plugin Output

udp/137/netbios-ns

The following 5 NetBIOS names have been gathered :

masked_hostname = Computer name
EMSOCCS1 = Workgroup / Domain name
EMSOCCS1 = Domain Controllers
masked_hostname = File Server Service
EMSOCCS1 = Domain Master Browser

The remote host has the following MAC address on its adapter :

d4:f5:ef:9f:f6:38

155963 - Windows Printer Driver Enumeration
-
Synopsis
Nessus was able to enumerate one or more of the printer drivers on the remote host.
Description
Nessus was able to enumerate one or more of the printer drivers on the remote host via WMI.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2021/12/09, Modified: 2024/03/26
Plugin Output

tcp/445/cifs


--- Microsoft XPS Document Writer v4 ---

Path : C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_2097e02ea77b432e\Amd64\mxdwdrv.dll
Version : 10.0.17763.1
Supported Platform : Windows x64

--- Microsoft Software Printer Driver ---

Path : C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_2097e02ea77b432e\Amd64\mxdwdrv.dll
Version : 10.0.17763.1192
Supported Platform : Windows x64

--- Microsoft enhanced Point and Print compatibility driver ---

Nessus detected 2 installs of Microsoft enhanced Point and Print compatibility driver:

Path : C:\Windows\system32\spool\DRIVERS\x64\3\mxdwdrv.dll
Version : 10.0.17763.2028
Supported Platform : Windows x64

Path : C:\Windows\system32\spool\DRIVERS\W32X86\3\mxdwdrv.dll
Version : 10.0.17763.2028
Supported Platform : Windows NT x86

--- Microsoft Print To PDF ---

Path : C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_2097e02ea77b432e\Amd64\mxdwdrv.dll
Version : 10.0.17763.1
Supported Platform : Windows x64

--- Microsoft Shared Fax Driver ---

Path : C:\Windows\system32\spool\DRIVERS\x64\3\FXSDRV.DLL
Version : 10.0.17763.1971
Supported Platform : Windows x64

--- Remote Desktop Easy Print ---

Path : C:\Windows\system32\spool\DRIVERS\x64\3\mxdwdrv.dll
Version : 10.0.17763.973
Supported Platform : Windows x64
63620 - Windows Product Key Retrieval
-
Synopsis
This plugin retrieves the Windows Product key of the remote Windows host.
Description
Using the supplied credentials, Nessus was able to obtain the retrieve the Windows host's partial product key'.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/01/18, Modified: 2013/01/18
Plugin Output

tcp/445/cifs


Product key : XXXXX-XXXXX-XXXXX-XXXXX-R63D4

Note that all but the final portion of the key has been obfuscated.
160576 - Windows Services Registry ACL
-
Synopsis
Checks Windows Registry for Service ACLs
Description
Checks Windows Registry for Service ACLs.
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2022/05/05, Modified: 2024/01/15
Plugin Output

tcp/445/cifs

report output too big - ending list here

85736 - Windows Store Application Enumeration
-
Synopsis
It is possible to obtain the list of applications installed from the Windows Store.
Description
This plugin connects to the remote Windows host with the supplied credentials and uses WMI and Powershell to enumerate applications installed on the host from the Windows Store.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2015/09/02, Modified: 2024/03/26
Plugin Output

tcp/445/cifs


-1527c705-839a-4832-9118-54d4Bd6a0c89
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-c5e2524a-ea46-4f67-841f-6a9465d9d515
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-E2A4F912-2574-4A75-9BB0-0D023378592B
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-InputApp
Version : 1000.17763.1.0
InstallLocation : C:\Windows\SystemApps\InputApp_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.AAD.BrokerPlugin
Version : 1000.17763.1.0
InstallLocation : C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.AccountsControl
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.AsyncTextService
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Microsoft.AsyncTextService_8wekyb3d8bbwe
Architecture : Neutral
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.BioEnrollment
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.CredDialogHost
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\microsoft.creddialoghost_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.ECApp
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe
Architecture : Neutral
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.LockApp
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Win32WebViewHost
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.Apprep.ChxApp
Version : 1000.17763.1.0
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.CapturePicker
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.CloudExperienceHost
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.Cortana
Version : 1.11.6.17763
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.NarratorQuickStart
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe
Architecture : Neutral
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.OOBENetworkCaptivePortal
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.OOBENetworkConnectionFlow
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.PeopleExperienceHost
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.PinningConfirmationDialog
Version : 1000.17763.1.0
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.SecHealthUI
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.ShellExperienceHost
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.XGpuEjectDialog
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Windows.CBSPreview
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Windows.CBSPreview_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-windows.immersivecontrolpanel
Version : 10.0.2.1000
InstallLocation : C:\Windows\ImmersiveControlPanel
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Windows.PrintDialog
Version : 6.2.1.0
InstallLocation : C:\Windows\PrintDialog
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

92438 - WordPad History
-
Synopsis
Nessus was able to gather WordPad opened file history on the remote host.
Description
Nessus was able to generate a report of files opened in WordPad on the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output

tcp/0

C:\Users\Administrator\Desktop\¨ÓÇó¹\-š¶Áº.rtf
C:\Users\Administrator\Desktop\ô°¯é¤¢óÈ¿¹¯.rtf
C:\Users\Administrator\Desktop\McAfeeAgentá5Õ¡¤ëhÑñü¸’¤ó¹Èüë.rtf
C:\tmp\Trellix\20240130_DAT\2024013_DATô°.docx
C:\Users\Administrator\Desktop\Trellix(SQL SERVER 餻ó¹­üe›_20231017.rtf
C:\Users\Administrator\Desktop\¢óÁ¦¤ë¹½ÕȤó¹ÈüëK._20230912.rtf
C:\tmp\Trellix\20240130_DAT\20240130_DATô°.docx
C:\Users\Administrator\Desktop\°WDêÃÁ Æ­¹È É­åáóÈ.rtf
\\192.168.100.241\r1515\Trellix_¿û-\20240208_Linux(ëüë\.\20240209.rtf

WordPad report attached.
Compliance 'FAILED'
Compliance 'SKIPPED'
Compliance 'PASSED'
Compliance 'INFO', 'WARNING', 'ERROR'
Remediations
Suggested Remediations
Taking the following actions across 1 hosts would resolve 9% of the vulnerabilities on the network.
Action to take Vulns Hosts
Security Updates for Microsoft SQL Server OLE DB Driver (April 2024): Microsoft has released security updates for the Microsoft SQL OLE DB Driver. 41 1
Security Updates for Microsoft .NET Framework (April 2024): Microsoft has released security updates for Microsoft .NET Framework. 39 1
Install KB5036896 32 1
Security Updates for Microsoft SQL Server ODBC Driver (April 2024): Microsoft has released security updates for the Microsoft SQL Driver. 29 1
Curl Use-After-Free < 7.87 (CVE-2022-43552): Upgrade Curl to version 7.87.0 or later 1 1
Microsoft Azure Data Studio < 1.48.0 Elevation of Privilege Vulnerability (CVE-2024-26203): Upgrade to Microsoft Azure Data Studio version 1.48.0 or later. 0 1
© 2024 Tenable™, Inc. All rights reserved.