"Credentialed scans on Windows systems often fail due to blocked ports, misconfigured firewalls or limited account privileges. When this happens, Nessus may be unable to perform the necessary authenticated checks through SMB or WMI, resulting in incomplete scan results. The following walkthrough outlines the key steps and observations made while resolving such issues during a real-world scan exercise."
"In this scenario, a preliminary port scan was conducted. However, the commonly used management ports (135 and 445) did not appear in the results. This indicated that the host was reachable but not allowing inbound connections on these ports. The issue was traced to the host's firewall which was filtering or blocking access to the required SMB and RPC services."
"Once the inbound rules are configured on the host firewall, subsequent port scans indicate that ports 139 and 445 are now open. This confirms that the firewall is allowing SMB traffic, enabling the Nessus scanner to establish the necessary communication channels with the Windows host for credentialed checks. This is verified through the initial SYN Scan by the Nessus scan where it shows the all open ports with details."
Blocked ports, misconfigured firewalls, and limited account privileges can prevent Nessus from performing authenticated SMB or WMI checks, producing incomplete scan results. Verify network connectivity and reachability between the Nessus scanner and the Windows host before credentialed scans. Conduct a preliminary port scan to confirm management ports (135, 139, 445) accessibility. If ports are closed or filtered on the host, adjust inbound firewall rules to permit SMB and RPC traffic. Validate open ports with another scan or SYN scan. If ports remain filtered despite host changes, whitelist the scanner IP range at the network firewall or disable IPS/IDS rules that block scanner traffic.
Read at Medium
Unable to calculate read time
Collection
[
|
...
]