Nessus Report

Report generated by Nessus™

Windows - Vulnerabilities by host, detailed findings with suggested remediations

Mon, 11 Dec 2017 12:43:22 Eastern Standard Time

TABLE OF CONTENTS
Vulnerabilities by Host
192.168.1.39
0
0
9
3
45
Critical
High
Medium
Low
Info
Scan Information
Start time: Mon Dec 11 10:56:02 2017
End time: Mon Dec 11 10:59:10 2017
Host Information
IP: 192.168.1.39
MAC Address: 00:15:5d:0f:c6:49
OS: Linux Kernel 2.6 on CentOS Linux release 6
Vulnerabilities

10114 - ICMP Timestamp Request Remote Date Disclosure
Synopsis
It is possible to determine the exact time set on the remote host.
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authentication protocols.

Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, but usually within 1000 seconds of the actual system time.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
References
CVE CVE-1999-0524
XREF CWE:200
XREF OSVDB:94
Plugin Information:
Published: 1999/08/01, Modified: 2012/06/18
Plugin Output

icmp/0

The remote clock is synchronized with the local clock.

11936 - OS Identification
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2003/12/09, Modified: 2017/08/29
Plugin Output

tcp/0


Remote operating system : Linux Kernel 2.6 on CentOS Linux release 6
Confidence level : 95
Method : HTTP


The remote host is running Linux Kernel 2.6 on CentOS Linux release 6
18261 - Apache Banner Linux Distribution Disclosure
Synopsis
The name of the Linux distribution running on the remote host was found in the banner of the web server.
Description
Nessus was able to extract the banner of the Apache web server and determine which Linux distribution the remote host is running.
Solution
If you do not wish to display this information, edit 'httpd.conf' and set the directive 'ServerTokens Prod' and restart Apache.
n/a
Risk Factor
None
Plugin Information:
Published: 2005/05/15, Modified: 2017/03/13
Plugin Output

tcp/0


The Linux distribution detected was :
- CentOS 6
19506 - Nessus Scan Information
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- Whether credentialed or third-party patch management checks are possible.
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2005/08/26, Modified: 2017/10/26
Plugin Output

tcp/0

Information about this scan :

Nessus version : 7.0.0
Plugin feed version : 201712110615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 192.168.1.108
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 30
Max checks : 4
Recv timeout : 5
Backports : Detected
Allow post-scan editing: Yes
Scan Start Date : 2017/12/11 10:56 Eastern Standard Time
Scan duration : 185 sec
25220 - TCP/IP Timestamps Supported
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/05/16, Modified: 2011/03/20
Plugin Output

tcp/0

35716 - Ethernet Card Manufacturer Detection
Synopsis
The manufacturer can be identified from the Ethernet OUI.
Description
Each ethernet MAC address starts with a 24-bit Organizationally Unique Identifier (OUI). These OUIs are registered by IEEE.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2009/02/19, Modified: 2017/11/17
Plugin Output

tcp/0


The following card manufacturers were identified :

00:15:5d:0f:c6:49 : Microsoft Corporation
45590 - Common Platform Enumeration (CPE)
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.

Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2010/04/21, Modified: 2017/06/06
Plugin Output

tcp/0


The remote operating system matched the following CPE :

cpe:/o:centos:centos:6 -> CentOS-6

Following application CPE's matched on the remote system :

cpe:/a:openbsd:openssh:5.3 -> OpenBSD OpenSSH 5.3
cpe:/a:apache:http_server:2.2.15 -> Apache Software Foundation Apache HTTP Server 2.2.15
54615 - Device Type
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/05/23, Modified: 2011/05/23
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 95
84047 - Hyper-V Virtual Machine Detection
Synopsis
The remote host is a Hyper-V virtual machine.
Description
According to the MAC address of its network adapter, the remote host is a Microsoft Hyper-V virtual machine.
See Also
Solution
Since it is physically accessible through the network, ensure that its configuration matches your organization's security policy.
Risk Factor
None
Plugin Information:
Published: 2015/06/09, Modified: 2017/11/20
Plugin Output

tcp/0


The remote host is a Hyper-V virtual machine.

10287 - Traceroute Information
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 1999/11/27, Modified: 2017/08/22
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.1.108 to 192.168.1.39 :
192.168.1.108
192.168.1.39

Hop Count: 1

90317 - SSH Weak Algorithms Supported
Synopsis
The remote SSH server is configured to allow weak encryption algorithms or no algorithm at all.
Description
Nessus has detected that the remote SSH server is configured to use the Arcfour stream cipher or no cipher at all. RFC 4253 advises against using Arcfour due to an issue with weak keys.
See Also
Solution
Contact the vendor or consult product documentation to remove the weak ciphers.
Risk Factor
Medium
CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
Plugin Information:
Published: 2016/04/04, Modified: 2016/12/14
Plugin Output

tcp/22


The following weak server-to-client encryption algorithms are supported :

arcfour
arcfour128
arcfour256

The following weak client-to-server encryption algorithms are supported :

arcfour
arcfour128
arcfour256
70658 - SSH Server CBC Mode Ciphers Enabled
Synopsis
The SSH server is configured to use Cipher Block Chaining.
Description
The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext.

Note that this plugin only checks for the options of the SSH server and does not check for vulnerable software versions.
Solution
Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.
Risk Factor
Low
CVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVSS Temporal Score
2.6 (CVSS2#E:ND/RL:ND/RC:ND)
References
BID 32319
CVE CVE-2008-5161
XREF CWE:200
XREF CERT:958563
XREF OSVDB:50036
XREF OSVDB:50035
Plugin Information:
Published: 2013/10/28, Modified: 2016/05/12
Plugin Output

tcp/22


The following client-to-server Cipher Block Chaining (CBC) algorithms
are supported :

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se

The following server-to-client Cipher Block Chaining (CBC) algorithms
are supported :

3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se
71049 - SSH Weak MAC Algorithms Enabled
Synopsis
The remote SSH server is configured to allow MD5 and 96-bit MAC algorithms.
Description
The remote SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are considered weak.

Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software versions.
Solution
Contact the vendor or consult product documentation to disable MD5 and 96-bit MAC algorithms.
Risk Factor
Low
CVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
Plugin Information:
Published: 2013/11/22, Modified: 2016/12/14
Plugin Output

tcp/22


The following client-to-server Message Authentication Code (MAC) algorithms
are supported :

hmac-md5
hmac-md5-96
hmac-sha1-96

The following server-to-client Message Authentication Code (MAC) algorithms
are supported :

hmac-md5
hmac-md5-96
hmac-sha1-96
10267 - SSH Server Type and Version Information
Synopsis
An SSH server is listening on this port.
Description
It is possible to obtain information about the remote SSH server by sending an empty authentication request.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 1999/10/12, Modified: 2017/11/17
Plugin Output

tcp/22


SSH version : SSH-2.0-OpenSSH_5.3
SSH supported authentication : publickey,gssapi-keyex,gssapi-with-mic,password
10881 - SSH Protocol Versions Supported
Synopsis
A SSH server is running on the remote host.
Description
This plugin determines the versions of the SSH protocol supported by the remote SSH daemon.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2002/03/06, Modified: 2017/05/30
Plugin Output

tcp/22

The remote SSH daemon supports the following versions of the
SSH protocol :

- 1.99
- 2.0
11219 - Nessus SYN scanner
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information:
Published: 2009/02/04, Modified: 2017/05/22
Plugin Output

tcp/22

Port 22/tcp was found to be open
22964 - Service Detection
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/08/19, Modified: 2017/07/07
Plugin Output

tcp/22

An SSH server is running on this port.
39520 - Backported Security Patch Detection (SSH)
Synopsis
Security patches are backported.
Description
Security patches may have been 'backported' to the remote SSH server without changing its version number.

Banner-based checks have been disabled to avoid false positives.

Note that this test is informational only and does not denote any security problem.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2009/06/25, Modified: 2015/07/07
Plugin Output

tcp/22


Give Nessus credentials to perform local checks.
70657 - SSH Algorithms and Languages Supported
Synopsis
An SSH server is listening on this port.
Description
This script detects which algorithms and languages are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2013/10/28, Modified: 2017/08/28
Plugin Output

tcp/22


Nessus negotiated the following encryption algorithm with the server :

The server supports the following options for kex_algorithms :

diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1

The server supports the following options for server_host_key_algorithms :

ssh-dss
ssh-rsa

The server supports the following options for encryption_algorithms_client_to_server :

3des-cbc
aes128-cbc
aes128-ctr
aes192-cbc
aes192-ctr
aes256-cbc
aes256-ctr
arcfour
arcfour128
arcfour256
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se

The server supports the following options for encryption_algorithms_server_to_client :

3des-cbc
aes128-cbc
aes128-ctr
aes192-cbc
aes192-ctr
aes256-cbc
aes256-ctr
arcfour
arcfour128
arcfour256
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se

The server supports the following options for mac_algorithms_client_to_server :

hmac-md5
hmac-md5-96
hmac-ripemd160
hmac-ripemd160@openssh.com
hmac-sha1
hmac-sha1-96
hmac-sha2-256
hmac-sha2-512
umac-64@openssh.com

The server supports the following options for mac_algorithms_server_to_client :

hmac-md5
hmac-md5-96
hmac-ripemd160
hmac-ripemd160@openssh.com
hmac-sha1
hmac-sha1-96
hmac-sha2-256
hmac-sha2-512
umac-64@openssh.com

The server supports the following options for compression_algorithms_client_to_server :

none
zlib@openssh.com

The server supports the following options for compression_algorithms_server_to_client :

none
zlib@openssh.com

11213 - HTTP TRACE / TRACK Methods Allowed
Synopsis
Debugging functions are enabled on the remote web server.
Description
The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that are used to debug web server connections.
See Also
Solution
Disable these methods. Refer to the plugin output for more information.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score
4.3 (CVSS2#E:H/RL:OF/RC:C)
References
BID 37995
BID 33374
BID 11604
BID 9561
BID 9506
CVE CVE-2010-0386
CVE CVE-2004-2320
CVE CVE-2003-1567
XREF CWE:200
XREF CWE:16
XREF CERT:867593
XREF CERT:288308
XREF OSVDB:50485
XREF OSVDB:11408
XREF OSVDB:5648
XREF OSVDB:3726
XREF OSVDB:877
Plugin Information:
Published: 2003/01/23, Modified: 2016/11/23
Plugin Output

tcp/80


To disable these methods, add the following lines for each virtual
host in your configuration file :

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

Alternatively, note that Apache versions 1.3.34, 2.0.55, and 2.2
support disabling the TRACE method natively via the 'TraceEnable'
directive.

Nessus sent the following TRACE request :

------------------------------ snip ------------------------------
TRACE /Nessus1499325278.html HTTP/1.1
Connection: Close
Host: 192.168.1.39
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Accept-Language: en
Accept-Charset: iso-8859-1,*,utf-8

------------------------------ snip ------------------------------

and received the following response from the remote server :

------------------------------ snip ------------------------------
HTTP/1.1 200 OK
Date: Mon, 11 Dec 2017 15:58:33 GMT
Server: Apache/2.2.15 (CentOS)
Connection: close
Transfer-Encoding: chunked
Content-Type: message/http


TRACE /Nessus1499325278.html HTTP/1.1
Connection: Close
Host: 192.168.1.39
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Accept-Language: en
Accept-Charset: iso-8859-1,*,utf-8

------------------------------ snip ------------------------------
10107 - HTTP Server Type and Version
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2000/01/04, Modified: 2016/02/19
Plugin Output

tcp/80

The remote web server type is :

Apache/2.2.15 (CentOS)

You can set the directive 'ServerTokens Prod' to limit the information
emanating from the server in its response headers.
11219 - Nessus SYN scanner
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information:
Published: 2009/02/04, Modified: 2017/05/22
Plugin Output

tcp/80

Port 80/tcp was found to be open
22964 - Service Detection
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/08/19, Modified: 2017/07/07
Plugin Output

tcp/80

A web server is running on this port.
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/01/30, Modified: 2017/11/13
Plugin Output

tcp/80


Response Code : HTTP/1.1 403 Forbidden

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Date: Mon, 11 Dec 2017 15:58:30 GMT
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Length: 4961
Connection: close
Content-Type: text/html; charset=UTF-8

Response Body :

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<head>
<title>Apache HTTP Server Test Page powered by CentOS</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<style type="text/css">
body {
background-color: #fff;
color: #000;
font-size: 0.9em;
font-family: sans-serif,helvetica;
margin: 0;
padding: 0;
}
:link {
color: #0000FF;
}
:visited {
color: #0000FF;
}
a:hover {
color: #3399FF;
}
h1 {
text-align: center;
margin: 0;
padding: 0.6em 2em 0.4em;
background-color: #3399FF;
color: #ffffff;
font-weight: normal;
font-size: 1.75em;
border-bottom: 2px solid #000;
}
h1 strong {
font-weight: bold;
}
h2 {
font-size: 1.1em;
font-weight: bold;
}
.content {
padding: 1em 5em;
}
.content-columns {
/* Setting relative positioning allows for
absolute positioning for sub-classes */
position: relative;
padding-top: 1em;
}
.content-column-left {
/* Value for IE/Win; will be overwritten for other browsers */
width: 47%;
padding-right: 3%;
float: left;
padding-bottom: 2em;
}
.content-column-right {
/* Values for IE/Win; will be overwritten for other browsers */
width: 47%;
padding-left: 3%;
float: left;
padding-bottom: 2em;
}
.content-columns>.content-column-left, .content-columns>.content-column-right {
/* Non-IE/Win */
}
img {
border: 2px solid #fff;
padding: 2px;
margin: 2px;
}
a:hover img {
border: 2px solid #3399FF;
}
</style>
</head>

<body>
<h1>Apache 2 Test Page<br><font size="-1"><strong>powered by</font> CentOS</strong></h1>

<div class="content">
<div class="content-middle">
<p>This page is used to test the proper operation of the Apache HTTP server after it has been installed. If you can read this page it means that the Apache HTTP server installed at this site is working properly.</p>
</div>
<hr />
<div class="content-columns">
<div class="content-column-left">
<h2>If you are a member of the general public:</h2>

<p>The fact that you are seeing this page indicates that the website you just visited is either experiencing problems or is undergoing routine maintenance.</p>

<p>If you would like to let the administrators of this website know that you've seen this page instead of the page you expected, you should send them e-mail. In general, mail sent to the name "webmaster" and directed to the website's domain should reach the appropriate person.</p>

<p>For example, if you experienced problems while visiting www.example.com, you should send e-mail to "webmaster@example.com".</p>
</div>

<div class="content-column-right">
<h2>If you are the website administrator:</h2>

<p>You may now add content to the directory <tt>/var/www/html/</tt>. Note that until you do so, people visiting your website will see this page and not your content. To prevent this page from ever being used, follow the instructions in the file <tt>/etc/httpd/conf.d/welcome.conf</tt>.</p>

<p>You are free to use the images below on Apache and CentOS Linux powered HTTP servers. Thanks for using Apache and CentOS!</p>

<p><a href="http://httpd.apache.org/"><img src="/icons/apache_pb.gif" alt="[ Powered by Apache ]"/></a> <a href="http://www.centos.org/"><img src="/icons/poweredby.png" alt="[ Powered by CentOS Linux ]" width="88" height="31" /></a></p>
</div>
</div>
</div>
<div class="content">
<div class="content-middle"><h2>About CentOS:</h2><b>The Community ENTerprise Operating System</b> (CentOS) Linux is a community-supported enterprise distribution derived from sources freely provided to the public by Red Hat. As such, CentOS Linux aims to be functionally compatible with Red Hat Enterprise Linux. The CentOS Project is the organization that builds CentOS. We mainly change packages to remove upstream vendor branding and artwork.</p> <p>For information on CentOS please visit the <a href="http://www.centos.org/">CentOS website</a>.</p>
<p><h2>Note:</h2><p>CentOS is an Operating System and it is used to power this website; however, the webserver is owned by the domain owner and not the CentOS Project. <b>If you have issues with the content of this site, contact the owner of the domain, not the CentOS Project.</b> <p>Unless this server is on the <b>centos.org</b> domain, the CentOS Project doesn't have anything to do with the content on this webserver or any e-mails that directed you to this site.</p> <p>For example, if this website is www.example.com, you would find the owner of the example.com domain at the following WHOIS server:</p> <p><a href="http://www.internic.net/whois.html">http://www.internic.net/whois.html</a></p>
</div>
</div>
</body>
</html>
39521 - Backported Security Patch Detection (WWW)
Synopsis
Security patches are backported.
Description
Security patches may have been 'backported' to the remote HTTP server without changing its version number.

Banner-based checks have been disabled to avoid false positives.

Note that this test is informational only and does not denote any security problem.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2009/06/25, Modified: 2015/07/07
Plugin Output

tcp/80


Give Nessus credentials to perform local checks.
43111 - HTTP Methods Allowed (per directory)
Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.
Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.

As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes' in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501.

Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2009/12/10, Modified: 2013/05/09
Plugin Output

tcp/80

Based on the response to an OPTIONS request :

- HTTP methods GET HEAD OPTIONS POST TRACE are allowed on :

/

11213 - HTTP TRACE / TRACK Methods Allowed
Synopsis
Debugging functions are enabled on the remote web server.
Description
The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that are used to debug web server connections.
See Also
Solution
Disable these methods. Refer to the plugin output for more information.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score
4.3 (CVSS2#E:H/RL:OF/RC:C)
References
BID 37995
BID 33374
BID 11604
BID 9561
BID 9506
CVE CVE-2010-0386
CVE CVE-2004-2320
CVE CVE-2003-1567
XREF CWE:200
XREF CWE:16
XREF CERT:867593
XREF CERT:288308
XREF OSVDB:50485
XREF OSVDB:11408
XREF OSVDB:5648
XREF OSVDB:3726
XREF OSVDB:877
Plugin Information:
Published: 2003/01/23, Modified: 2016/11/23
Plugin Output

tcp/443


To disable these methods, add the following lines for each virtual
host in your configuration file :

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

Alternatively, note that Apache versions 1.3.34, 2.0.55, and 2.2
support disabling the TRACE method natively via the 'TraceEnable'
directive.

Nessus sent the following TRACE request :

------------------------------ snip ------------------------------
TRACE /Nessus21503843.html HTTP/1.1
Connection: Close
Host: 192.168.1.39
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Accept-Language: en
Accept-Charset: iso-8859-1,*,utf-8

------------------------------ snip ------------------------------

and received the following response from the remote server :

------------------------------ snip ------------------------------
HTTP/1.0 200 OK
Date: Mon, 11 Dec 2017 15:58:33 GMT
Server: Apache/2.2.15 (CentOS)
Connection: close
Content-Type: message/http


TRACE /Nessus21503843.html HTTP/1.1
Connection: Close
Host: 192.168.1.39
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Accept-Language: en
Accept-Charset: iso-8859-1,*,utf-8

------------------------------ snip ------------------------------
15901 - SSL Certificate Expiry
Synopsis
The remote server's SSL certificate has already expired.
Description
This plugin checks expiry dates of certificates associated with SSL- enabled services on the target and reports whether any have already expired.
Solution
Purchase or generate a new SSL certificate to replace the existing one.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
Plugin Information:
Published: 2004/12/03, Modified: 2016/01/08
Plugin Output

tcp/443


The SSL certificate has already expired :

Subject : C=US, ST=Maryland, L=Baltimore, O=localhost, OU=Home, CN=dvwacentos.localhost.local
Issuer : C=US, ST=Maryland, L=Baltimore, O=localhost, OU=Home, CN=dvwacentos.localhost.local
Not valid before : Mar 2 21:23:17 2016 GMT
Not valid after : Mar 2 21:23:17 2017 GMT
20007 - SSL Version 2 and 3 Protocol Detection
Synopsis
The remote service encrypts traffic using a protocol with known weaknesses.
Description
The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are affected by several cryptographic flaws, including:

- An insecure padding scheme with CBC ciphers.

- Insecure session renegotiation and resumption schemes.

An attacker can exploit these flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected service and clients.

Although SSL/TLS has a secure means for choosing the highest supported version of the protocol (so that these versions will be used only if the client or server support nothing better), many web browsers implement this in an unsafe way that allows an attacker to downgrade a connection (such as in POODLE). Therefore, it is recommended that these protocols be disabled entirely.

NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC's definition of 'strong cryptography'.
See Also
Solution
Consult the application's documentation to disable SSL 2.0 and 3.0.
Use TLS 1.1 (with approved cipher suites) or higher instead.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Plugin Information:
Published: 2005/10/12, Modified: 2017/07/11
Plugin Output

tcp/443


- SSLv3 is enabled and the server supports at least one cipher.
35291 - SSL Certificate Signed Using Weak Hashing Algorithm
Synopsis
An SSL certificate in the certificate chain has been signed using a weak hash algorithm.
Description
The remote service uses an SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks. An attacker can exploit this to generate another certificate with the same digital signature, allowing an attacker to masquerade as the affected service.

Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.

Note that certificates in the chain that are contained in the Nessus CA database (known_CA.inc) have been ignored.
See Also
Solution
Contact the Certificate Authority to have the certificate reissued.
Risk Factor
Medium
CVSS Base Score
4.0 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVSS Temporal Score
3.5 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 33065
BID 11849
CVE CVE-2004-2761
XREF CWE:310
XREF CERT:836068
XREF OSVDB:45127
XREF OSVDB:45108
XREF OSVDB:45106
Plugin Information:
Published: 2009/01/05, Modified: 2017/06/12
Plugin Output

tcp/443


The following certificates were part of the certificate chain sent by
the remote host, but contain hashes that are considered to be weak.

|-Subject : C=US/ST=Maryland/L=Baltimore/O=localhost/OU=Home/CN=dvwacentos.localhost.local
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From : Mar 02 21:23:17 2016 GMT
|-Valid To : Mar 02 21:23:17 2017 GMT
42873 - SSL Medium Strength Cipher Suites Supported
Synopsis
The remote service supports the use of medium strength SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
See Also
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Plugin Information:
Published: 2009/11/23, Modified: 2017/09/01
Plugin Output

tcp/443


Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
ECDHE-RSA-DES-CBC3-SHA Kx=ECDH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
51192 - SSL Certificate Cannot Be Trusted
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information:
Published: 2010/12/15, Modified: 2017/05/18
Plugin Output

tcp/443


The following certificate was part of the certificate chain
sent by the remote host, but it has expired :

|-Subject : C=US/ST=Maryland/L=Baltimore/O=localhost/OU=Home/CN=dvwacentos.localhost.local
|-Not After : Mar 02 21:23:17 2017 GMT

The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : C=US/ST=Maryland/L=Baltimore/O=localhost/OU=Home/CN=dvwacentos.localhost.local
|-Issuer : C=US/ST=Maryland/L=Baltimore/O=localhost/OU=Home/CN=dvwacentos.localhost.local
57582 - SSL Self-Signed Certificate
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Solution
Purchase or generate a proper certificate for this service.
Risk Factor
Medium
CVSS Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information:
Published: 2012/01/17, Modified: 2016/12/14
Plugin Output

tcp/443


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : C=US/ST=Maryland/L=Baltimore/O=localhost/OU=Home/CN=dvwacentos.localhost.local
65821 - SSL RC4 Cipher Suites Supported (Bar Mitzvah)
Synopsis
The remote service supports the use of the RC4 cipher.
Description
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing its randomness.

If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of millions) ciphertexts, the attacker may be able to derive the plaintext.
See Also
Solution
Reconfigure the affected application, if possible, to avoid use of RC4 ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser and web server support.
Risk Factor
Low
CVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVSS Temporal Score
2.2 (CVSS2#E:F/RL:TF/RC:ND)
References
BID 73684
BID 58796
CVE CVE-2015-2808
CVE CVE-2013-2566
XREF OSVDB:117855
XREF OSVDB:91162
Plugin Information:
Published: 2013/04/05, Modified: 2016/12/14
Plugin Output

tcp/443


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

ECDHE-RSA-RC4-SHA Kx=ECDH Au=RSA Enc=RC4(128) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
10107 - HTTP Server Type and Version
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2000/01/04, Modified: 2016/02/19
Plugin Output

tcp/443

The remote web server type is :

Apache/2.2.15 (CentOS)

You can set the directive 'ServerTokens Prod' to limit the information
emanating from the server in its response headers.
10863 - SSL Certificate Information
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/05/19, Modified: 2015/12/30
Plugin Output

tcp/443

Subject Name:

Country: US
State/Province: Maryland
Locality: Baltimore
Organization: localhost
Organization Unit: Home
Common Name: dvwacentos.localhost.local

Issuer Name:

Country: US
State/Province: Maryland
Locality: Baltimore
Organization: localhost
Organization Unit: Home
Common Name: dvwacentos.localhost.local

Serial Number: 00 89 09 BB 04 64 A1 77 99

Version: 1

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Mar 02 21:23:17 2016 GMT
Not Valid After: Mar 02 21:23:17 2017 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 C2 C4 70 A9 9D 20 39 93 02 48 B2 8E 1B 9D F6 73 94 55 17
DD FA A2 DC 5A 13 0D 1B 02 32 56 28 F5 03 91 E6 7E 70 03 FE
34 E9 A9 17 DD 7D 89 C8 53 05 F9 5B 11 64 EE 7D 5A A2 24 D5
6A 22 22 B2 CC C9 3D 57 50 03 E7 19 F1 0F 57 1A 02 77 B7 53
AB 07 99 55 D3 3E B9 03 98 0C CA 64 FD 7D 63 63 DA 5D 61 8D
6E BF 62 6B 2C 35 F4 A8 40 CC 44 09 5D F3 5F 20 DC 62 EF F5
41 53 CA 59 E5 DD FC 03 0E 6B 99 AB 73 44 2A DE 14 BE F1 1D
F5 43 50 3C BE 7B D2 9A C8 53 17 10 BE 62 39 7E 22 F5 86 4B
DF AF 6C 87 E7 D2 65 93 79 B8 68 AD 5A 52 33 27 EF BB F1 5F
61 3F 17 E6 31 A0 A7 71 BE 4F 67 E1 81 95 84 AB 6B 9D C1 67
B2 AC 7C 85 D5 B6 45 C0 39 9D 48 F4 14 1D 4F 5C C8 61 8A 2E
1A FE B8 3F 76 C4 2E 09 69 5C 91 B6 B7 A6 E6 44 A4 ED 70 75
07 7C 5B 79 AD 95 97 2D D6 64 0B 17 A6 A6 30 23 C1
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 95 DF 9C 94 E1 B0 7C CF F9 7F 14 62 56 AE D0 46 80 34 75
C7 38 60 58 9B 7B 18 78 D9 0B DA 62 8D 65 FD 80 3C 15 71 6E
D8 D1 95 D7 83 6B 3D 46 79 46 E1 2C E9 BE FD E4 95 9B 74 40
B5 EC 5D E2 DA 4C 24 7F E5 8A EE 80 4E AA 0E 7B A9 60 BC C3
B1 DA 49 9F 38 A3 C7 89 4F C0 BE 6E 11 59 84 06 28 6F 08 1D
2E 2C E4 2E 28 A2 25 B2 FC 55 7E 09 54 5E 95 2E B4 57 D8 BC
D8 E2 32 D2 7B C4 AE 3D D2 BF E1 A1 EC 2D 4B D7 F1 A2 91 8D
24 95 69 C0 13 D5 08 53 F0 8D 8A EA B8 40 D7 3D 33 1E 21 14
F5 CC 19 56 E2 81 5F EB 1C 54 13 05 CA 1A 7F 3F EF E9 51 BE
BF 02 C3 29 CD 20 06 D1 54 03 71 4E D6 75 92 EA 6B 71 79 C4
8C 04 F4 6D 2C D0 81 2A 19 B9 75 0F C7 23 F3 A4 09 A7 76 CC
5E 50 15 C4 40 ED DB 3E 65 1B 11 74 F8 C2 98 93 DF 54 74 90
02 83 9A 3E F4 C5 4F 15 54 BD FC 01 DE D9 AD FF 56

Fingerprints :

SHA-256 Fingerprint: 9E AE 34 9E 97 57 12 D3 22 DD 26 3E D6 69 6B 77 9B 87 24 E9
A5 B1 A5 42 CA 90 4A D3 CA FA BE 77
SHA-1 Fingerprint: FF F0 DA EB E2 46 4E AE E2 3A F1 C0 F3 FE 5F 37 50 89 17 22
MD5 Fingerprint: 3E 51 6E C8 76 4F A6 96 72 51 C0 17 9C 8F 3C E4
11219 - Nessus SYN scanner
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information:
Published: 2009/02/04, Modified: 2017/05/22
Plugin Output

tcp/443

Port 443/tcp was found to be open
21643 - SSL Cipher Suites Supported
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2006/06/05, Modified: 2017/11/13
Plugin Output

tcp/443


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
ECDHE-RSA-DES-CBC3-SHA Kx=ECDH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA256 Kx=DH Au=RSA Enc=AES-GCM(128) Mac=SHA256
DHE-RSA-AES256-SHA384 Kx=DH Au=RSA Enc=AES-GCM(256) Mac=SHA384
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-GCM(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-GCM(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-GCM(128) Mac=SHA256
RSA-AES256-SHA384 Kx=RSA Au=RSA Enc=AES-GCM(256) Mac=SHA384
DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA Kx=DH Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
DHE-RSA-CAMELLIA256-SHA Kx=DH Au=RSA Enc=Camellia-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-RC4-SHA Kx=ECDH Au=RSA Enc=RC4(128) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
CAMELLIA128-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
CAMELLIA256-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
DHE-RSA-AES128-SHA256 Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA256
DHE-RSA-AES256-SHA256 Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA256
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256


SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
ECDHE-RSA-DES-CBC3-SHA Kx=ECDH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA Kx=DH Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
DHE-RSA-CAMELLIA256-SHA Kx=DH Au=RSA Enc=Camellia-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-RC4-SHA Kx=ECDH Au=RSA Enc=RC4(128) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
CAMELLIA128-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
CAMELLIA256-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1


SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
ECDHE-RSA-DES-CBC3-SHA Kx=ECDH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA Kx=DH Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
DHE-RSA-CAMELLIA256-SHA Kx=DH Au=RSA Enc=Camellia-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-RC4-SHA Kx=ECDH Au=RSA Enc=RC4(128) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
CAMELLIA128-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
CAMELLIA256-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1


SSL Version : SSLv3
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
ECDHE-RSA-DES-CBC3-SHA Kx=ECDH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA Kx=DH Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
DHE-RSA-CAMELLIA256-SHA Kx=DH Au=RSA Enc=Camellia-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-RC4-SHA Kx=ECDH Au=RSA Enc=RC4(128) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
CAMELLIA128-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
CAMELLIA256-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
22964 - Service Detection
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/08/19, Modified: 2017/07/07
Plugin Output

tcp/443

A TLSv1 server answered on this port.

tcp/443

A web server is running on this port through TLSv1.
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/01/30, Modified: 2017/11/13
Plugin Output

tcp/443


Response Code : HTTP/1.0 403 Forbidden

Protocol version : HTTP/1.0
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Date: Mon, 11 Dec 2017 15:58:30 GMT
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Length: 4961
Connection: close
Content-Type: text/html; charset=UTF-8

Response Body :

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<head>
<title>Apache HTTP Server Test Page powered by CentOS</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<style type="text/css">
body {
background-color: #fff;
color: #000;
font-size: 0.9em;
font-family: sans-serif,helvetica;
margin: 0;
padding: 0;
}
:link {
color: #0000FF;
}
:visited {
color: #0000FF;
}
a:hover {
color: #3399FF;
}
h1 {
text-align: center;
margin: 0;
padding: 0.6em 2em 0.4em;
background-color: #3399FF;
color: #ffffff;
font-weight: normal;
font-size: 1.75em;
border-bottom: 2px solid #000;
}
h1 strong {
font-weight: bold;
}
h2 {
font-size: 1.1em;
font-weight: bold;
}
.content {
padding: 1em 5em;
}
.content-columns {
/* Setting relative positioning allows for
absolute positioning for sub-classes */
position: relative;
padding-top: 1em;
}
.content-column-left {
/* Value for IE/Win; will be overwritten for other browsers */
width: 47%;
padding-right: 3%;
float: left;
padding-bottom: 2em;
}
.content-column-right {
/* Values for IE/Win; will be overwritten for other browsers */
width: 47%;
padding-left: 3%;
float: left;
padding-bottom: 2em;
}
.content-columns>.content-column-left, .content-columns>.content-column-right {
/* Non-IE/Win */
}
img {
border: 2px solid #fff;
padding: 2px;
margin: 2px;
}
a:hover img {
border: 2px solid #3399FF;
}
</style>
</head>

<body>
<h1>Apache 2 Test Page<br><font size="-1"><strong>powered by</font> CentOS</strong></h1>

<div class="content">
<div class="content-middle">
<p>This page is used to test the proper operation of the Apache HTTP server after it has been installed. If you can read this page it means that the Apache HTTP server installed at this site is working properly.</p>
</div>
<hr />
<div class="content-columns">
<div class="content-column-left">
<h2>If you are a member of the general public:</h2>

<p>The fact that you are seeing this page indicates that the website you just visited is either experiencing problems or is undergoing routine maintenance.</p>

<p>If you would like to let the administrators of this website know that you've seen this page instead of the page you expected, you should send them e-mail. In general, mail sent to the name "webmaster" and directed to the website's domain should reach the appropriate person.</p>

<p>For example, if you experienced problems while visiting www.example.com, you should send e-mail to "webmaster@example.com".</p>
</div>

<div class="content-column-right">
<h2>If you are the website administrator:</h2>

<p>You may now add content to the directory <tt>/var/www/html/</tt>. Note that until you do so, people visiting your website will see this page and not your content. To prevent this page from ever being used, follow the instructions in the file <tt>/etc/httpd/conf.d/welcome.conf</tt>.</p>

<p>You are free to use the images below on Apache and CentOS Linux powered HTTP servers. Thanks for using Apache and CentOS!</p>

<p><a href="http://httpd.apache.org/"><img src="/icons/apache_pb.gif" alt="[ Powered by Apache ]"/></a> <a href="http://www.centos.org/"><img src="/icons/poweredby.png" alt="[ Powered by CentOS Linux ]" width="88" height="31" /></a></p>
</div>
</div>
</div>
<div class="content">
<div class="content-middle"><h2>About CentOS:</h2><b>The Community ENTerprise Operating System</b> (CentOS) Linux is a community-supported enterprise distribution derived from sources freely provided to the public by Red Hat. As such, CentOS Linux aims to be functionally compatible with Red Hat Enterprise Linux. The CentOS Project is the organization that builds CentOS. We mainly change packages to remove upstream vendor branding and artwork.</p> <p>For information on CentOS please visit the <a href="http://www.centos.org/">CentOS website</a>.</p>
<p><h2>Note:</h2><p>CentOS is an Operating System and it is used to power this website; however, the webserver is owned by the domain owner and not the CentOS Project. <b>If you have issues with the content of this site, contact the owner of the domain, not the CentOS Project.</b> <p>Unless this server is on the <b>centos.org</b> domain, the CentOS Project doesn't have anything to do with the content on this webserver or any e-mails that directed you to this site.</p> <p>For example, if this website is www.example.com, you would find the owner of the example.com domain at the following WHOIS server:</p> <p><a href="http://www.internic.net/whois.html">http://www.internic.net/whois.html</a></p>
</div>
</div>
</body>
</html>
39521 - Backported Security Patch Detection (WWW)
Synopsis
Security patches are backported.
Description
Security patches may have been 'backported' to the remote HTTP server without changing its version number.

Banner-based checks have been disabled to avoid false positives.

Note that this test is informational only and does not denote any security problem.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2009/06/25, Modified: 2015/07/07
Plugin Output

tcp/443


Give Nessus credentials to perform local checks.
43111 - HTTP Methods Allowed (per directory)
Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.
Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.

As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes' in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501.

Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2009/12/10, Modified: 2013/05/09
Plugin Output

tcp/443

Based on the response to an OPTIONS request :

- HTTP methods GET HEAD OPTIONS POST TRACE are allowed on :

/
50845 - OpenSSL Detection
Synopsis
The remote service appears to use OpenSSL to encrypt traffic.
Description
Based on its response to a TLS request with a specially crafted server name extension, it seems that the remote service is using the OpenSSL library to encrypt traffic.

Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions (RFC 4366).
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2010/11/30, Modified: 2013/10/18
Plugin Output

tcp/443

51891 - SSL Session Resume Supported
Synopsis
The remote host allows resuming SSL sessions.
Description
This script detects whether a host allows resuming SSL sessions by performing a full SSL handshake to receive a session ID, and then reconnecting with the previously used session ID. If the server accepts the session ID in the second connection, the server maintains a cache of sessions that can be resumed.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/02/07, Modified: 2013/10/18
Plugin Output

tcp/443


This port supports resuming SSLv3 sessions.
56984 - SSL / TLS Versions Supported
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/12/01, Modified: 2017/11/06
Plugin Output

tcp/443


This port supports SSLv3/TLSv1.0/TLSv1.1/TLSv1.2.
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/12/07, Modified: 2017/06/12
Plugin Output

tcp/443


Here is the list of SSL PFS ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
ECDHE-RSA-DES-CBC3-SHA Kx=ECDH Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA256 Kx=DH Au=RSA Enc=AES-GCM(128) Mac=SHA256
DHE-RSA-AES256-SHA384 Kx=DH Au=RSA Enc=AES-GCM(256) Mac=SHA384
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-GCM(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-GCM(256) Mac=SHA384
DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA Kx=DH Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
DHE-RSA-CAMELLIA256-SHA Kx=DH Au=RSA Enc=Camellia-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-RC4-SHA Kx=ECDH Au=RSA Enc=RC4(128) Mac=SHA1
DHE-RSA-AES128-SHA256 Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA256
DHE-RSA-AES256-SHA256 Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA256
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
70544 - SSL Cipher Block Chaining Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2013/10/22, Modified: 2013/10/22
Plugin Output

tcp/443


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
ECDHE-RSA-DES-CBC3-SHA Kx=ECDH Au=RSA Enc=3DES-CBC(168) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA Kx=DH Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
DHE-RSA-CAMELLIA256-SHA Kx=DH Au=RSA Enc=Camellia-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
CAMELLIA128-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(128) Mac=SHA1
CAMELLIA256-SHA Kx=RSA Au=RSA Enc=Camellia-CBC(256) Mac=SHA1
DHE-RSA-AES128-SHA256 Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA256
DHE-RSA-AES256-SHA256 Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA256
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
84502 - HSTS Missing From HTTPS Server
Synopsis
The remote web server is not enforcing HSTS.
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
See Also
Solution
Configure the remote web server to use HSTS.
Risk Factor
None
Plugin Information:
Published: 2015/07/02, Modified: 2015/07/02
Plugin Output

tcp/443


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.
104743 - TLS Version 1.0 Protocol Detection
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.1 and 1.2 are designed against these flaws and should be used whenever possible.

PCI DSS v3.1 requires that TLS 1.0 be disabled entirely by June 2018, except for point-of-sale terminals and their termination points.
Solution
Enable support for TLS 1.1 and 1.2, and disable support for TLS 1.0.
Risk Factor
None
Plugin Information:
Published: 2017/11/22, Modified: 2017/11/22
Plugin Output

tcp/443

TLSv1 is enabled and the server supports at least one cipher.

10107 - HTTP Server Type and Version
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2000/01/04, Modified: 2016/02/19
Plugin Output

tcp/3128

The remote web server type is :

squid/3.1.23
11040 - HTTP Reverse Proxy Detection
Synopsis
A transparent or reverse HTTP proxy is running on this port.
Description
This web server is reachable through a reverse HTTP proxy.
Solution
n/a
Risk Factor
None
References
CVE CVE-2007-3008
CVE CVE-2005-3498
CVE CVE-2005-3398
CVE CVE-2004-2320
XREF CWE:79
XREF CWE:200
XREF OSVDB:50485
XREF OSVDB:35511
XREF OSVDB:3726
XREF OSVDB:877
Plugin Information:
Published: 2002/07/02, Modified: 2016/01/07
Plugin Output

tcp/3128

The GET method revealed those proxies on the way to this web server :
HTTP/1.0 centos6dvwa (squid/3.1.23)
11219 - Nessus SYN scanner
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information:
Published: 2009/02/04, Modified: 2017/05/22
Plugin Output

tcp/3128

Port 3128/tcp was found to be open
22964 - Service Detection
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/08/19, Modified: 2017/07/07
Plugin Output

tcp/3128

A web server is running on this port.

tcp/3128

An HTTP proxy is running on this port.
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/01/30, Modified: 2017/11/13
Plugin Output

tcp/3128


Response Code : HTTP/1.0 400 Bad Request

Protocol version : HTTP/1.0
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Server: squid/3.1.23
Mime-Version: 1.0
Date: Mon, 11 Dec 2017 15:58:30 GMT
Content-Type: text/html
Content-Length: 3145
X-Squid-Error: ERR_INVALID_URL 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from centos6dvwa
X-Cache-Lookup: NONE from centos6dvwa:3128
Via: 1.0 centos6dvwa (squid/3.1.23)
Connection: close

Response Body :

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>ERROR: The requested URL could not be retrieved</title>
<style type="text/css"><!--
/*
Stylesheet for Squid Error pages
Adapted from design by Free CSS Templates
http://www.freecsstemplates.org
Released for free under a Creative Commons Attribution 2.5 License
*/

/* Page basics */
* {
font-family: verdana, sans-serif;
}

html body {
margin: 0;
padding: 0;
background: #efefef;
font-size: 12px;
color: #1e1e1e;
}

/* Page displayed title area */
#titles {
margin-left: 15px;
padding: 10px;
padding-left: 100px;
background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;
}

/* initial title */
#titles h1 {
color: #000000;
}
#titles h2 {
color: #000000;
}

/* special event: FTP success page titles */
#titles ftpsuccess {
background-color:#00ff00;
width:100%;
}

/* Page displayed body content area */
#content {
padding: 10px;
background: #ffffff;
}

/* General text */
p {
}

/* error brief description */
#error p {
}

/* some data which may have caused the problem */
#data {
}

/* the error message received from the system or other software */
#sysmsg {
}

pre {
font-family:sans-serif;
}

/* special event: FTP / Gopher directory listing */
#dirmsg {
font-family: courier;
color: black;
font-size: 10pt;
}
#dirlisting {
margin-left: 2%;
margin-right: 2%;
}
#dirlisting tr.entry td.icon,td.filename,td.size,td.date {
border-bottom: groove;
}
#dirlisting td.size {
width: 50px;
text-align: right;
padding-right: 5px;
}

/* horizontal lines */
hr {
margin: 0;
}

/* page displayed footer area */
#footer {
font-size: 9px;
padding-left: 10px;
}


body
:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
:lang(he) { direction: rtl; }
--></style>
</head><body id=ERR_INVALID_URL>
<div id="titles">
<h1>ERROR</h1>
<h2>The requested URL could not be retrieved</h2>
</div>
<hr>

<div id="content">
<p>The following error was encountered while trying to retrieve the URL: <a href="/">/</a></p>

<blockquote id="error">
<p><b>Invalid URL</b></p>
</blockquote>

<p>Some aspect of the requested URL is incorrect.</p>

<p>Some possible problems are:</p>
<ul>
<li><p>Missing or incorrect access protocol (should be <q>http://</q> or similar)</p></li>
<li><p>Missing hostname</p></li>
<li><p>Illegal double-escape in the URL-Path</p></li>
<li><p>Illegal character in hostname; underscores are not allowed.</p></li>
</ul>

<p>Your cache administrator is <a href="mailto:root?subject=CacheErrorInfo%20-%20ERR_INVALID_URL&amp;body=CacheHost%3A%20centos6dvwa%0D%0AErrPage%3A%20ERR_INVALID_URL%0D%0AErr%3A%20%5Bnone%5D%0D%0ATimeStamp%3A%20Mon,%2011%20Dec%202017%2015%3A58%3A30%20GMT%0D%0A%0D%0AClientIP%3A%20192.168.1.108%0D%0A%0D%0AHTTP%20Request%3A%0D%0A%0D%0A%0D%0A">root</a>.</p>
<br>
</div>

<hr>
<div id="footer">
<p>Generated Mon, 11 Dec 2017 15:58:30 GMT by centos6dvwa (squid/3.1.23)</p>
<!-- ERR_INVALID_URL -->
</div>
</body></html>
49692 - Squid Proxy Version Detection
Synopsis
It was possible to obtain the version number of the remote Squid proxy server.
Description
The remote host is running the Squid proxy server, an open source proxy server. It was possible to read the version number from the banner.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2010/09/28, Modified: 2015/04/02
Plugin Output

tcp/3128


Source : Squid
Version : 3.1.23

11219 - Nessus SYN scanner
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information:
Published: 2009/02/04, Modified: 2017/05/22
Plugin Output

tcp/3306

Port 3306/tcp was found to be open
22964 - Service Detection
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/08/19, Modified: 2017/07/07
Plugin Output

tcp/3306

A MySQL server is running on this port.
192.168.1.53
2
7
7
3
145
Critical
High
Medium
Low
Info
Scan Information
Start time: Mon Dec 11 10:56:02 2017
End time: Mon Dec 11 11:05:33 2017
Host Information
DNS Name: win7x86-qa
Netbios Name: WIN7X86-QA
IP: 192.168.1.53
MAC Address: 00:15:5d:0f:c6:b5
OS: Microsoft Windows 7 Ultimate Service Pack 1
Vulnerabilities

10114 - ICMP Timestamp Request Remote Date Disclosure
Synopsis
It is possible to determine the exact time set on the remote host.
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authentication protocols.

Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, but usually within 1000 seconds of the actual system time.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
References
CVE CVE-1999-0524
XREF CWE:200
XREF OSVDB:94
Plugin Information:
Published: 1999/08/01, Modified: 2012/06/18
Plugin Output

icmp/0

This host returns non-standard timestamps (high bit is set)
The ICMP timestamps might be in little endian format (not in network format)
The remote clock is synchronized with the local clock.

10897 - Microsoft Windows - Users Information : Disabled Accounts
Synopsis
At least one user account has been disabled.
Description
Using the supplied credentials, Nessus was able to list user accounts that have been disabled.
Solution
Delete accounts that are no longer needed.
Risk Factor
None
References
XREF OSVDB:752
Plugin Information:
Published: 2002/03/15, Modified: 2017/01/26
Plugin Output

tcp/0


The following user account has been disabled :

- Guest


Note that, in addition to the Administrator, Guest, and Kerberos
accounts, Nessus has enumerated only those domain users with UIDs
between 1000 and 1200. To use a different range, edit the scan policy
and change the 'Start UID' and/or 'End UID' preferences for
'SMB use domain SID to enumerate users' setting, and then re-run the scan.
10898 - Microsoft Windows - Users Information : Never Changed Password
Synopsis
At least one user has never changed his or her password.
Description
Using the supplied credentials, Nessus was able to list users who have never changed their passwords.
Solution
Allow or require users to change their passwords regularly.
Risk Factor
None
References
XREF OSVDB:755
Plugin Information:
Published: 2002/03/15, Modified: 2017/01/26
Plugin Output

tcp/0


The following user has never changed his/her password :

- Guest


Note that, in addition to the Administrator, Guest, and Kerberos
accounts, Nessus has enumerated only those domain users with UIDs
between 1000 and 1200. To use a different range, edit the scan policy
and change the 'Start UID' and/or 'End UID' preferences for
'SMB use domain SID to enumerate users' setting, and then re-run the scan.
10899 - Microsoft Windows - Users Information : User Has Never Logged In
Synopsis
At least one user has never logged into his or her account.
Description
Using the supplied credentials, Nessus was able to list users who have never logged into their accounts.
Solution
Delete accounts that are not needed.
Risk Factor
None
References
XREF OSVDB:754
Plugin Information:
Published: 2002/03/15, Modified: 2017/01/26
Plugin Output

tcp/0


The following user has never logged in :

- Guest


Note that, in addition to the Administrator, Guest, and Kerberos
accounts, Nessus has enumerated only those domain users with UIDs
between 1000 and 1200. To use a different range, edit the scan policy
and change the 'Start UID' and/or 'End UID' preferences for
'SMB use domain SID to enumerate users' setting, and then re-run the scan.
10900 - Microsoft Windows - Users Information : Passwords Never Expire
Synopsis
At least one user has a password that never expires.
Description
Using the supplied credentials, Nessus was able to list users that are enabled and whose passwords never expire.
Solution
Allow or require users to change their passwords regularly.
Risk Factor
None
References
XREF OSVDB:755
Plugin Information:
Published: 2002/03/15, Modified: 2017/01/26
Plugin Output

tcp/0


The following user has a password that never expires :

- Administrator


Note that, in addition to the Administrator, Guest, and Kerberos
accounts, Nessus has enumerated only those domain users with UIDs
between 1000 and 1200. To use a different range, edit the scan policy
and change the 'Start UID' and/or 'End UID' preferences for this
plugin, then re-run the scan.
10913 - Microsoft Windows - Local Users Information : Disabled Accounts
Synopsis
At least one local user account has been disabled.
Description
Using the supplied credentials, Nessus was able to list local user accounts that have been disabled.
Solution
Delete accounts that are no longer needed.
Risk Factor
None
References
XREF OSVDB:752
Plugin Information:
Published: 2002/03/17, Modified: 2017/01/26
Plugin Output

tcp/0


The following local user account has been disabled :

- Guest


Note that, in addition to the Administrator and Guest accounts, Nessus
has only checked for local users with UIDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for 'SMB use host SID to enumerate
local users' setting, and then re-run the scan.
10914 - Microsoft Windows - Local Users Information : Never Changed Passwords
Synopsis
At least one local user has never changed his or her password.
Description
Using the supplied credentials, Nessus was able to list local users who have never changed their passwords.
Solution
Allow or require users to change their passwords regularly.
Risk Factor
None
References
XREF OSVDB:755
Plugin Information:
Published: 2002/03/17, Modified: 2017/01/26
Plugin Output

tcp/0


The following local user has never changed his/her password :

- Guest


Note that, in addition to the Administrator and Guest accounts, Nessus
has only checked for local users with UIDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for 'SMB use host SID to enumerate
local users' setting, and then re-run the scan.
10915 - Microsoft Windows - Local Users Information : User Has Never Logged In
Synopsis
At least one local user has never logged into his or her account.
Description
Using the supplied credentials, Nessus was able to list local users who have never logged into their accounts.
Solution
Delete accounts that are not needed.
Risk Factor
None
References
XREF OSVDB:754
Plugin Information:
Published: 2002/03/17, Modified: 2017/01/26
Plugin Output

tcp/0


The following local user has never logged in :

- Guest


Note that, in addition to the Administrator and Guest accounts, Nessus
has only checked for local users with UIDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for 'SMB use host SID to enumerate
local users' setting, and then re-run the scan.
10916 - Microsoft Windows - Local Users Information : Passwords Never Expire
Synopsis
At least one local user has a password that never expires.
Description
Using the supplied credentials, Nessus was able to list local users that are enabled and whose passwords never expire.
Solution
Allow or require users to change their passwords regularly.
Risk Factor
None
References
XREF OSVDB:755
Plugin Information:
Published: 2002/03/17, Modified: 2017/01/26
Plugin Output

tcp/0


The following local users have passwords that never expire :

- Administrator
- admin


Note that, in addition to the Administrator and Guest accounts, Nessus
has only checked for local users with UIDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for this plugin, then re-run the
scan.
11936 - OS Identification
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2003/12/09, Modified: 2017/08/29
Plugin Output

tcp/0


Remote operating system : Microsoft Windows 7 Ultimate Service Pack 1
Confidence level : 100
Method : SMB


The remote host is running Microsoft Windows 7 Ultimate Service Pack 1
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


192.168.1.53 resolves as win7x86-qa.
19506 - Nessus Scan Information
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- Whether credentialed or third-party patch management checks are possible.
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2005/08/26, Modified: 2017/10/26
Plugin Output

tcp/0

Information about this scan :

Nessus version : 7.0.0
Plugin feed version : 201712110615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 192.168.1.108
Port scanner(s) : wmi_netstat
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : yes, as '192.168.1.53\administrator' via SMB
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 30
Max checks : 4
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2017/12/11 10:56 Eastern Standard Time
Scan duration : 566 sec
24269 - Windows Management Instrumentation (WMI) Available
Synopsis
WMI queries can be made against the remote host.
Description
The supplied credentials can be used to make WMI (Windows Management Instrumentation) requests against the remote host over DCOM.

These requests can be used to gather information about the remote host, such as its current state, network interface configuration, etc.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/02/03, Modified: 2017/11/20
Plugin Output

tcp/0

24270 - Computer Manufacturer Information (WMI)
Synopsis
It is possible to obtain the name of the remote computer manufacturer.
Description
By making certain WMI queries, it is possible to obtain the model of the remote computer as well as the name of its manufacturer and its serial number.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/02/02, Modified: 2017/11/20
Plugin Output

tcp/0


Computer Manufacturer : Microsoft Corporation
Computer Model : Virtual Machine
Computer SerialNumber : 8028-2261-0543-0608-2636-0884-63
Computer Type : Desktop

Computer Physical CPU's : 1
Computer Logical CPU's : 1
CPU0
Architecture : x64
Physical Cores: 1
Logical Cores : 1

Computer Memory : 2047 MB
None
Form Factor: Unknown
Type : Other
Capacity : 2048 MB
24272 - Network Interfaces Enumeration (WMI)
Synopsis
Nessus was able to obtain the list of network interfaces on the remote host.
Description
Nessus was able, via WMI queries, to extract a list of network interfaces on the remote host and the IP addresses attached to them.
Note that this plugin only enumerates IPv6 addresses for systems running Windows Vista or later.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/02/03, Modified: 2017/12/04
Plugin Output

tcp/0

+ Network Interface Information :

- Network Interface = [00000007] Microsoft Hyper-V Network Adapter
- MAC Address = 00:15:5D:0F:C6:B5
- IPAddress/IPSubnet = 192.168.1.53/255.255.255.0
- IPAddress/IPSubnet = fe80::cd5c:f34c:3250:4242/64


+ Routing Information :

Destination Netmask Gateway
----------- ------- -------
0.0.0.0 0.0.0.0 192.168.1.1
127.0.0.0 255.0.0.0 0.0.0.0
127.0.0.1 255.255.255.255 0.0.0.0
127.255.255.255 255.255.255.255 0.0.0.0
192.168.1.0 255.255.255.0 0.0.0.0
192.168.1.53 255.255.255.255 0.0.0.0
192.168.1.255 255.255.255.255 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0
25220 - TCP/IP Timestamps Supported
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/05/16, Modified: 2011/03/20
Plugin Output

tcp/0

34096 - BIOS Version (WMI)
Synopsis
The BIOS version could be read.
Description
It is possible to get information about the BIOS vendor and its version via the host's WMI interface.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/05, Modified: 2017/11/20
Plugin Output

tcp/0


Vendor : American Megatrends Inc.
Version : 090006
Release date : 20120523000000.000000+000
UUID : 84BA6FB8-F524-4AFE-992B-8AA10C3621E0
34220 - Netstat Portscanner (WMI)
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/16, Modified: 2017/12/04
Plugin Output

tcp/0


Nessus was able to find 22 open ports.
35716 - Ethernet Card Manufacturer Detection
Synopsis
The manufacturer can be identified from the Ethernet OUI.
Description
Each ethernet MAC address starts with a 24-bit Organizationally Unique Identifier (OUI). These OUIs are registered by IEEE.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2009/02/19, Modified: 2017/11/17
Plugin Output

tcp/0


The following card manufacturers were identified :

00:15:5d:0f:c6:b5 : Microsoft Corporation
44871 - WMI Windows Feature Enumeration
Synopsis
It is possible to enumerate Windows features using WMI.
Description
Nessus was able to enumerate the server features of the remote host by querying the 'Win32_ServerFeature' class of the '\Root\cimv2' WMI namespace for Windows Server versions or the 'Win32_OptionalFeature' class of the '\Root\cimv2' WMI namespace for Windows Desktop versions.

Note that Features can only be enumerated for Windows 7 and later for desktop versions.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2010/02/24, Modified: 2017/11/20
Plugin Output

tcp/0


Nessus enumerated the following Windows features :

- Chess
- FaxServicesClientPackage
- FreeCell
- Hearts
- InboxGames
- Internet Backgammon
- Internet Checkers
- Internet Games
- Internet Spades
- Internet-Explorer-Optional-x86
- MSRDC-Infrastructure
- MediaCenter
- MediaPlayback
- Minesweeper
- More Games
- NetFx3
- OpticalMediaDisc
- Printing-Foundation-Features
- Printing-Foundation-InternetPrinting-Client
- Printing-XPSServices-Features
- PurblePlace
- SearchEngine-Client-Package
- Shanghai
- Solitaire
- SpiderSolitaire
- TabletPCOC
- WindowsGadgetPlatform
- WindowsMediaPlayer
- Xps-Foundation-Xps-Viewer
45050 - WMI Anti-spyware Enumeration
Synopsis
It is possible to obtain the list of anti-spyware software installed on the remote Windows host.
Description
By connecting to the remote Windows host with the supplied credentials, this plugin uses WMI to enumerate anti-spyware software installed on it.

Note that this plugin extracts this information from the 'root\securitycenter' and 'root\securitycenter2' WMI namespaces, which are only available in Windows desktop operating systems such as XP, Vista and Windows 7.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2010/03/12, Modified: 2017/11/20
Plugin Output

tcp/0


Here is the list of anti-spyware software registered under the
'root\SecurityCenter2' WMI namespace :

+ Windows Defender

- pathToSignedProductExe : %ProgramFiles%\Windows Defender\MSASCui.exe
- pathToSignedReportingExe : %SystemRoot%\System32\svchost.exe
- productState : 397568
45590 - Common Platform Enumeration (CPE)
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.

Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2010/04/21, Modified: 2017/06/06
Plugin Output

tcp/0


The remote operating system matched the following CPE :

cpe:/o:microsoft:windows_7::sp1:x86-ultimate

Following application CPE matched on the remote system :

cpe:/a:microsoft:ie:11.0.9600.18837
48337 - Windows ComputerSystemProduct Enumeration (WMI)
Synopsis
It is possible to obtain product information from the remote host using WMI.
Description
By querying the WMI class 'Win32_ComputerSystemProduct', it is possible to extract product information about the computer system such as UUID, IdentifyingNumber, vendor, etc.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2010/08/16, Modified: 2017/11/20
Plugin Output

tcp/0


+ Computer System Product
- IdentifyingNumber : 8028-2261-0543-0608-2636-0884-63
- Description : Computer System Product
- Vendor : Microsoft Corporation
- Name : Virtual Machine
- UUID : 84BA6FB8-F524-4AFE-992B-8AA10C3621E0
- Version : 7.0
51187 - WMI Encryptable Volume Enumeration
Synopsis
The remote Windows host has encryptable volumes available.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates encryptable volume information available on the remote host via WMI.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2010/12/15, Modified: 2017/11/20
Plugin Output

tcp/0


Here is a list of encryptable volumes available on the remote system :

+ DriveLetter C:

- DeviceID : \\?\Volume{11225e84-f551-11e6-a4bd-806e6f6e6963}\
- ProtectionStatus : OFF
52001 - WMI QuickFixEngineering (QFE) Enumeration
Synopsis
The remote Windows host has quick-fix engineering updates installed.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via WMI.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/02/16, Modified: 2017/11/20
Plugin Output

tcp/0


Here is a list of quick-fix engineering updates installed on the
remote system :

+ KB4021918
- Description : Update
- InstalledOn : 11/27/2017

+ KB2849697
- Description : Update
- InstalledOn : 2/21/2017

+ KB2849696
- Description : Update
- InstalledOn : 2/21/2017

+ KB2841134
- Description : Update
- InstalledOn : 2/21/2017

+ KB2670838
- Description : Update
- InstalledOn : 2/17/2017

+ KB2592687
- Description : Update
- InstalledOn : 2/17/2017

+ KB2479943
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2491683
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2502285
- Description : Update
- InstalledOn : 2/17/2017

+ KB2503665
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2506212
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2506928
- Description : Update
- InstalledOn : 2/17/2017

+ KB2509553
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2511455
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2515325
- Description : Update
- InstalledOn : 2/17/2017

+ KB2529073
- Description : Update
- InstalledOn : 2/17/2017

+ KB2532531
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2533552
- Description : Update
- InstalledOn : 2/17/2017

+ KB2534111
- Description : Hotfix
- InstalledOn : 2/17/2017

+ KB2536275
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2536276
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2541014
- Description : Update
- InstalledOn : 2/17/2017

+ KB2544893
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2545698
- Description : Update
- InstalledOn : 2/17/2017

+ KB2547666
- Description : Update
- InstalledOn : 2/17/2017

+ KB2552343
- Description : Update
- InstalledOn : 2/17/2017

+ KB2560656
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2563227
- Description : Update
- InstalledOn : 2/17/2017

+ KB2564958
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2570947
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2574819
- Description : Update
- InstalledOn : 2/17/2017

+ KB2579686
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2584146
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2585542
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2604115
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2618451
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2619339
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2620704
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2621440
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2631813
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2639308
- Description : Hotfix
- InstalledOn : 2/17/2017

+ KB2640148
- Description : Update
- InstalledOn : 2/17/2017

+ KB2644615
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2647753
- Description : Update
- InstalledOn : 2/17/2017

+ KB2653956
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2654428
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2655992
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2656356
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2656411
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2659262
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2660075
- Description : Update
- InstalledOn : 2/17/2017

+ KB2660649
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2661254
- Description : Update
- InstalledOn : 2/17/2017

+ KB2667402
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2676562
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2685811
- Description : Update
- InstalledOn : 2/17/2017

+ KB2685813
- Description : Update
- InstalledOn : 2/17/2017

+ KB2685939
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2690533
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2691442
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2698365
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2699779
- Description : Update
- InstalledOn : 2/17/2017

+ KB2705219
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2709630
- Description : Update
- InstalledOn : 2/17/2017

+ KB2709981
- Description : Update
- InstalledOn : 2/17/2017

+ KB2712808
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2718704
- Description : Update
- InstalledOn : 2/17/2017

+ KB2719857
- Description : Update
- InstalledOn : 2/17/2017

+ KB2719985
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2726535
- Description : Update
- InstalledOn : 2/17/2017

+ KB2727528
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2729094
- Description : Update
- InstalledOn : 2/17/2017

+ KB2729452
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2732059
- Description : Update
- InstalledOn : 2/17/2017

+ KB2732487
- Description : Update
- InstalledOn : 2/17/2017

+ KB2732500
- Description : Update
- InstalledOn : 2/17/2017

+ KB2736233
- Description : Update
- InstalledOn : 2/17/2017

+ KB2736422
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2739159
- Description : Update
- InstalledOn : 2/17/2017

+ KB2742599
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2743555
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2749655
- Description : Update
- InstalledOn : 2/17/2017

+ KB2750841
- Description : Update
- InstalledOn : 2/17/2017

+ KB2753842
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2756921
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2757638
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2761217
- Description : Update
- InstalledOn : 2/17/2017

+ KB2763523
- Description : Update
- InstalledOn : 2/17/2017

+ KB2769369
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2770660
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2773072
- Description : Update
- InstalledOn : 2/17/2017

+ KB2779562
- Description : Update
- InstalledOn : 2/17/2017

+ KB2785220
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2786081
- Description : Update
- InstalledOn : 2/17/2017

+ KB2786400
- Description : Update
- InstalledOn : 2/17/2017

+ KB2789645
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2790113
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2790655
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2791765
- Description : Update
- InstalledOn : 2/17/2017

+ KB2798162
- Description : Update
- InstalledOn : 2/19/2017

+ KB2799926
- Description : Update
- InstalledOn : 2/17/2017

+ KB2807986
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2808735
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2813170
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2813347
- Description : Security Update
- InstalledOn : 2/17/2017

+ KB2813430
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2834140
- Description : Update
- InstalledOn : 2/17/2017

+ KB2836942
- Description : Update
- InstalledOn : 2/19/2017

+ KB2836943
- Description : Update
- InstalledOn : 2/19/2017

+ KB2840149
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2840631
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2847927
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2861698
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2862152
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2862330
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2862335
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2864202
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2868038
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2868116
- Description : Update
- InstalledOn : 2/19/2017

+ KB2871997
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2882822
- Description : Update
- InstalledOn : 2/17/2017

+ KB2884256
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2888049
- Description : Update
- InstalledOn : 2/17/2017

+ KB2892074
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2893294
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2894844
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2900986
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2911501
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2912390
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2929733
- Description : Update
- InstalledOn : 2/19/2017

+ KB2931356
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2937610
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2943357
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2957189
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2965788
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2968294
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2972100
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2972211
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2973112
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2973201
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2973351
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2977292
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2978120
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2978742
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2984972
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2984976
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2987107
- Description : Security Update
- InstalledOn : 5/11/2017

+ KB2991963
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB2992611
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3000483
- Description : Security Update
- InstalledOn : 2/21/2017

+ KB3003057
- Description : Security Update
- InstalledOn : 5/10/2017

+ KB3003743
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3004361
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3004375
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3008923
- Description : Security Update
- InstalledOn : 5/7/2017

+ KB3010788
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3011780
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3020387
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3021674
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3022777
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3023215
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3030377
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3031432
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3035126
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3035132
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3037574
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3042058
- Description : Security Update
- InstalledOn : 2/21/2017

+ KB3042553
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3045685
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3046017
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3046269
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3055642
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3059317
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3060716
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3061518
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3067903
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3071756
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3072305
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3072630
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3074543
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3075222
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3076895
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3078601
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3080446
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3084135
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3086255
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3092601
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3093513
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3097989
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3101722
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3108371
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3108381
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3108664
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3108670
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3109103
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3109560
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3110329
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3115858
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3122648
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3123479
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3126446
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3126587
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3127220
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3135983
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3138612
- Description : Update
- InstalledOn : 2/19/2017

+ KB3138910
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3139398
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3139914
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3142024
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3146706
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3146963
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3149090
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3150220
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3155178
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3156016
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3156017
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3156019
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3159398
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3161561
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3161949
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3161958
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3163245
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3170455
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3172605
- Description : Update
- InstalledOn : 2/21/2017

+ KB3177186
- Description : Security Update
- InstalledOn : 2/19/2017

+ KB3177467
- Description : Update
- InstalledOn : 2/20/2017

+ KB3210131
- Description : Update
- InstalledOn : 2/19/2017

+ KB4014504
- Description : Update
- InstalledOn : 5/10/2017

+ KB4014565
- Description : Update
- InstalledOn : 5/3/2017

+ KB4019990
- Description : Update
- InstalledOn : 9/13/2017

+ KB4040980
- Description : Update
- InstalledOn : 9/13/2017

+ KB976902
- Description : Update
- InstalledOn : 11/20/2010

+ KB982018
- Description : Update
- InstalledOn : 2/17/2017

+ KB4048957
- Description : Security Update
- InstalledOn : 11/15/2017

Note that for detailed information on installed QFE's such as InstalledBy, Caption,
and so on, please run the scan with 'Report Verbosity' set to 'verbose'.
54615 - Device Type
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/05/23, Modified: 2011/05/23
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 100
55472 - Device Hostname
Synopsis
It was possible to determine the remote system hostname.
Description
This plugin reports a device's hostname collected via SSH or WMI.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/06/30, Modified: 2017/12/04
Plugin Output

tcp/0


Hostname : WIN7X86-QA
WIN7X86-QA (WMI)
56310 - Firewall Rule Enumeration
Synopsis
A firewall is configured on the remote host.
Description
Using the supplied credentials, Nessus was able to get a list of firewall rules from the remote host.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/09/28, Modified: 2015/06/02
Plugin Output

tcp/0

report output too big - ending list here

56468 - Time of Last System Startup
Synopsis
The system has been started.
Description
Using the supplied credentials, Nessus was able to determine when the host was last started.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/10/12, Modified: 2015/08/21
Plugin Output

tcp/0


20171127115048.108375-300
58651 - Netstat Active Connections
Synopsis
Active connections are enumerated via the 'netstat' command.
Description
This plugin runs 'netstat' on the remote machine to enumerate all active 'ESTABLISHED' or 'LISTENING' tcp/udp connections.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2012/04/10, Modified: 2015/06/02
Plugin Output

tcp/0


Netstat output :

Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 780
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 1232
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING 488
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING 876
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING 968
TCP 0.0.0.0:49172 0.0.0.0:0 LISTENING 584
TCP 0.0.0.0:49177 0.0.0.0:0 LISTENING 1124
TCP 0.0.0.0:49180 0.0.0.0:0 LISTENING 592
TCP 127.0.0.1:57425 127.0.0.1:57426 ESTABLISHED 2180
TCP 127.0.0.1:57426 127.0.0.1:57425 ESTABLISHED 2180
TCP 192.168.1.53:135 192.168.1.108:56941 ESTABLISHED 780
TCP 192.168.1.53:139 0.0.0.0:0 LISTENING 4
TCP 192.168.1.53:445 192.168.1.108:56937 ESTABLISHED 4
TCP 192.168.1.53:49154 192.168.1.108:56947 ESTABLISHED 968
TCP [::]:135 [::]:0 LISTENING 780
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:3389 [::]:0 LISTENING 1232
TCP [::]:5357 [::]:0 LISTENING 4
TCP [::]:49152 [::]:0 LISTENING 488
TCP [::]:49153 [::]:0 LISTENING 876
TCP [::]:49154 [::]:0 LISTENING 968
TCP [::]:49172 [::]:0 LISTENING 584
TCP [::]:49177 [::]:0 LISTENING 1124
TCP [::]:49180 [::]:0 LISTENING 592
UDP 0.0.0.0:123 *:* 944
UDP 0.0.0.0:500 *:* 968
UDP 0.0.0.0:3702 *:* 1632
UDP 0.0.0.0:3702 *:* 1632
UDP 0.0.0.0:4500 *:* 968
UDP 0.0.0.0:5355 *:* 1232
UDP 0.0.0.0:49848 *:* 1632
UDP 127.0.0.1:1900 *:* 1632
UDP 127.0.0.1:49847 *:* 1496
UDP 127.0.0.1:53536 *:* 1064
UDP 127.0.0.1:54803 *:* 592
UDP 127.0.0.1:59620 *:* 1232
UDP 127.0.0.1:64209 *:* 1632
UDP 192.168.1.53:137 *:* 4
UDP 192.168.1.53:138 *:* 4
UDP 192.168.1.53:1900 *:* 1632
UDP 192.168.1.53:64208 *:* 1632
UDP [::]:123 *:* 944
UDP [::]:500 *:* 968
UDP [::]:3702 *:* 1632
UDP [::]:3702 *:* 1632
UDP [::]:4500 *:* 968
UDP [::]:5355 *:* 1232
UDP [::]:49849 *:* 1632
UDP [::1]:1900 *:* 1632
UDP [::1]:64207 *:* 1632
UDP [fe80::cd5c:f34c:3250:4242%11]:1900 *:* 1632
UDP [fe80::cd5c:f34c:3250:4242%11]:64206 *:* 1632
62042 - SMB QuickFixEngineering (QFE) Enumeration
Synopsis
The remote host has quick-fix engineering updates installed.
Description
By connecting to the host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via the registry.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2012/09/11, Modified: 2013/03/28
Plugin Output

tcp/0


Here is a list of quick-fix engineering updates installed on the
remote system :

KB2479943, Installed on: 2017/02/17
KB2491683, Installed on: 2017/02/17
KB2502285, Installed on: 2017/02/17
KB2503665, Installed on: 2017/02/17
KB2506212, Installed on: 2017/02/17
KB2506928, Installed on: 2017/02/17
KB2509553, Installed on: 2017/02/17
KB2511455, Installed on: 2017/02/17
KB2515325, Installed on: 2017/02/17
KB2529073, Installed on: 2017/02/17
KB2532531, Installed on: 2017/02/17
KB2533552, Installed on: 2017/02/17
KB2534111, Installed on: 2017/02/17
KB2536275, Installed on: 2017/02/17
KB2536276, Installed on: 2017/02/17
KB2541014, Installed on: 2017/02/17
KB2544893, Installed on: 2017/02/17
KB2545698, Installed on: 2017/02/17
KB2547666, Installed on: 2017/02/17
KB2552343, Installed on: 2017/02/17
KB2560656, Installed on: 2017/02/17
KB2563227, Installed on: 2017/02/17
KB2564958, Installed on: 2017/02/17
KB2570947, Installed on: 2017/02/17
KB2574819, Installed on: 2017/02/17
KB2579686, Installed on: 2017/02/17
KB2584146, Installed on: 2017/02/17
KB2585542, Installed on: 2017/02/17
KB2604115, Installed on: 2017/02/17
KB2618451, Installed on: 2017/02/17
KB2619339, Installed on: 2017/02/17
KB2620704, Installed on: 2017/02/17
KB2621440, Installed on: 2017/02/17
KB2631813, Installed on: 2017/02/17
KB2639308, Installed on: 2017/02/17
KB2640148, Installed on: 2017/02/17
KB2644615, Installed on: 2017/02/17
KB2647753, Installed on: 2017/02/17
KB2653956, Installed on: 2017/02/17
KB2654428, Installed on: 2017/02/17
KB2655992, Installed on: 2017/02/17
KB2656356, Installed on: 2017/02/17
KB2656411, Installed on: 2017/02/17
KB2659262, Installed on: 2017/02/17
KB2660075, Installed on: 2017/02/17
KB2660649, Installed on: 2017/02/17
KB2661254, Installed on: 2017/02/17
KB2667402, Installed on: 2017/02/17
KB2676562, Installed on: 2017/02/17
KB2685811, Installed on: 2017/02/17
KB2685813, Installed on: 2017/02/17
KB2685939, Installed on: 2017/02/17
KB2690533, Installed on: 2017/02/17
KB2691442, Installed on: 2017/02/17
KB2698365, Installed on: 2017/02/17
KB2699779, Installed on: 2017/02/17
KB2705219, Installed on: 2017/02/17
KB2709630, Installed on: 2017/02/17
KB2709981, Installed on: 2017/02/17
KB2712808, Installed on: 2017/02/17
KB2718704, Installed on: 2017/02/17
KB2719857, Installed on: 2017/02/17
KB2719985, Installed on: 2017/02/17
KB2726535, Installed on: 2017/02/17
KB2727528, Installed on: 2017/02/17
KB2729094, Installed on: 2017/02/17
KB2729452, Installed on: 2017/02/17
KB2732059, Installed on: 2017/02/17
KB2732487, Installed on: 2017/02/17
KB2732500, Installed on: 2017/02/17
KB2736233, Installed on: 2017/02/17
KB2736422, Installed on: 2017/02/17
KB2739159, Installed on: 2017/02/17
KB2742599, Installed on: 2017/02/17
KB2743555, Installed on: 2017/02/17
KB2749655, Installed on: 2017/02/17
KB2750841, Installed on: 2017/02/17
KB2753842, Installed on: 2017/02/17
KB2756921, Installed on: 2017/02/17
KB2757638, Installed on: 2017/02/17
KB2761217, Installed on: 2017/02/17
KB2763523, Installed on: 2017/02/17
KB2769369, Installed on: 2017/02/17
KB2770660, Installed on: 2017/02/17
KB2773072, Installed on: 2017/02/17
KB2779562, Installed on: 2017/02/17
KB2785220, Installed on: 2017/02/17
KB2786081, Installed on: 2017/02/17
KB2786400, Installed on: 2017/02/17
KB2789645, Installed on: 2017/02/17
KB2790113, Installed on: 2017/02/17
KB2790655, Installed on: 2017/02/17
KB2791765, Installed on: 2017/02/17
KB2798162, Installed on: 2017/02/19
KB2799926, Installed on: 2017/02/17
KB2807986, Installed on: 2017/02/17
KB2808735, Installed on: 2017/02/17
KB2813170, Installed on: 2017/02/17
KB2813347, Installed on: 2017/02/17
KB2813430, Installed on: 2017/02/19
KB2817183, Installed on: 2017/02/17
KB2834140, Installed on: 2017/02/17
KB2836942, Installed on: 2017/02/19
KB2836943, Installed on: 2017/02/19
KB2840149, Installed on: 2017/02/19
KB2840631, Installed on: 2017/02/19
KB2847927, Installed on: 2017/02/19
KB2861698, Installed on: 2017/02/19
KB2862152, Installed on: 2017/02/19
KB2862330, Installed on: 2017/02/19
KB2862335, Installed on: 2017/02/19
KB2864202, Installed on: 2017/02/19
KB2868038, Installed on: 2017/02/19
KB2868116, Installed on: 2017/02/19
KB2871997, Installed on: 2017/02/19
KB2882822, Installed on: 2017/02/17
KB2884256, Installed on: 2017/02/19
KB2888049, Installed on: 2017/02/17
KB2892074, Installed on: 2017/02/19
KB2893294, Installed on: 2017/02/19
KB2894844, Installed on: 2017/02/19
KB2900986, Installed on: 2017/02/19
KB2911501, Installed on: 2017/02/19
KB2912390, Installed on: 2017/02/19
KB2929733, Installed on: 2017/02/19
KB2931356, Installed on: 2017/02/19
KB2937610, Installed on: 2017/02/19
KB2943357, Installed on: 2017/02/19
KB2957189, Installed on: 2017/02/19
KB2965788, Installed on: 2017/02/19
KB2968294, Installed on: 2017/02/19
KB2972100, Installed on: 2017/02/19
KB2972211, Installed on: 2017/02/19
KB2973112, Installed on: 2017/02/19
KB2973201, Installed on: 2017/02/19
KB2973351, Installed on: 2017/02/19
KB2977292, Installed on: 2017/02/19
KB2978120, Installed on: 2017/02/19
KB2978742, Installed on: 2017/02/19
KB2984972, Installed on: 2017/02/19
KB2984976, Installed on: 2017/02/19
KB2987107, Installed on: 2017/05/11
KB2991963, Installed on: 2017/02/19
KB2992611, Installed on: 2017/02/19
KB3000483, Installed on: 2017/02/21
KB3003057, Installed on: 2017/05/10
KB3003743, Installed on: 2017/02/19
KB3004361, Installed on: 2017/02/19
KB3004375, Installed on: 2017/02/19
KB3008923, Installed on: 2017/05/07
KB3010788, Installed on: 2017/02/19
KB3011780, Installed on: 2017/02/19
KB3020387, Installed on: 2017/02/19
KB3021674, Installed on: 2017/02/19
KB3022777, Installed on: 2017/02/19
KB3023215, Installed on: 2017/02/19
KB3030377, Installed on: 2017/02/19
KB3031432, Installed on: 2017/02/19
KB3035126, Installed on: 2017/02/19
KB3035132, Installed on: 2017/02/19
KB3037574, Installed on: 2017/02/19
KB3042058, Installed on: 2017/02/21
KB3042553, Installed on: 2017/02/19
KB3045685, Installed on: 2017/02/19
KB3046017, Installed on: 2017/02/19
KB3046269, Installed on: 2017/02/19
KB3055642, Installed on: 2017/02/19
KB3059317, Installed on: 2017/02/19
KB3060716, Installed on: 2017/02/19
KB3061518, Installed on: 2017/02/19
KB3067903, Installed on: 2017/02/19
KB3071756, Installed on: 2017/02/19
KB3072305, Installed on: 2017/02/19
KB3072630, Installed on: 2017/02/19
KB3074543, Installed on: 2017/02/19
KB3075222, Installed on: 2017/02/19
KB3076895, Installed on: 2017/02/19
KB3078601, Installed on: 2017/02/19
KB3080446, Installed on: 2017/02/19
KB3084135, Installed on: 2017/02/19
KB3086255, Installed on: 2017/02/19
KB3092601, Installed on: 2017/02/19
KB3093513, Installed on: 2017/02/19
KB3097989, Installed on: 2017/02/19
KB3101722, Installed on: 2017/02/19
KB3108371, Installed on: 2017/02/19
KB3108381, Installed on: 2017/02/19
KB3108664, Installed on: 2017/02/19
KB3108670, Installed on: 2017/02/19
KB3109103, Installed on: 2017/02/19
KB3109560, Installed on: 2017/02/19
KB3110329, Installed on: 2017/02/19
KB3115858, Installed on: 2017/02/19
KB3122648, Installed on: 2017/02/19
KB3123479, Installed on: 2017/02/19
KB3124275, Installed on: 2017/02/19
KB3126446, Installed on: 2017/02/19
KB3126587, Installed on: 2017/02/19
KB3127220, Installed on: 2017/02/19
KB3135983, Installed on: 2017/02/19
KB3138612, Installed on: 2017/02/19
KB3138910, Installed on: 2017/02/19
KB3139398, Installed on: 2017/02/19
KB3139914, Installed on: 2017/02/19
KB3142024, Installed on: 2017/02/19
KB3146706, Installed on: 2017/02/19
KB3146963, Installed on: 2017/02/19
KB3149090, Installed on: 2017/02/19
KB3150220, Installed on: 2017/02/19
KB3155178, Installed on: 2017/02/19
KB3156016, Installed on: 2017/02/19
KB3156017, Installed on: 2017/02/19
KB3156019, Installed on: 2017/02/19
KB3159398, Installed on: 2017/02/19
KB3161561, Installed on: 2017/02/19
KB3161949, Installed on: 2017/02/19
KB3161958, Installed on: 2017/02/19
KB3163245, Installed on: 2017/02/19
KB3170455, Installed on: 2017/02/19
KB3172605, Installed on: 2017/02/21
KB3177186, Installed on: 2017/02/19
KB3177467, Installed on: 2017/02/20
KB3210131, Installed on: 2017/02/19
KB3212646, Installed on: 2017/02/19
KB4012215, Installed on: 2017/05/02
KB4014504, Installed on: 2017/05/10
KB4014565, Installed on: 2017/05/03
KB4015549, Installed on: 2017/05/03
KB4019264, Installed on: 2017/05/10
KB4019990, Installed on: 2017/09/13
KB4022719, Installed on: 2017/06/14
KB4025341, Installed on: 2017/07/12
KB4034664, Installed on: 2017/08/09
KB4038777, Installed on: 2017/09/13
KB4040980, Installed on: 2017/09/13
KB4041681, Installed on: 2017/10/11
KB4048957, Installed on: 2017/11/15
KB976902, Installed on: 2010/11/20
KB976932, Installed on: 2010/11/20
KB976933, Installed on: 2010/11/20
KB982018, Installed on: 2017/02/17
64582 - Netstat Connection Information
Synopsis
Nessus was able to parse the results of the 'netstat' command on the remote host.
Description
The remote host has listening ports or established connections that Nessus was able to extract from the results of the 'netstat' command.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2013/02/13, Modified: 2016/08/05
Plugin Output

tcp/0

tcp4 (listen)
src: [host=0.0.0.0, port=135]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=445]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=3389]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=5357]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49152]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49153]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49154]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49172]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49177]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49180]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=127.0.0.1, port=57425]
dst: [host=127.0.0.1, port=57426]

tcp4 (established)
src: [host=127.0.0.1, port=57426]
dst: [host=127.0.0.1, port=57425]

tcp4 (established)
src: [host=192.168.1.53, port=135]
dst: [host=192.168.1.108, port=56941]

tcp4 (listen)
src: [host=192.168.1.53, port=139]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=192.168.1.53, port=445]
dst: [host=192.168.1.108, port=56937]

tcp4 (established)
src: [host=192.168.1.53, port=49154]
dst: [host=192.168.1.108, port=56947]

tcp6 (listen)
src: [host=[::], port=135]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=445]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=3389]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=5357]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49152]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49153]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49154]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49172]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49177]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49180]
dst: [host=[::], port=0]

udp4 (listen)
src: [host=0.0.0.0, port=123]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=500]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=3702]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=3702]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=4500]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=5355]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=49848]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=1900]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=49847]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=53536]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=54803]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=59620]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=64209]
dst: [host=*, port=*]

udp4 (listen)
src: [host=192.168.1.53, port=137]
dst: [host=*, port=*]

udp4 (listen)
src: [host=192.168.1.53, port=138]
dst: [host=*, port=*]

udp4 (listen)
src: [host=192.168.1.53, port=1900]
dst: [host=*, port=*]

udp4 (listen)
src: [host=192.168.1.53, port=64208]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=123]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=500]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=3702]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=3702]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=4500]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=5355]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=49849]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::1], port=1900]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::1], port=64207]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[fe80::cd5c:f34c:3250:4242%11], port=1900]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[fe80::cd5c:f34c:3250:4242%11], port=64206]
dst: [host=*, port=*]
66334 - Patch Report
Synopsis
The remote host is missing several patches.
Description
The remote host is missing one or more security patches. This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date.
Solution
Install the patches listed below.
Risk Factor
None
Plugin Information:
Published: 2013/07/08, Modified: 2017/11/20
Plugin Output

tcp/0

. Microsoft Operating System Patches :
+ To patch the remote system, you need to install the following Microsoft patches :
- KB3125869


. You need to take the following action :
[ MS KB3074162: Vulnerability in Microsoft Malicious Software Removal Tool Could Allow Elevation of Privilege (84742) ]

+ Action to take : Enable automatic updates to update the scan engine for the relevant antimalware applications. Refer to KB2510781 for information on how to verify MMPE (and the associated MSRT) has been updated.

70329 - Microsoft Windows Process Information
Synopsis
Use WMI to obtain running process information.
Description
Report details on the running processes on the machine.

This plugin is informative only and could be used for forensic investigation, malware detection, and to confirm that your system processes conform to your system policies.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2013/10/08, Modified: 2017/11/20
Plugin Output

tcp/0

Process Overview :
SID: Process (PID)
0 : System Idle Process (0)
0 : |- System (4)
0 : |- smss.exe (352)
0 : csrss.exe (440)
0 : wininit.exe (488)
0 : |- services.exe (584)
0 : |- svchost.exe (1064)
0 : |- svchost.exe (1124)
0 : |- svchost.exe (1232)
0 : |- spoolsv.exe (1356)
0 : |- svchost.exe (1384)
0 : |- svchost.exe (1496)
0 : |- svchost.exe (1604)
0 : |- svchost.exe (1632)
0 : |- svchost.exe (1704)
0 : |- nessus-service.exe (1756)
0 : |- nessusd.exe (2180)
0 : |- sppsvc.exe (2108)
0 : |- svchost.exe (2460)
0 : |- svchost.exe (2668)
0 : |- TrustedInstaller.exe (2792)
0 : |- SearchIndexer.exe (2984)
0 : |- SearchProtocolHost.exe (1700)
0 : |- SearchFilterHost.exe (2736)
0 : |- VSSVC.exe (436)
0 : |- svchost.exe (712)
0 : |- WmiPrvSE.exe (328)
0 : |- WmiPrvSE.exe (3852)
0 : |- svchost.exe (780)
0 : |- svchost.exe (876)
0 : |- svchost.exe (920)
0 : |- svchost.exe (944)
0 : |- svchost.exe (968)
0 : |- lsass.exe (592)
0 : |- lsm.exe (600)
1 : csrss.exe (496)
1 : winlogon.exe (536)
1 : |- LogonUI.exe (864)
70331 - Microsoft Windows Process Module Information
Synopsis
Use WMI to obtain running process module information.
Description
Report details on the running processes modules on the machine.

This plugin is informative only and could be used for forensic investigation, malware detection, and to that confirm your system processes conform to your system policies.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2013/10/08, Modified: 2017/11/20
Plugin Output

tcp/0

Process_Modules_.csv : lists the loaded modules for each process.
71246 - Enumerate Local Group Memberships
Synopsis
Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members.
Description
Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2013/12/06, Modified: 2017/11/20
Plugin Output

tcp/0

Group Name : Administrators
Host Name : WIN7X86-QA
Group SID : S-1-5-32-544
Members :
Name : Administrator
Domain : WIN7X86-QA
Class : Win32_UserAccount
SID : S-1-5-21-4182139038-1214104826-1956019936-500
Name : admin
Domain : win7x86-qa
Class : Win32_UserAccount
SID : S-1-5-21-4182139038-1214104826-1956019936-1000
Name : Domain Admins
Domain : localhost
Class : Win32_Group
SID :

Group Name : Backup Operators
Host Name : WIN7X86-QA
Group SID : S-1-5-32-551
Members :

Group Name : Cryptographic Operators
Host Name : WIN7X86-QA
Group SID : S-1-5-32-569
Members :

Group Name : Distributed COM Users
Host Name : WIN7X86-QA
Group SID : S-1-5-32-562
Members :

Group Name : Event Log Readers
Host Name : WIN7X86-QA
Group SID : S-1-5-32-573
Members :

Group Name : Guests
Host Name : WIN7X86-QA
Group SID : S-1-5-32-546
Members :
Name : Guest
Domain : win7x86-qa
Class : Win32_UserAccount
SID : S-1-5-21-4182139038-1214104826-1956019936-501

Group Name : IIS_IUSRS
Host Name : WIN7X86-QA
Group SID : S-1-5-32-568
Members :
Name : IUSR
Domain : WIN7X86-QA
Class : Win32_SystemAccount
SID : S-1-5-17

Group Name : Network Configuration Operators
Host Name : WIN7X86-QA
Group SID : S-1-5-32-556
Members :

Group Name : Performance Log Users
Host Name : WIN7X86-QA
Group SID : S-1-5-32-559
Members :

Group Name : Performance Monitor Users
Host Name : WIN7X86-QA
Group SID : S-1-5-32-558
Members :

Group Name : Power Users
Host Name : WIN7X86-QA
Group SID : S-1-5-32-547
Members :

Group Name : Remote Desktop Users
Host Name : WIN7X86-QA
Group SID : S-1-5-32-555
Members :

Group Name : Replicator
Host Name : WIN7X86-QA
Group SID : S-1-5-32-552
Members :

Group Name : Users
Host Name : WIN7X86-QA
Group SID : S-1-5-32-545
Members :
Name : INTERACTIVE
Domain : WIN7X86-QA
Class : Win32_SystemAccount
SID : S-1-5-4
Name : Authenticated Users
Domain : WIN7X86-QA
Class : Win32_SystemAccount
SID : S-1-5-11
Name : Domain Users
Domain : localhost
Class : Win32_Group
SID :
72482 - Windows Display Driver Enumeration
Synopsis
Nessus was able to enumerate one or more of the display drivers on the remote host.
Description
Nessus was able to enumerate one or more of the display drivers on the remote host via WMI.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2014/02/06, Modified: 2017/11/20
Plugin Output

tcp/0


Device Name : Microsoft Hyper-V Video
Driver File Version : 6.3.9600.18692
Driver Date : 06/21/2006
72684 - Enumerate Local Users
Synopsis
Nessus was able to connect to a host via SMB to retrieve a list of local users.
Description
Nessus was able to connect to a host via SMB to retrieve a list of local users.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2014/02/25, Modified: 2017/11/20
Plugin Output

tcp/0


Name : admin
SID : S-1-5-21-4182139038-1214104826-1956019936-1000
Disabled : False
Lockout : False
Change password : True

Name : Administrator
SID : S-1-5-21-4182139038-1214104826-1956019936-500
Disabled : False
Lockout : False
Change password : True

Name : Guest
SID : S-1-5-21-4182139038-1214104826-1956019936-501
Disabled : True
Lockout : False
Change password : False
77668 - Windows Prefetch Folder
Synopsis
Nessus was able to retrieve the Windows prefetch folder file list.
Description
Nessus was able to retrieve and display the contents of the Windows prefetch folder (%systemroot%\prefetch\*). This information shows programs that have run with the prefetch and superfetch mechanisms enabled.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2014/09/12, Modified: 2014/09/12
Plugin Output

tcp/0

+ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters
rootdirpath :
enableprefetcher : 3

+ Prefetch file list :
- \Windows\prefetch\AUDIODG.EXE-BDFD3029.pf
- \Windows\prefetch\AUDITPOL.EXE-FE8D42C2.pf
- \Windows\prefetch\BCDEDIT.EXE-10FC5AAB.pf
- \Windows\prefetch\CHCP.COM-61043047.pf
- \Windows\prefetch\CHOICE.EXE-93CD6527.pf
- \Windows\prefetch\CMD.EXE-4A81B364.pf
- \Windows\prefetch\CONHOST.EXE-1F3E9D7E.pf
- \Windows\prefetch\CSC.EXE-A3B8D95D.pf
- \Windows\prefetch\CSRSS.EXE-3FE41F7E.pf
- \Windows\prefetch\CVTRES.EXE-069169FB.pf
- \Windows\prefetch\DEFRAG.EXE-588F90AD.pf
- \Windows\prefetch\DISM.EXE-DE199F71.pf
- \Windows\prefetch\DISMHOST.EXE-4FE816B0.pf
- \Windows\prefetch\DLLHOST.EXE-5E46FA0D.pf
- \Windows\prefetch\DLLHOST.EXE-766398D2.pf
- \Windows\prefetch\DLLHOST.EXE-A8DE6D5B.pf
- \Windows\prefetch\DRVINST.EXE-4CB4314A.pf
- \Windows\prefetch\DWM.EXE-6FFD3DA8.pf
- \Windows\prefetch\EXPLORER.EXE-A80E4F97.pf
- \Windows\prefetch\GUP.EXE-C5623F04.pf
- \Windows\prefetch\ICACLS.EXE-E79D2D93.pf
- \Windows\prefetch\IPCONFIG.EXE-912F3D5B.pf
- \Windows\prefetch\LOGONUI.EXE-09140401.pf
- \Windows\prefetch\MAKECAB.EXE-0F1704A4.pf
- \Windows\prefetch\MPAS-D.EXE-40FE95BA.pf
- \Windows\prefetch\MPAS-FE_BD.EXE-BB62FD5E.pf
- \Windows\prefetch\MPCMDRUN.EXE-F401FBB4.pf
- \Windows\prefetch\MPSIGSTUB.EXE-01703BC1.pf
- \Windows\prefetch\MPSIGSTUB.EXE-21E467EC.pf
- \Windows\prefetch\MPSIGSTUB.EXE-24C462AD.pf
- \Windows\prefetch\MPSIGSTUB.EXE-402F3826.pf
- \Windows\prefetch\MPSIGSTUB.EXE-4362AFB5.pf
- \Windows\prefetch\MPSIGSTUB.EXE-51DEAD7C.pf
- \Windows\prefetch\MPSIGSTUB.EXE-59EBAD7F.pf
- \Windows\prefetch\MPSIGSTUB.EXE-5F00DD67.pf
- \Windows\prefetch\MPSIGSTUB.EXE-5FC490CB.pf
- \Windows\prefetch\MPSIGSTUB.EXE-6473B838.pf
- \Windows\prefetch\MPSIGSTUB.EXE-6715AD60.pf
- \Windows\prefetch\MPSIGSTUB.EXE-6CAA5D57.pf
- \Windows\prefetch\MPSIGSTUB.EXE-6F0B6CEA.pf
- \Windows\prefetch\MPSIGSTUB.EXE-72B5F2AE.pf
- \Windows\prefetch\MPSIGSTUB.EXE-77ED1425.pf
- \Windows\prefetch\MPSIGSTUB.EXE-8FB1271B.pf
- \Windows\prefetch\MPSIGSTUB.EXE-8FC451D2.pf
- \Windows\prefetch\MPSIGSTUB.EXE-90BC3ED0.pf
- \Windows\prefetch\MPSIGSTUB.EXE-92C91929.pf
- \Windows\prefetch\MPSIGSTUB.EXE-93EC5969.pf
- \Windows\prefetch\MPSIGSTUB.EXE-975F366B.pf
- \Windows\prefetch\MPSIGSTUB.EXE-9E7694F1.pf
- \Windows\prefetch\MPSIGSTUB.EXE-A22F4095.pf
- \Windows\prefetch\MPSIGSTUB.EXE-A84CA2B4.pf
- \Windows\prefetch\MPSIGSTUB.EXE-AFC37B1B.pf
- \Windows\prefetch\MPSIGSTUB.EXE-B570B12F.pf
- \Windows\prefetch\MPSIGSTUB.EXE-C4527047.pf
- \Windows\prefetch\MPSIGSTUB.EXE-CF3D0C4C.pf
- \Windows\prefetch\MPSIGSTUB.EXE-DC04AD60.pf
- \Windows\prefetch\MPSIGSTUB.EXE-E8C86066.pf
- \Windows\prefetch\MPSIGSTUB.EXE-FBC4D6F4.pf
- \Windows\prefetch\MSCORSVW.EXE-C3C515BD.pf
- \Windows\prefetch\MSIEXEC.EXE-A2D55CB6.pf
- \Windows\prefetch\MTAIL.EXE-3B813D46.pf
- \Windows\prefetch\NESSUS-SERVICE.EXE-D7C8D3D4.pf
- \Windows\prefetch\NESSUSCLI.EXE-83134BDE.pf
- \Windows\prefetch\NESSUSD.EXE-8D38B2AA.pf
- \Windows\prefetch\NET.EXE-DF44F913.pf
- \Windows\prefetch\NET1.EXE-849DA590.pf
- \Windows\prefetch\NETCFG.EXE-F61A0ADB.pf
- \Windows\prefetch\NETSH.EXE-F1B6DA12.pf
- \Windows\prefetch\NETSTAT.EXE-5A5A908F.pf
- \Windows\prefetch\NOTEPAD++.EXE-72A5A810.pf
- \Windows\prefetch\NTOSBOOT-B00DFAAD.pf
- \Windows\prefetch\PING.EXE-7E94E73E.pf
- \Windows\prefetch\PKGMGR.EXE-445DBEF0.pf
- \Windows\prefetch\POQEXEC.EXE-69592829.pf
- \Windows\prefetch\POWERSHELL.EXE-920BBA2A.pf
- \Windows\prefetch\PSEXESVC.EXE-7F956DAF.pf
- \Windows\prefetch\RDPCLIP.EXE-9067FA0E.pf
- \Windows\prefetch\REGSVR32.EXE-8461DBEE.pf
- \Windows\prefetch\RUNDLL32.EXE-230FC512.pf
- \Windows\prefetch\RUNDLL32.EXE-411A328D.pf
- \Windows\prefetch\RUNDLL32.EXE-B49E1152.pf
- \Windows\prefetch\SC.EXE-945D79AE.pf
- \Windows\prefetch\SCHTASKS.EXE-5CA45734.pf
- \Windows\prefetch\SDIAGNHOST.EXE-8D72177C.pf
- \Windows\prefetch\SEARCHFILTERHOST.EXE-77482212.pf
- \Windows\prefetch\SEARCHINDEXER.EXE-4A6353B9.pf
- \Windows\prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf
- \Windows\prefetch\SETUP.EXE-D150E1F8.pf
- \Windows\prefetch\SIDEBAR.EXE-FA75EA61.pf
- \Windows\prefetch\SMSS.EXE-E9C28FC6.pf
- \Windows\prefetch\SPPSVC.EXE-B0F8131B.pf
- \Windows\prefetch\SVCHOST.EXE-05F624AB.pf
- \Windows\prefetch\SVCHOST.EXE-3AB35CA7.pf
- \Windows\prefetch\SVCHOST.EXE-7AC6742A.pf
- \Windows\prefetch\SVCHOST.EXE-7CFEDEA3.pf
- \Windows\prefetch\TASKHOST.EXE-7238F31D.pf
- \Windows\prefetch\TASKLIST.EXE-C6CEE193.pf
- \Windows\prefetch\TENABLE_MW_SCAN_142A90001FB65-081B12FF.pf
- \Windows\prefetch\TENABLE_OVALDI_2EF350E0435440-22D007DA.pf
- \Windows\prefetch\TIMEOUT.EXE-902DED03.pf
- \Windows\prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf
- \Windows\prefetch\TSTHEME.EXE-14AC78EA.pf
- \Windows\prefetch\USERINIT.EXE-2257A3E7.pf
- \Windows\prefetch\VSSVC.EXE-B8AFC319.pf
- \Windows\prefetch\W32TM.EXE-1101AF41.pf
- \Windows\prefetch\WERMGR.EXE-0F2AC88C.pf
- \Windows\prefetch\WGET.EXE-16DA9599.pf
- \Windows\prefetch\WINLOGON.EXE-B020DC41.pf
- \Windows\prefetch\WMIADAP.EXE-F8DFDFA2.pf
- \Windows\prefetch\WMIC.EXE-A7D06383.pf
- \Windows\prefetch\WMIPRVSE.EXE-1628051C.pf
- \Windows\prefetch\WUAUCLT.EXE-70318591.pf
84047 - Hyper-V Virtual Machine Detection
Synopsis
The remote host is a Hyper-V virtual machine.
Description
According to the MAC address of its network adapter, the remote host is a Microsoft Hyper-V virtual machine.
See Also
Solution
Since it is physically accessible through the network, ensure that its configuration matches your organization's security policy.
Risk Factor
None
Plugin Information:
Published: 2015/06/09, Modified: 2017/11/20
Plugin Output

tcp/0


The remote host is a Hyper-V virtual machine.
90511 - MS KB3152550: Update to Improve Wireless Mouse Input Filtering
Synopsis
The remote Windows host is missing an update to wireless mouse input filtering.
Description
The remote Windows host is missing an update to the wireless mouse input filtering functionality. The missing update enhances security by filtering out QWERTY key packets in keystroke communications issued when receiving communication from USB wireless dongles. The update resolves a vulnerability that allows a local attacker in the physical proximity of the wireless mouse range to inject keyboard HID packets into Microsoft wireless mouse devices through the use of USB dongles.
See Also
Solution
Microsoft has released a set of patches for Windows 7, 8.1, and 10.
Risk Factor
None
References
MSKB 3152550
Plugin Information:
Published: 2016/04/13, Modified: 2017/08/30
Plugin Output

tcp/0

Nessus has determined that the remote Windows host is missing files
that are created upon installation of the update corresponding to
Microsoft Security Advisory 3152550.
92365 - Microsoft Windows Hosts File
Synopsis
Nessus was able to collect the hosts file from the remote host.
Description
Nessus was able to collect the hosts file from the remote Windows host and report it as attachment.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2016/07/19, Modified: 2017/08/30
Plugin Output

tcp/0

Windows hosts file attached.
92367 - Microsoft Windows PowerShell Execution Policy
Synopsis
Nessus was able to collect and report the PowerShell execution policy for the remote host.
Description
Nessus was able to collect and report the PowerShell execution policy for the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2016/07/19, Modified: 2017/08/30
Plugin Output

tcp/0

HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy : Restricted
92371 - Microsoft Windows DNS Cache
Synopsis
Nessus was able to collect and report DNS cache information from the remote host.
Description
Nessus was able to collect details of the DNS cache from the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2016/07/19, Modified: 2017/12/06
Plugin Output

tcp/0

_ldap._tcp.pdc._msdcs.localhost.local
data.localhost.local
nessushost08r2
nessushost08r2

DNS cache information attached.
92424 - MUICache Program Execution History
Synopsis
Nessus was able to enumerate recently executed programs on the remote host.
Description
Nessus was able to query the MUIcache registry key to find evidence of program execution.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2016/07/19, Modified: 2017/08/30
Plugin Output

tcp/0

@c:\windows\system32\filemgmt.dll,-2204 : Services
@sstpsvc.dll,-35001 : Secure Socket Tunneling Protocol
@c:\windows\microsoft.net\framework\v4.0.30319\\servicemodelevents.dll,-2002 : Windows Communication Foundation
@netlogon.dll,-1010 : Netlogon Service
@%systemroot%\system32\dhcpqec.dll,-103 : 1.0
c:\windows\system32,@elscore.dll,-5 : Microsoft Transliteration Engine
@c:\windows\system32\gameux.dll,-10056 : Hearts
@%systemroot%\system32\tsgqec.dll,-102 : 1.0
@c:\windows\system32\synccenter.dll,-3000 : Sync Center
@c:\windows\system32\wdc.dll,-10030 : Resource Monitor
@c:\windows\system32\mdsched.exe,-4001 : Windows Memory Diagnostic
c:\windows\system32,@elscore.dll,-1 : Microsoft Language Detection
@c:\program files\common files\microsoft shared\ink\tiptsf.dll,-80 : Tablet PC Input Panel
@c:\windows\system32\wucltux.dll,-1 : Windows Update
@c:\program files\common files\microsoft shared\ink\shapecollector.exe,-298 : Personalize Handwriting Recognition
@c:\windows\system32\windowspowershell\v1.0\powershell.exe,-101 : Windows PowerShell ISE
@c:\windows\system32\recdisc.exe,-2000 : Create a System Repair Disc
@%systemroot%\system32\tsgqec.dll,-101 : Provides RD Gateway enforcement for NAP
@%systemroot%\system32\eapqec.dll,-103 : Microsoft Corporation
@%systemroot%\system32\tcpipcfg.dll,-50001 : Transmission Control Protocol/Internet Protocol. The default wide area network protocol that provides communication across diverse interconnected networks.
@%systemroot%\system32\napipsec.dll,-3 : Microsoft Corporation
@c:\windows\system32\gameux.dll,-10055 : FreeCell
@c:\windows\system32\displayswitch.exe,-320 : Connect to a Projector
@c:\windows\system32\migwiz\wet.dll,-588 : Windows Easy Transfer
@c:\windows\system32\rstrui.exe,-100 : System Restore
@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust
@c:\program files\windows journal\journal.exe,-3074 : Windows Journal
c:\windows\system32,@elscore.dll,-3 : Microsoft Traditional Chinese to Simplified Chinese Transliteration
c:\windows\system32,@elscore.dll,-8 : Microsoft Malayalam to Latin Transliteration
@c:\windows\system32\mblctr.exe,-1008 : Windows Mobility Center
@%systemroot%\system32\eapqec.dll,-101 : Provides Network Access Protection enforcement for EAP authenticated network connections, such as those used with 802.1X and VPN technologies.
@%systemroot%\system32\fveui.dll,-844 : BitLocker Data Recovery Agent
@%systemroot%\system32\dhcpqec.dll,-102 : Microsoft Corporation
@c:\windows\system32\xpsrchvw.exe,-102 : XPS Viewer
@c:\windows\system32\authfwgp.dll,-20 : Windows Firewall with Advanced Security
@c:\windows\system32\comres.dll,-3410 : Component Services
@c:\windows\system32\msra.exe,-100 : Windows Remote Assistance
@c:\windows\system32\iscsicpl.dll,-5001 : iSCSI Initiator
c:\windows\system32,@elscore.dll,-4 : Microsoft Simplified Chinese to Traditional Chinese Transliteration
@c:\windows\system32\mstsc.exe,-4000 : Remote Desktop Connection
@c:\program files\windows sidebar\sidebar.exe,-1005 : Desktop Gadget Gallery
@c:\windows\system32\gameux.dll,-10082 : Games Explorer
@c:\windows\system32\pmcsnap.dll,-700 : Print Management
@c:\windows\system32\msinfo32.exe,-100 : System Information
@%systemroot%\system32\dhcpqec.dll,-101 : Provides DHCP based enforcement for NAP
c:\windows\system32,@elscore.dll,-9 : Microsoft Bengali to Latin Transliteration
languagelist : en-US
92434 - User Download Folder Files
Synopsis
Nessus was able to enumerate downloaded files on the remote host.
Description
Nessus was able to generate a report of all files listed in the default user download folder.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2016/07/19, Modified: 2017/08/30
Plugin Output

tcp/0

C:\\Users\admin\Downloads\desktop.ini
C:\\Users\admin\Downloads\npp.6.9.2.Installer.exe
C:\\Users\admin\Downloads\winmd5free\License.txt
C:\\Users\admin\Downloads\winmd5free\Readme.txt
C:\\Users\admin\Downloads\winmd5free\WinMD5.exe
C:\\Users\admin\Downloads\winmd5free.zip
C:\\Users\Administrator\Downloads\desktop.ini
C:\\Users\administrator.localhost\Downloads\desktop.ini
C:\\Users\jdavies\Downloads\desktop.ini
C:\\Users\Public\Downloads\desktop.ini

Download folder content report attached.

10287 - Traceroute Information
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 1999/11/27, Modified: 2017/08/22
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.1.108 to 192.168.1.53 :
192.168.1.108
192.168.1.53

Hop Count: 1

34220 - Netstat Portscanner (WMI)
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/16, Modified: 2017/12/04
Plugin Output

udp/123

Port 123/udp was found to be open
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/23, Modified: 2017/11/20
Plugin Output

udp/123


The Win32 process 'svchost.exe' is listening on this port (pid 944).

This process 'svchost.exe' (pid 944) is hosting the following Windows services :
EventSystem (@comres.dll,-2450)
FontCache (@%systemroot%\system32\FntCache.dll,-100)
netprofm (@%SystemRoot%\system32\netprofm.dll,-202)
nsi (@%SystemRoot%\system32\nsisvc.dll,-200)
W32Time (@%SystemRoot%\system32\w32time.dll,-200)
WdiServiceHost (@%systemroot%\system32\wdi.dll,-502)

10736 - DCE Services Enumeration
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2001/08/26, Modified: 2014/05/12
Plugin Output

tcp/135


The following DCERPC services are available locally :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc05CFD0

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc05CFD0

Object UUID : 6d726574-7273-0076-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-450203b573c6e8c63d

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000001
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc05E3D1

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Local RPC service
Named pipe : OLEC5A4386F731947C1A4C916F564E6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4b112204-0e19-11d3-b42b-0000f81feb9f, version 1.0
Description : SSDP service
Windows process : unknow
Type : Local RPC service
Named pipe : LRPC-0e4c0f81baf3131f6c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE5C715B9A912D451D91E8EE622E1E

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : trkwks

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : RemoteDevicesLPC_API

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : TSUMRPD_PRINT_DRV_LPC_API

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LRPC-7dcc1816148cbf2286

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0
Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe
Annotation : IPSec Policy agent endpoint
Type : Local RPC service
Named pipe : LRPC-52c06e0d24733125a6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0
Description : Unknown RPC service
Annotation : Base Firewall Engine API
Type : Local RPC service
Named pipe : LRPC-c304bad2a2a82f1b42

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-c304bad2a2a82f1b42

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-c304bad2a2a82f1b42

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0
Description : Unknown RPC service
Annotation : Spooler function endpoint
Type : Local RPC service
Named pipe : spoolss

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0
Description : Unknown RPC service
Annotation : Spooler base remote object endpoint
Type : Local RPC service
Named pipe : spoolss

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0
Description : Unknown RPC service
Annotation : Spooler function endpoint
Type : Local RPC service
Named pipe : spoolss

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service
Annotation : NSI server endpoint
Type : Local RPC service
Named pipe : OLE2E1E3257131A47339079F4DD2DA4

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service
Annotation : NSI server endpoint
Type : Local RPC service
Named pipe : LRPC-a6cb3ac92a184769c3

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : OLE2E1E3257131A47339079F4DD2DA4

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : LRPC-a6cb3ac92a184769c3

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : W32TIME_ALT

Object UUID : 3bdb59a0-d736-4d44-9074-c1ee00000001
UUID : 24019106-a203-4642-b88d-82dae9158929, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-538989552105521739

Object UUID : 6c637067-6569-746e-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-36a2de3107c001233f

Object UUID : 24d1f7c7-76af-4f28-9ccd-7f6cb6468601
UUID : 2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-36a2de3107c001233f

Object UUID : 666f7270-6c69-7365-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : OLE5095B7C1B0D14C88A965A9B3FD7C

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLE5095B7C1B0D14C88A965A9B3FD7C

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLE5095B7C1B0D14C88A965A9B3FD7C

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLE5095B7C1B0D14C88A965A9B3FD7C

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE5095B7C1B0D14C88A965A9B3FD7C

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : OLE5095B7C1B0D14C88A965A9B3FD7C

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : OLE5095B7C1B0D14C88A965A9B3FD7C

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Local RPC service
Named pipe : OLE5095B7C1B0D14C88A965A9B3FD7C

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : OLE5095B7C1B0D14C88A965A9B3FD7C

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE5095B7C1B0D14C88A965A9B3FD7C

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : AudioClientRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : Audiosrv

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : AudioClientRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : Audiosrv

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : AudioClientRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : Audiosrv

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Local RPC service
Named pipe : AudioClientRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Local RPC service
Named pipe : Audiosrv

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Local RPC service
Named pipe : dhcpcsvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Local RPC service
Named pipe : dhcpcsvc6
34220 - Netstat Portscanner (WMI)
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/16, Modified: 2017/12/04
Plugin Output

tcp/135

Port 135/tcp was found to be open
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/23, Modified: 2017/11/20
Plugin Output

tcp/135


The Win32 process 'svchost.exe' is listening on this port (pid 780).

This process 'svchost.exe' (pid 780) is hosting the following Windows services :
RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001)
RpcSs (@oleres.dll,-5010)

10150 - Windows NetBIOS / SMB Remote Host Information Disclosure
Synopsis
It was possible to obtain the network name of the remote host.
Description
The remote host is listening on UDP port 137 or TCP port 445, and replies to NetBIOS nbtscan or SMB requests.

Note that this plugin gathers information to be used in other plugins, but does not itself generate a report.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 1999/10/12, Modified: 2017/09/27
Plugin Output

udp/137

The following 4 NetBIOS names have been gathered :

WIN7X86-QA = Computer name
localhost = Workgroup / Domain name
WIN7X86-QA = File Server Service
localhost = Browser Service Elections

The remote host has the following MAC address on its adapter :

00:15:5d:0f:c6:b5
34220 - Netstat Portscanner (WMI)
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/16, Modified: 2017/12/04
Plugin Output

udp/137

Port 137/udp was found to be open
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/23, Modified: 2017/11/20
Plugin Output

udp/137


The Win32 process 'System' is listening on this port (pid 4).

34220 - Netstat Portscanner (WMI)
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/16, Modified: 2017/12/04
Plugin Output

udp/138

Port 138/udp was found to be open
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/23, Modified: 2017/11/20
Plugin Output

udp/138


The Win32 process 'System' is listening on this port (pid 4).

11011 - Microsoft Windows SMB Service Detection
Synopsis
A file / print sharing service is listening on the remote host.
Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2002/06/05, Modified: 2015/06/02
Plugin Output

tcp/139


An SMB server is running on this port.
34220 - Netstat Portscanner (WMI)
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/16, Modified: 2017/12/04
Plugin Output

tcp/139

Port 139/tcp was found to be open
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/23, Modified: 2017/11/20
Plugin Output

tcp/139


The Win32 process 'System' is listening on this port (pid 4).

72704 - Microsoft .NET Framework Unsupported
Synopsis
An unsupported software framework is installed on the remote Windows host.
Description
According to its self-reported version number, there is at least one version of Microsoft .NET Framework installed on the remote Windows host that is no longer supported.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
See Also
Solution
Upgrade to a version of the Microsoft .NET Framework that is currently supported.
Risk Factor
Critical
CVSS v3.0 Base Score
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Plugin Information:
Published: 2014/02/26, Modified: 2017/05/26
Plugin Output

tcp/445


The following Microsoft .NET Framework version is no longer
supported :


Installed version : Microsoft .NET Framework v4.5
EOL date : January 12, 2016
EOL URL : http://support.microsoft.com/lifecycle/search/?sort=pn&alpha=.net+framework
Supported versions : 3.5 / 4.5.2 / 4.6 / 4.6.1 / 4.6.2 / 4.7
100761 - KB4022719: Windows 7 and Windows 2008 R2 June 2017 Cumulative Update
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update KB4022719 or KB4022722. It is, therefore, affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists in Windows Hyper-V instruction emulation due to a failure to properly enforce privilege levels. An attacker on a guest operating system can exploit this to gain elevated privileges on the guest. Note that the host operating system is not vulnerable. (CVE-2017-0193)

- A remote code execution vulnerability exists in Microsoft Office due to improper validation of user-supplied input before loading dynamic link library (DLL) files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted file, to execute arbitrary code in the context of the current user. (CVE-2017-0260)

- Multiple information disclosure vulnerabilities exist in Windows Uniscribe due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a specially crafted website or to open a specially crafted document file, to disclose the contents of memory. (CVE-2017-0282, CVE-2017-0284, CVE-2017-0285, CVE-2017-8534)

- Multiple remote code execution vulnerabilities exist in Windows Uniscribe software due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a specially crafted website or to open a specially crafted document file, to execute arbitrary code in the context of the current user. (CVE-2017-0283, CVE-2017-8528)

- Mutiple information disclosure vulnerabilities exist in the Windows GDI component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a specially crafted website or to open a specially crafted document file, to disclose the contents of memory.
(CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, CVE-2017-8533)

- A remote code execution vulnerability exists in Microsoft Windows due to improper handling of cabinet files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted cabinet file, to execute arbitrary code in the context of the current user. (CVE-2017-0294)

- An elevation of privilege vulnerability exists in tdx.sys due to a failure to check the length of a buffer prior to copying memory to it. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code in an elevated context.
(CVE-2017-0296)

- An elevation of privilege vulnerability exists in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated permissions. (CVE-2017-0297)

- An elevation of privilege vulnerability exists in the DCOM object in Helppane.exe, when configured to run as the interactive user, due to a failure to properly authenticate the client. An authenticated, remote attacker can exploit this, via a specially crafted application, to run arbitrary code in another user's session after that user has logged on to the same system using Terminal Services or Fast User Switching.
(CVE-2017-0298)

- Multiple information disclosure vulnerabilities exist in the Windows kernel due to improper initialization of objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to disclose the base address of the kernel driver.
(CVE-2017-0299, CVE-2017-0300, CVE-2017-8462)

- A remote code execution vulnerability exists in Windows due to improper handling of shortcuts. An unauthenticated, remote attacker can exploit this, by convincing a user to insert a removable drive containing a malicious shortcut and binary, to automatically execute arbitrary code in the context of the current user. (CVE-2017-8464)

- Multiple information disclosure vulnerabilities exist in the Windows kernel due to improper initialization of objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to disclose sensitive information. (CVE-2017-8469, CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, CVE-2017-8476, CVE-2017-8477, CVE-2017-8478, CVE-2017-8479, CVE-2017-8480, CVE-2017-8481, CVE-2017-8482, CVE-2017-8483, CVE-2017-8484, CVE-2017-8485, CVE-2017-8488, CVE-2017-8489, CVE-2017-8490, CVE-2017-8491, CVE-2017-8492)

- Multiple remote code execution vulnerabilities exist in Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-8519, CVE-2017-8547)

- A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-8524)

- A remote code execution vulnerability exists in the Windows font library due to improper handling of embedded fonts. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft document, to execute arbitrary code in the context of the current user. (CVE-2017-8527)

- An information disclosure vulnerability exists in Microsoft browsers in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose files on a user's computer. (CVE-2017-8529)*

- A remote code execution vulnerability exists in the Windows Search functionality due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, via a specially crafted SMB message, to execute arbitrary code. (CVE-2017-8543)

- An information disclosure vulnerability exists in the Windows Search functionality due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, via a specially crafted SMB message, to disclose sensitive information. (CVE-2017-8544)

- Multiple information disclosure vulnerabilities exist in the Windows kernel due to improper handling of objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to disclose the contents of memory. (CVE-2017-8553, CVE-2017-8554)

* note that a registry value must be added to enable the fix for CVE-2017-8529. if the patch is installed but not enabled, the registry key needed will be detailed in the output below.
See Also
Solution
Apply security update KB4022719 or KB4022722.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.8 (CVSS:3.0/E:P/RL:O/RC:C)
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.8 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 98953
BID 98949
BID 98942
BID 98940
BID 98933
BID 98932
BID 98930
BID 98929
BID 98923
BID 98922
BID 98920
BID 98918
BID 98914
BID 98903
BID 98901
BID 98900
BID 98899
BID 98891
BID 98885
BID 98884
BID 98878
BID 98870
BID 98869
BID 98867
BID 98865
BID 98864
BID 98862
BID 98860
BID 98859
BID 98858
BID 98857
BID 98856
BID 98854
BID 98853
BID 98852
BID 98851
BID 98849
BID 98848
BID 98847
BID 98845
BID 98842
BID 98840
BID 98839
BID 98837
BID 98826
BID 98824
BID 98822
BID 98821
BID 98820
BID 98819
BID 98818
BID 98810
CVE CVE-2017-8554
CVE CVE-2017-8553
CVE CVE-2017-8547
CVE CVE-2017-8544
CVE CVE-2017-8543
CVE CVE-2017-8534
CVE CVE-2017-8533
CVE CVE-2017-8532
CVE CVE-2017-8531
CVE CVE-2017-8529
CVE CVE-2017-8528
CVE CVE-2017-8527
CVE CVE-2017-8524
CVE CVE-2017-8519
CVE CVE-2017-8492
CVE CVE-2017-8491
CVE CVE-2017-8490
CVE CVE-2017-8489
CVE CVE-2017-8488
CVE CVE-2017-8485
CVE CVE-2017-8484
CVE CVE-2017-8483
CVE CVE-2017-8482
CVE CVE-2017-8481
CVE CVE-2017-8480
CVE CVE-2017-8479
CVE CVE-2017-8478
CVE CVE-2017-8477
CVE CVE-2017-8476
CVE CVE-2017-8475
CVE CVE-2017-8473
CVE CVE-2017-8472
CVE CVE-2017-8471
CVE CVE-2017-8470
CVE CVE-2017-8469
CVE CVE-2017-8464
CVE CVE-2017-8462
CVE CVE-2017-0300
CVE CVE-2017-0299
CVE CVE-2017-0298
CVE CVE-2017-0297
CVE CVE-2017-0296
CVE CVE-2017-0294
CVE CVE-2017-0289
CVE CVE-2017-0288
CVE CVE-2017-0287
CVE CVE-2017-0286
CVE CVE-2017-0285
CVE CVE-2017-0284
CVE CVE-2017-0283
CVE CVE-2017-0282
CVE CVE-2017-0260
CVE CVE-2017-0193
MSKB 4022722
MSKB 4022719
XREF MSFT:MS17-4022722
XREF MSFT:MS17-4022719
XREF OSVDB:159999
XREF OSVDB:159006
XREF OSVDB:159005
XREF OSVDB:159004
XREF OSVDB:159003
XREF OSVDB:159001
XREF OSVDB:159000
XREF OSVDB:158999
XREF OSVDB:158987
XREF OSVDB:158986
XREF OSVDB:158985
XREF OSVDB:158984
XREF OSVDB:158983
XREF OSVDB:158982
XREF OSVDB:158981
XREF OSVDB:158980
XREF OSVDB:158979
XREF OSVDB:158978
XREF OSVDB:158977
XREF OSVDB:158976
XREF OSVDB:158974
XREF OSVDB:158973
XREF OSVDB:158972
XREF OSVDB:158969
XREF OSVDB:158968
XREF OSVDB:158967
XREF OSVDB:158966
XREF OSVDB:158965
XREF OSVDB:158964
XREF OSVDB:158963
XREF OSVDB:158961
XREF OSVDB:158960
XREF OSVDB:158959
XREF OSVDB:158958
XREF OSVDB:158957
XREF OSVDB:158956
XREF OSVDB:158955
XREF OSVDB:158954
XREF OSVDB:158953
XREF OSVDB:158952
XREF OSVDB:158943
XREF OSVDB:158941
XREF OSVDB:158940
XREF OSVDB:158939
XREF OSVDB:158938
XREF OSVDB:158937
XREF OSVDB:158932
XREF OSVDB:158931
XREF OSVDB:158925
XREF OSVDB:158924
XREF OSVDB:158922
XREF OSVDB:158921
XREF OSVDB:158914
Exploitable With
CANVAS (true) Metasploit (true)
Plugin Information:
Published: 2017/06/13, Modified: 2017/11/17
Plugin Output

tcp/445



The following registry key is missing.This registry key is required to enable the fix for CVE-2017-8529:
SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX\iexplore.exe
48762 - MS KB2269637: Insecure Library Loading Could Allow Remote Code Execution
Synopsis
The remote Windows host may be vulnerable to code execution attacks.
Description
The remote host is missing Microsoft KB2264107 or an associated registry change, which provides a mechanism for mitigating binary planting or DLL preloading attacks.

Insecurely implemented applications look in their current working directory when resolving DLL dependencies. If a malicious DLL with the same name as a required DLL is located in the application's current working directory, the malicious DLL will be loaded.

A remote attacker could exploit this issue by tricking a user into accessing a vulnerable application via a network share or WebDAV folder where a malicious DLL resides, resulting in arbitrary code execution.
See Also
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2 :

Please note this update provides a method of mitigating a class of vulnerabilities rather than fixing any specific vulnerabilities.
Additionally, these patches must be used in conjunction with the 'CWDIllegalInDllSearch' registry setting to have any effect. These protections could be applied in a way that breaks functionality in existing applications. Refer to the Microsoft advisory for more information.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
References
MSKB 2269637
Plugin Information:
Published: 2010/08/26, Modified: 2017/08/30
Plugin Output

tcp/445


ntdll.dll has been upgraded by KB2264107 or a related, subsequent update,
but the following registry entry has not been set :

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\CWDIllegalInDllSearch
59915 - MS KB2719662: Vulnerabilities in Gadgets Could Allow Remote Code Execution
Synopsis
Arbitrary code can be executed on the remote host through Desktop Gadgets.
Description
The remote version of Microsoft Windows is missing a workaround that mitigates multiple, unspecified remote code execution vulnerabilities caused by running insecure Gadgets. Windows Vista and 7 are affected by this issue. An attacker could exploit this by tricking a user into installing a vulnerable Gadget, resulting in arbitrary code execution.
See Also
Solution
Apply the workaround described in Microsoft security advisory 2719662.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
References
MSKB 2719662
Plugin Information:
Published: 2012/07/11, Modified: 2017/08/30
Plugin Output

tcp/445


Nessus determined the workaround is not being used because the following
registry value does not exist :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar\TurnOffSidebar
76123 - MS Security Advisory 2974294: Vulnerability in Microsoft Malware Protection Engine Could Allow Denial of Service
Synopsis
The remote host has an antimalware application that is affected by a denial of service vulnerability.
Description
A vulnerable version of Microsoft Malware Protection Engine (MMPE) is installed on the remote host. Scanning a maliciously crafted file could prevent the Malware Protection Engine from monitoring affected systems until the file is manually removed and the service is restarted. This plugin checks if a vulnerable version of MMPE is being used by any of the following applications :

- Microsoft Forefront Client Security
- Microsoft Forefront Endpoint Protection 2010
- Microsoft System Center 2012 Endpoint Protection
- Microsoft Malicious Software Removal Tool
- Microsoft Security Essentials
- Microsoft Security Essentials Prerelease
- Windows Defender for Windows 8, Windows 8.1, Windows Server 2012 and Windows Server 2012 R2
- Windows Defender for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2

These applications are only affected if they are using a scan engine prior to 1.1.10701.0.
See Also
Solution
Enable automatic updates to update the scan engine for the relevant antimalware applications. Refer to KB2510781 for information on how to verify MMPE has been updated.
Risk Factor
High
CVSS Base Score
7.1 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS Temporal Score
6.2 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 68076
CVE CVE-2014-2779
MSKB 2974294
XREF OSVDB:108198
Plugin Information:
Published: 2014/06/18, Modified: 2017/08/30
Plugin Output

tcp/445


Nessus found following vulnerable product(s) installed :

Product : Microsoft Malicious Software Removal Tool
Installed version : 4.19.7304.0
Fixed version : 5.13.10300.0 (June 2014)
81264 - MS15-011: Vulnerability in Group Policy Could Allow Remote Code Execution (3000483)
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.
Description
The remote Windows host is affected by a remote code execution vulnerability due to how the Group Policy service manages policy data when a domain-joined system connects to a domain controller. An attacker, using a controlled network, can exploit this to gain complete control of the host.

Note that Microsoft has no plans to release an update for Windows 2003 even though it is affected by this vulnerability.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.1 (CVSS2#E:ND/RL:OF/RC:C)
STIG Severity
I
References
BID 72477
CVE CVE-2015-0008
MSKB 3000483
XREF IAVA:2015-A-0033
XREF MSFT:MS15-011
XREF CERT:787252
XREF OSVDB:118181
Exploitable With
Core Impact (true)
Plugin Information:
Published: 2015/02/10, Modified: 2017/07/24
Plugin Output

tcp/445



KB 3000483 or a related, subsequent update was successfully
installed, but the GPO setting "Hardened UNC Paths" has not
been enabled.
84742 - MS KB3074162: Vulnerability in Microsoft Malicious Software Removal Tool Could Allow Elevation of Privilege
Synopsis
The remote Windows host has an antimalware application that is affected by a privilege escalation vulnerability.
Description
The remote Windows host is affected by an elevation of privilege vulnerability due to the Malicious Software Removal Tool (MSRT) failing to properly handle a race condition involving DLL-planting.
An authenticated attacker can exploit this vulnerability by placing a specially crafted DLL file in a local directory that is later run by MSRT, resulting in an elevation of privileges.
See Also
Solution
Enable automatic updates to update the scan engine for the relevant antimalware applications. Refer to KB2510781 for information on how to verify MMPE (and the associated MSRT) has been updated.
Risk Factor
High
CVSS Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score
7.4 (CVSS2#E:F/RL:OF/RC:ND)
References
CVE CVE-2015-2418
MSKB 3074162
XREF OSVDB:124553
Plugin Information:
Published: 2015/07/14, Modified: 2017/08/30
Plugin Output

tcp/445


Product : Microsoft Malicious Software Removal Tool
Installed version : 4.19.7304.0
Fixed version : 5.26
87253 - MS15-124: Cumulative Security Update for Internet Explorer (3116180)
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.
Description
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3116180. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.
See Also
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.7 (CVSS2#E:F/RL:OF/RC:ND)
References
BID 78540
BID 78538
BID 78537
BID 78536
BID 78535
BID 78534
BID 78533
BID 78532
BID 78531
BID 78530
BID 78529
BID 78528
BID 78527
BID 78526
BID 78508
BID 78507
BID 78495
BID 78494
BID 78492
BID 78491
BID 78490
BID 78489
BID 78488
BID 78487
BID 78486
BID 78485
BID 78484
BID 78483
BID 78482
BID 78481
CVE CVE-2015-6164
CVE CVE-2015-6162
CVE CVE-2015-6161
CVE CVE-2015-6160
CVE CVE-2015-6159
CVE CVE-2015-6158
CVE CVE-2015-6157
CVE CVE-2015-6156
CVE CVE-2015-6155
CVE CVE-2015-6154
CVE CVE-2015-6153
CVE CVE-2015-6152
CVE CVE-2015-6151
CVE CVE-2015-6150
CVE CVE-2015-6149
CVE CVE-2015-6148
CVE CVE-2015-6147
CVE CVE-2015-6146
CVE CVE-2015-6145
CVE CVE-2015-6144
CVE CVE-2015-6143
CVE CVE-2015-6142
CVE CVE-2015-6141
CVE CVE-2015-6140
CVE CVE-2015-6139
CVE CVE-2015-6138
CVE CVE-2015-6136
CVE CVE-2015-6135
CVE CVE-2015-6134
CVE CVE-2015-6083
MSKB 3125869
MSKB 3116900
MSKB 3116869
MSKB 3104002
XREF MSFT:MS15-124
XREF OSVDB:131319
XREF OSVDB:131318
XREF OSVDB:131317
XREF OSVDB:131316
XREF OSVDB:131315
XREF OSVDB:131314
XREF OSVDB:131313
XREF OSVDB:131312
XREF OSVDB:131311
XREF OSVDB:131310
XREF OSVDB:131309
XREF OSVDB:131308
XREF OSVDB:131307
XREF OSVDB:131306
XREF OSVDB:131305
XREF OSVDB:131304
XREF OSVDB:131303
XREF OSVDB:131302
XREF OSVDB:131301
XREF OSVDB:131300
XREF OSVDB:131299
XREF OSVDB:131298
XREF OSVDB:131297
XREF OSVDB:131296
XREF OSVDB:131295
XREF OSVDB:131294
XREF OSVDB:131293
XREF OSVDB:131292
XREF OSVDB:131291
XREF OSVDB:131290
Plugin Information:
Published: 2015/12/08, Modified: 2017/07/24
Plugin Output

tcp/445


ASLR hardening settings for Internet Explorer in KB3125869
have not been applied. The following DWORD keys must be
created with a value of 1:
- HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING\iexplore.exe
104892 - Security Updates for Internet Explorer (June 2017)
Synopsis
The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.
Description
The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8519, CVE-2017-8547)

- A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8517, CVE-2017-8522, CVE-2017-8524)
See Also
Solution
Microsoft has released security updates for the affected versions of Internet Explorer.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
5.6 (CVSS2#E:U/RL:OF/RC:C)
References
BID 98932
BID 98930
BID 98926
BID 98899
BID 98895
CVE CVE-2017-8547
CVE CVE-2017-8524
CVE CVE-2017-8522
CVE CVE-2017-8519
CVE CVE-2017-8517
MSKB 4022719
MSKB 4021558
MSKB 4022724
MSKB 4022726
XREF MSFT:MS17-4022719
XREF MSFT:MS17-4021558
XREF MSFT:MS17-4022724
XREF MSFT:MS17-4022726
XREF OSVDB:158970
XREF OSVDB:158950
XREF OSVDB:158941
XREF OSVDB:158937
XREF OSVDB:158932
Plugin Information:
Published: 2017/11/30, Modified: 2017/12/01
Plugin Output

tcp/445



The following registry key is missing.This registry key is required to enable the fix for CVE-2017-8529:
SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX\iexplore.exe
57608 - SMB Signing Disabled
Synopsis
Signing is not required on the remote SMB server.
Description
Signing is not required on the remote SMB server. An unauthenticated, remote attacker can exploit this to conduct man-in-the-middle attacks against the SMB server.
See Also
Solution
Enforce message signing in the host's configuration. On Windows, this is found in the policy setting 'Microsoft network server: Digitally sign communications (always)'. On Samba, the setting is called 'server signing'. See the 'see also' links for further details.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
Plugin Information:
Published: 2012/01/19, Modified: 2016/12/09
Plugin Output

tcp/445

78447 - MS KB3009008: Vulnerability in SSL 3.0 Could Allow Information Disclosure (POODLE)
Synopsis
The remote host is affected by a remote information disclosure vulnerability.
Description
The remote host is missing one of the workarounds referenced in the Microsoft Security Advisory 3009008.

If the client registry key workaround has not been applied, any client software installed on the remote host (including IE) is affected by an information disclosure vulnerability when using SSL 3.0.

If the server registry key workaround has not been applied, any server software installed on the remote host (including IIS) is affected by an information disclosure vulnerability when using SSL 3.0.

SSL 3.0 uses nondeterministic CBC padding, which allows a man-in-the-middle attacker to decrypt portions of encrypted traffic using a 'padding oracle' attack. This is also known as the 'POODLE' issue.
See Also
Solution
Apply the client registry key workaround and the server registry key workaround suggested by Microsoft in the advisory.
Risk Factor
Medium
CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score
3.1 (CVSS2#E:U/RL:TF/RC:UR)
References
BID 70574
CVE CVE-2014-3566
MSKB 3009008
XREF CERT:577193
XREF OSVDB:113251
Plugin Information:
Published: 2014/10/15, Modified: 2017/08/30
Plugin Output

tcp/445


The workaround to disable SSL 3.0 for all server software installed on
the remote host has not been applied.

The workaround to disable SSL 3.0 for all client software installed on
the remote host has not been applied.
11457 - Microsoft Windows SMB Registry : Winlogon Cached Password Weakness
Synopsis
User credentials are stored in memory.
Description
The registry key 'HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ Winlogon\CachedLogonsCount' is not 0. Using a value greater than 0 for the CachedLogonsCount key indicates that the remote Windows host locally caches the passwords of the users when they login, in order to continue to allow the users to login in the case of the failure of the primary domain controller (PDC).
See Also
Solution
Use regedt32 and set the value of this registry key to 0.
Risk Factor
Low
CVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
Plugin Information:
Published: 2003/03/24, Modified: 2017/12/05
Plugin Output

tcp/445


Max cached logons : 10
10394 - Microsoft Windows SMB Log In Possible
Synopsis
It was possible to log into the remote host.
Description
The remote host is running a Microsoft Windows operating system or Samba, a CIFS/SMB server for Unix. It was possible to log into it using one of the following accounts :

- NULL session
- Guest account
- Supplied credentials
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2000/05/09, Modified: 2017/11/06
Plugin Output

tcp/445

- NULL sessions are enabled on the remote host.
- The SMB tests will be done as administrator/******
10395 - Microsoft Windows SMB Shares Enumeration
Synopsis
It is possible to enumerate remote network shares.
Description
By connecting to the remote host, Nessus was able to enumerate the network share names.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2000/05/09, Modified: 2015/01/12
Plugin Output

tcp/445


Here are the SMB shares available on the remote host when logged in as administrator:

- ADMIN$
- C$
- IPC$
10396 - Microsoft Windows SMB Shares Access
Synopsis
It is possible to access a network share.
Description
The remote has one or more Windows shares that can be accessed through the network with the given credentials.

Depending on the share rights, it may allow an attacker to read / write confidential data.
Solution
To restrict access under Windows, open Explorer, do a right click on each share, go to the 'sharing' tab, and click on 'permissions'.
Risk Factor
None
References
CVE CVE-1999-0520
CVE CVE-1999-0519
XREF OSVDB:299
Plugin Information:
Published: 2000/05/09, Modified: 2015/11/18
Plugin Output

tcp/445


The following shares can be accessed as administrator :

- C$ - (readable,writable)
+ Content of this share :
.rnd
agent
autoexec.bat
config.sys
Documents and Settings
pagefile.sys
PerfLogs
Program Files
ProgramData
Recovery
scripts
System Volume Information
Users
Windows
.b
.e
.

- ADMIN$ - (readable,writable)
+ Content of this share :
..
addins
AppCompat
AppPatch
assembly
bfsvc.exe
BitLockerDiscoveryVolumeContents
Boot
bootstat.dat
Branding
CSC
Cursors
debug
diagnostics
DigitalLocker
Downloaded Program Files
DtcInstall.log
ehome
en-US
explorer.exe
Fonts
fveupdate.exe
Globalization
Help
HelpPane.exe
hh.exe
IE11_main.log
IME
inf
Installer
L2Schemas
LiveKernelReports
Logs
Media
mib.bin
Microsoft.NET
ModemLogs
msdfmap.ini
notepad.exe
Offline Web Pages
Panther
Performance
PFRO.log
PLA
PolicyDefinitions
Prefetch
regedit.exe
Registration
RemotePackages
rescache
Resources
SchCache
schemas
security
ServiceProfiles
servicing
Setup
setupact.log
setuperr.log
ShellNew
SoftwareDistribution
Speech
Starter.xml
system
system.ini
System32
TAPI
Tasks
Temp
tracing
TSSysprep.log
twain.dll
twain_32
twain_32.dll
twunk_16.exe
twunk_32.exe
Ultimate.xml
vmgcoinstall.log
vmguestsetup.log
Vss
Web
win.ini
WindowsShell.Manifest
WindowsUpdate.log
winhelp.exe
winhlp32.exe
winsxs
WMSysPr9.prx
write.exe
wsusofflineupdate.log
_default.pif
10398 - Microsoft Windows SMB LsaQueryInformationPolicy Function NULL Session Domain SID Enumeration
Synopsis
It was possible to obtain the domain SID.
Description
By emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the domain SID (Security Identifier).

The domain SID can then be used to get the list of users of the domain.
Solution
n/a
Risk Factor
None
References
BID 959
CVE CVE-2000-1200
XREF OSVDB:715
Plugin Information:
Published: 2000/05/09, Modified: 2016/11/15
Plugin Output

tcp/445

The remote domain SID value is :
1-5-21-536066148-3557968269-4150644726
10399 - SMB Use Domain SID to Enumerate Users
Synopsis
Nessus was able to enumerate domain users.
Description
Using the domain security identifier (SID), Nessus was able to enumerate the domain users on the remote Windows system.
Solution
n/a
Risk Factor
None
References
BID 959
CVE CVE-2000-1200
XREF OSVDB:715
XREF OSVDB:714
Plugin Information:
Published: 2000/05/09, Modified: 2017/02/02
Plugin Output

tcp/445


- Administrator (id 500, Administrator account)
- krbtgt (id 502, Kerberos account)
- Guest (id 501, Guest account)
- DATA$ (id 1001)
- jdavies (id 1106)
- SSHSVR$ (id 1108)

Note that, in addition to the Administrator, Guest, and Kerberos
accounts, Nessus has enumerated only those domain users with IDs
between 1000 and 1200. To use a different range, edit the scan policy
and change the 'Start UID' and/or 'End UID' preferences for this
plugin, then re-run the scan.
10400 - Microsoft Windows SMB Registry Remotely Accessible
Synopsis
Access the remote Windows Registry.
Description
It was possible to access the remote Windows Registry using the login / password combination used for the Windows local checks (SMB tests).
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2000/05/09, Modified: 2015/01/12
Plugin Output

tcp/445

10456 - Microsoft Windows SMB Service Enumeration
Synopsis
It is possible to enumerate remote services.
Description
This plugin implements the SvcOpenSCManager() and SvcEnumServices() calls to obtain, using the SMB protocol, the list of active and inactive services of the remote host.

An attacker may use this feature to gain better knowledge of the remote host.
Solution
To prevent the listing of the services from being obtained, you should either have tight login restrictions, so that only trusted users can access your host, and/or you should filter incoming traffic to this port.
Risk Factor
None
Plugin Information:
Published: 2000/07/03, Modified: 2015/01/12
Plugin Output

tcp/445


Active Services :

Windows Audio Endpoint Builder [ AudioEndpointBuilder ]
Windows Audio [ Audiosrv ]
Base Filtering Engine [ BFE ]
Background Intelligent Transfer Service [ BITS ]
Computer Browser [ Browser ]
Certificate Propagation [ CertPropSvc ]
Cryptographic Services [ CryptSvc ]
Offline Files [ CscService ]
DCOM Server Process Launcher [ DcomLaunch ]
DHCP Client [ Dhcp ]
Diagnostics Tracking Service [ DiagTrack ]
DNS Client [ Dnscache ]
Diagnostic Policy Service [ DPS ]
Windows Event Log [ eventlog ]
COM+ Event System [ EventSystem ]
Function Discovery Resource Publication [ FDResPub ]
Windows Font Cache Service [ FontCache ]
Group Policy Client [ gpsvc ]
IKE and AuthIP IPsec Keying Modules [ IKEEXT ]
IP Helper [ iphlpsvc ]
Server [ LanmanServer ]
Workstation [ LanmanWorkstation ]
TCP/IP NetBIOS Helper [ lmhosts ]
Windows Firewall [ MpsSvc ]
Netlogon [ Netlogon ]
Network List Service [ netprofm ]
Network Location Awareness [ NlaSvc ]
Network Store Interface Service [ nsi ]
Plug and Play [ PlugPlay ]
IPsec Policy Agent [ PolicyAgent ]
Power [ Power ]
User Profile Service [ ProfSvc ]
Remote Registry [ RemoteRegistry ]
RPC Endpoint Mapper [ RpcEptMapper ]
Remote Procedure Call (RPC) [ RpcSs ]
Security Accounts Manager [ SamSs ]
Task Scheduler [ Schedule ]
System Event Notification Service [ SENS ]
Remote Desktop Configuration [ SessionEnv ]
Print Spooler [ Spooler ]
SSDP Discovery [ SSDPSRV ]
Microsoft Software Shadow Copy Provider [ swprv ]
Superfetch [ SysMain ]
Tenable Nessus Agent [ Tenable Nessus Agent ]
Remote Desktop Services [ TermService ]
Themes [ Themes ]
Distributed Link Tracking Client [ TrkWks ]
Windows Modules Installer [ TrustedInstaller ]
Remote Desktop Services UserMode Port Redirector [ UmRdpService ]
Desktop Window Manager Session Manager [ UxSms ]
Hyper-V Heartbeat Service [ vmicheartbeat ]
Hyper-V Data Exchange Service [ vmickvpexchange ]
Hyper-V Remote Desktop Virtualization Service [ vmicrdv ]
Hyper-V Guest Shutdown Service [ vmicshutdown ]
Hyper-V Time Synchronization Service [ vmictimesync ]
Hyper-V Volume Shadow Copy Requestor [ vmicvss ]
Volume Shadow Copy [ VSS ]
Windows Time [ W32Time ]
Diagnostic Service Host [ WdiServiceHost ]
Windows Defender [ WinDefend ]
Windows Management Instrumentation [ Winmgmt ]
Security Center [ wscsvc ]
Windows Search [ WSearch ]
Windows Update [ wuauserv ]

Inactive Services :

Application Experience [ AeLookupSvc ]
Application Layer Gateway Service [ ALG ]
Application Identity [ AppIDSvc ]
Application Information [ Appinfo ]
Application Management [ AppMgmt ]
ASP.NET State Service [ aspnet_state ]
ActiveX Installer (AxInstSV) [ AxInstSV ]
BitLocker Drive Encryption Service [ BDESVC ]
Bluetooth Support Service [ bthserv ]
Microsoft .NET Framework NGEN v2.0.50727_X86 [ clr_optimization_v2.0.50727_32 ]
Microsoft .NET Framework NGEN v4.0.30319_X86 [ clr_optimization_v4.0.30319_32 ]
COM+ System Application [ COMSysApp ]
Disk Defragmenter [ defragsvc ]
Wired AutoConfig [ dot3svc ]
Extensible Authentication Protocol [ EapHost ]
Encrypting File System (EFS) [ EFS ]
Windows Media Center Receiver Service [ ehRecvr ]
Windows Media Center Scheduler Service [ ehSched ]
Fax [ Fax ]
Function Discovery Provider Host [ fdPHost ]
Windows Presentation Foundation Font Cache 3.0.0.0 [ FontCache3.0.0.0 ]
Human Interface Device Access [ hidserv ]
Health Key and Certificate Management [ hkmsvc ]
HomeGroup Listener [ HomeGroupListener ]
HomeGroup Provider [ HomeGroupProvider ]
Windows CardSpace [ idsvc ]
Internet Explorer ETW Collector Service [ IEEtwCollectorService ]
PnP-X IP Bus Enumerator [ IPBusEnum ]
CNG Key Isolation [ KeyIso ]
KtmRm for Distributed Transaction Coordinator [ KtmRm ]
Link-Layer Topology Discovery Mapper [ lltdsvc ]
Media Center Extender Service [ Mcx2Svc ]
Multimedia Class Scheduler [ MMCSS ]
Distributed Transaction Coordinator [ MSDTC ]
Microsoft iSCSI Initiator Service [ MSiSCSI ]
Windows Installer [ msiserver ]
Network Access Protection Agent [ napagent ]
Network Connections [ Netman ]
Net.Msmq Listener Adapter [ NetMsmqActivator ]
Net.Pipe Listener Adapter [ NetPipeActivator ]
Net.Tcp Listener Adapter [ NetTcpActivator ]
Net.Tcp Port Sharing Service [ NetTcpPortSharing ]
Peer Networking Identity Manager [ p2pimsvc ]
Peer Networking Grouping [ p2psvc ]
Program Compatibility Assistant Service [ PcaSvc ]
BranchCache [ PeerDistSvc ]
Performance Logs & Alerts [ pla ]
PNRP Machine Name Publication Service [ PNRPAutoReg ]
Peer Name Resolution Protocol [ PNRPsvc ]
Protected Storage [ ProtectedStorage ]
Quality Windows Audio Video Experience [ QWAVE ]
Remote Access Auto Connection Manager [ RasAuto ]
Remote Access Connection Manager [ RasMan ]
Routing and Remote Access [ RemoteAccess ]
Remote Procedure Call (RPC) Locator [ RpcLocator ]
Smart Card [ SCardSvr ]
Smart Card Removal Policy [ SCPolicySvc ]
Windows Backup [ SDRSVC ]
Secondary Logon [ seclogon ]
Adaptive Brightness [ SensrSvc ]
Internet Connection Sharing (ICS) [ SharedAccess ]
Shell Hardware Detection [ ShellHWDetection ]
SNMP Trap [ SNMPTRAP ]
Software Protection [ sppsvc ]
SPP Notification Service [ sppuinotify ]
Secure Socket Tunneling Protocol Service [ SstpSvc ]
Windows Image Acquisition (WIA) [ StiSvc ]
Tablet PC Input Service [ TabletInputService ]
Telephony [ TapiSrv ]
TPM Base Services [ TBS ]
Thread Ordering Server [ THREADORDER ]
Interactive Services Detection [ UI0Detect ]
UPnP Device Host [ upnphost ]
Credential Manager [ VaultSvc ]
Virtual Disk [ vds ]
Block Level Backup Engine Service [ wbengine ]
Windows Biometric Service [ WbioSrvc ]
Windows Connect Now - Config Registrar [ wcncsvc ]
Windows Color System [ WcsPlugInService ]
Diagnostic System Host [ WdiSystemHost ]
WebClient [ WebClient ]
Windows Event Collector [ Wecsvc ]
Problem Reports and Solutions Control Panel Support [ wercplsupport ]
Windows Error Reporting Service [ WerSvc ]
WinHTTP Web Proxy Auto-Discovery Service [ WinHttpAutoProxySvc ]
Windows Remote Management (WS-Management) [ WinRM ]
WLAN AutoConfig [ Wlansvc ]
WMI Performance Adapter [ wmiApSrv ]
Windows Media Player Network Sharing Service [ WMPNetworkSvc ]
Parental Controls [ WPCSvc ]
Portable Device Enumerator Service [ WPDBusEnum ]
Windows Driver Foundation - User-mode Driver Framework [ wudfsvc ]
WWAN AutoConfig [ WwanSvc ]
10736 - DCE Services Enumeration
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2001/08/26, Modified: 2014/05/12
Plugin Output

tcp/445


The following DCERPC services are available remotely :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\InitShutdown
Netbios name : \\WIN7X86-QA

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\InitShutdown
Netbios name : \\WIN7X86-QA

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\trkwks
Netbios name : \\WIN7X86-QA

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\WIN7X86-QA

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
Named pipe : \PIPE\protected_storage
Netbios name : \\WIN7X86-QA

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Remote RPC service
Named pipe : \PIPE\W32TIME_ALT
Netbios name : \\WIN7X86-QA

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\WIN7X86-QA

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\WIN7X86-QA

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\WIN7X86-QA

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\WIN7X86-QA

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\WIN7X86-QA

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\WIN7X86-QA

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\WIN7X86-QA

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Remote RPC service
Named pipe : \PIPE\srvsvc
Netbios name : \\WIN7X86-QA

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\WIN7X86-QA

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\srvsvc
Netbios name : \\WIN7X86-QA

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\WIN7X86-QA

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\WIN7X86-QA

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\WIN7X86-QA

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\WIN7X86-QA

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\WIN7X86-QA
10785 - Microsoft Windows SMB NativeLanManager Remote System Information Disclosure
Synopsis
It was possible to obtain information about the remote operating system.
Description
Nessus was able to obtain the remote operating system name and version (Windows and/or Samba) by sending an authentication request to port 139 or 445. Note that this plugin requires SMB1 to be enabled on the host.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2001/10/17, Modified: 2017/11/30
Plugin Output

tcp/445

The remote Operating System is : Windows 7 Ultimate 7601 Service Pack 1
The remote native LAN manager is : Windows 7 Ultimate 6.1
The remote SMB Domain Name is : localhost
10859 - Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration
Synopsis
It is possible to obtain the host SID for the remote host.
Description
By emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the host SID (Security Identifier).

The host SID can then be used to get the list of local users.
See Also
Solution
You can prevent anonymous lookups of the host SID by setting the 'RestrictAnonymous' registry setting to an appropriate value.

Refer to the 'See also' section for guidance.
Risk Factor
None
References
BID 959
CVE CVE-2000-1200
XREF OSVDB:715
Plugin Information:
Published: 2002/02/13, Modified: 2015/11/18
Plugin Output

tcp/445


The remote host SID value is :

1-5-21-4182139038-1214104826-1956019936

The value of 'RestrictAnonymous' setting is : 0
10860 - SMB Use Host SID to Enumerate Local Users
Synopsis
Nessus was able to enumerate local users.
Description
Using the host security identifier (SID), Nessus was able to enumerate local users on the remote Windows system.
Solution
n/a
Risk Factor
None
References
XREF OSVDB:714
Plugin Information:
Published: 2002/02/13, Modified: 2017/02/02
Plugin Output

tcp/445


- Administrator (id 500, Administrator account)
- Guest (id 501, Guest account)
- admin (id 1000)

Note that, in addition to the Administrator and Guest accounts, Nessus
has enumerated only those local users with IDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for this plugin, then re-run the
scan.
10902 - Microsoft Windows 'Administrators' Group User List
Synopsis
There is at least one user in the 'Administrators' group.
Description
Using the supplied credentials, it is possible to extract the member list of the 'Administrators' group. Members of this group have complete access to the remote system.
Solution
Verify that each member of the group should have this type of access.
Risk Factor
None
Plugin Information:
Published: 2002/03/15, Modified: 2016/08/24
Plugin Output

tcp/445


The following users are members of the 'Administrators' group :

- win7x86-qa\Administrator (User)
- win7x86-qa\admin (User)
- localhost\Domain Admins (Group)
11011 - Microsoft Windows SMB Service Detection
Synopsis
A file / print sharing service is listening on the remote host.
Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2002/06/05, Modified: 2015/06/02
Plugin Output

tcp/445


A CIFS server is running on this port.
17651 - Microsoft Windows SMB : Obtains the Password Policy
Synopsis
It is possible to retrieve the remote host's password policy using the supplied credentials.
Description
Using the supplied credentials it was possible to extract the password policy for the remote Windows host. The password policy must conform to the Informational System Policy.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2005/03/30, Modified: 2015/01/12
Plugin Output

tcp/445

The following password policy is defined on the remote host:

Minimum password len: 0
Password history len: 0
Maximum password age (d): 42
Password must meet complexity requirements: Enabled
Minimum password age (d): 0
Forced logoff time (s): Not set
Locked account time (s): 1800
Time between failed logon (s): 1800
Number of invalid logon before locked out (s): 0
20811 - Microsoft Windows Installed Software Enumeration (credentialed check)
Synopsis
It is possible to enumerate installed software.
Description
This plugin lists software potentially installed on the remote host by crawling the registry entries in :

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall HKLM\SOFTWARE\Microsoft\Updates

Note that these entries do not necessarily mean the applications are actually installed on the remote host - they may have been left behind by uninstallers, or the associated files may have been manually removed.
Solution
Remove any applications that are not compliant with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information:
Published: 2006/01/26, Modified: 2013/07/25
Plugin Output

tcp/445


The following software are installed on the remote host :

Notepad++ [version 6.9.2]
Nessus Agent [version 6.11.2.20102] [installed on 2017/11/22]
Microsoft .NET Framework 4.5 [version 4.5.50709]
Security Update for Microsoft .NET Framework 4.5 (KB2737083) [version 1]
Security Update for Microsoft .NET Framework 4.5 (KB2742613) [version 1]
Update for Microsoft .NET Framework 4.5 (KB2750147) [version 1]
Security Update for Microsoft .NET Framework 4.5 (KB2789648) [version 1]
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2) [version 2]
Security Update for Microsoft .NET Framework 4.5 (KB2861208) [version 1]
Security Update for Microsoft .NET Framework 4.5 (KB2894854v2) [version 2]
Security Update for Microsoft .NET Framework 4.5 (KB2898864) [version 1]
Security Update for Microsoft .NET Framework 4.5 (KB2901118) [version 1]
Security Update for Microsoft .NET Framework 4.5 (KB2972107) [version 1]
Security Update for Microsoft .NET Framework 4.5 (KB2972216) [version 1]
Security Update for Microsoft .NET Framework 4.5 (KB2978128) [version 1]
Security Update for Microsoft .NET Framework 4.5 (KB3023224) [version 1]
Security Update for Microsoft .NET Framework 4.5 (KB3035490) [version 1]
Security Update for Microsoft .NET Framework 4.5 (KB3037581) [version 1]
Security Update for Microsoft .NET Framework 4.5 (KB3074230) [version 1]
Security Update for Microsoft .NET Framework 4.5 (KB3074550) [version 1]
Security Update for Microsoft .NET Framework 4.5 (KB3097996) [version 1]
Security Update for Microsoft .NET Framework 4.5 (KB3098781) [version 1]

The following updates are installed :

Microsoft .NET Framework 4.5 :
KB2737083 [version 1] [installed on 2/17/2017]
KB2742613 [version 1] [installed on 2/17/2017]
KB2750147 [version 1] [installed on 2/17/2017]
KB2789648 [version 1] [installed on 2/17/2017]
KB2840642v2 [version 2] [installed on 2/19/2017]
KB2861208 [version 1] [installed on 2/19/2017]
KB2894854v2 [version 2] [installed on 2/19/2017]
KB2898864 [version 1] [installed on 2/19/2017]
KB2901118 [version 1] [installed on 2/19/2017]
KB2972107 [version 1] [installed on 2/19/2017]
KB2972216 [version 1] [installed on 6/11/2017]
KB2978128 [version 1] [installed on 6/11/2017]
KB3023224 [version 1] [installed on 6/11/2017]
KB3035490 [version 1] [installed on 2/19/2017]
KB3037581 [version 1] [installed on 6/11/2017]
KB3074230 [version 1] [installed on 6/11/2017]
KB3074550 [version 1] [installed on 6/11/2017]
KB3097996 [version 1] [installed on 6/11/2017]
KB3098781 [version 1] [installed on 6/11/2017]
34220 - Netstat Portscanner (WMI)
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/16, Modified: 2017/12/04
Plugin Output

tcp/445

Port 445/tcp was found to be open
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/23, Modified: 2017/11/20
Plugin Output

tcp/445


The Win32 process 'System' is listening on this port (pid 4).
38153 - Microsoft Windows Summary of Missing Patches
Synopsis
The remote host is missing several Microsoft security patches.
Description
This plugin summarizes updates for Microsoft Security Bulletins or Knowledge Base (KB) security updates that have not been installed on the remote Windows host based on the results of either a credentialed check using the supplied credentials or a check done using a supported third-party patch management tool.

Review the summary and apply any missing updates in order to be up to date.
Solution
Run Windows Update on the remote host or use a patch management solution.
Risk Factor
None
Plugin Information:
Published: 2009/04/24, Modified: 2017/05/25
Plugin Output

tcp/445

The patches for the following bulletins or KBs are missing on the remote host :

- MS15-124 ( http://technet.microsoft.com/en-us/security/bulletin/ms15-124 )
- KB4022719 ( https://support.microsoft.com/en-us/help/4022719 )
- KB4022724 ( https://support.microsoft.com/en-us/help/4022724 )
38687 - Microsoft Windows Security Center Settings
Synopsis
It is possible to audit Windows Security Center settings on the remote system.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates Windows Security Center settings on the remote host.
See Also
Solution
Review the settings and ensure they are appropriate.
Risk Factor
None
Plugin Information:
Published: 2009/05/05, Modified: 2015/01/12
Plugin Output

tcp/445


Microsoft Windows Security Center is configured as follows :

AntiVirusOverride : 0
FirewallOverride : 0
AntiSpywareOverride : 0
38689 - Microsoft Windows SMB Last Logged On User Disclosure
Synopsis
Nessus was able to identify the last logged on user on the remote host.
Description
By connecting to the remote host with the supplied credentials, Nessus was able to identify the username associated with the last successful logon.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2009/05/05, Modified: 2017/01/26
Plugin Output

tcp/445


Last Successful logon : admin
44401 - Microsoft Windows SMB Service Config Enumeration
Synopsis
It was possible to enumerate configuration parameters of remote services.
Description
Nessus was able to obtain, via the SMB protocol, the launch parameters of each active service on the remote host (executable path, logon type, etc.).
Solution
Ensure that each service is configured properly.
Risk Factor
None
Plugin Information:
Published: 2010/02/05, Modified: 2017/06/14
Plugin Output

tcp/445


The following services are set to start automatically :

AudioEndpointBuilder startup parameters :
Display name : Windows Audio Endpoint Builder
Service name : AudioEndpointBuilder
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : PlugPlay/

Audiosrv startup parameters :
Display name : Windows Audio
Service name : Audiosrv
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : AudioEndpointBuilder/RpcSs/MMCSS/

BFE startup parameters :
Display name : Base Filtering Engine
Service name : BFE
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Dependencies : RpcSs/

CryptSvc startup parameters :
Display name : Cryptographic Services
Service name : CryptSvc
Log on as : NT Authority\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkService
Dependencies : RpcSs/

CscService startup parameters :
Display name : Offline Files
Service name : CscService
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/

Dhcp startup parameters :
Display name : DHCP Client
Service name : Dhcp
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : NSI/Tdx/Afd/

DiagTrack startup parameters :
Display name : Diagnostics Tracking Service
Service name : DiagTrack
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k utcsvc
Dependencies : RpcSs/

Dnscache startup parameters :
Display name : DNS Client
Service name : Dnscache
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkService
Dependencies : Tdx/nsi/

EventSystem startup parameters :
Display name : COM+ Event System
Service name : EventSystem
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : rpcss/

FDResPub startup parameters :
Display name : Function Discovery Resource Publication
Service name : FDResPub
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Dependencies : RpcSs/http/

FontCache startup parameters :
Display name : Windows Font Cache Service
Service name : FontCache
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService

IKEEXT startup parameters :
Display name : IKE and AuthIP IPsec Keying Modules
Service name : IKEEXT
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : BFE/

LanmanServer startup parameters :
Display name : Server
Service name : LanmanServer
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : SamSS/Srv/

LanmanWorkstation startup parameters :
Display name : Workstation
Service name : LanmanWorkstation
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService
Dependencies : Bowser/MRxSmb10/MRxSmb20/NSI/

MMCSS startup parameters :
Display name : Multimedia Class Scheduler
Service name : MMCSS
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs

MpsSvc startup parameters :
Display name : Windows Firewall
Service name : MpsSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Dependencies : mpsdrv/bfe/

Netlogon startup parameters :
Display name : Netlogon
Service name : Netlogon
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : LanmanWorkstation/

NlaSvc startup parameters :
Display name : Network Location Awareness
Service name : NlaSvc
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService
Dependencies : NSI/RpcSs/TcpIp/

PlugPlay startup parameters :
Display name : Plug and Play
Service name : PlugPlay
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch

Power startup parameters :
Display name : Power
Service name : Power
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch

ProfSvc startup parameters :
Display name : User Profile Service
Service name : ProfSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RpcSs/

RemoteRegistry startup parameters :
Display name : Remote Registry
Service name : RemoteRegistry
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k regsvc
Dependencies : RPCSS/

SENS startup parameters :
Display name : System Event Notification Service
Service name : SENS
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : EventSystem/

SamSs startup parameters :
Display name : Security Accounts Manager
Service name : SamSs
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : RPCSS/

ShellHWDetection startup parameters :
Display name : Shell Hardware Detection
Service name : ShellHWDetection
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RpcSs/

Spooler startup parameters :
Display name : Print Spooler
Service name : Spooler
Log on as : LocalSystem
Executable path : C:\Windows\System32\spoolsv.exe
Dependencies : RPCSS/http/

SysMain startup parameters :
Display name : Superfetch
Service name : SysMain
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : rpcss/fileinfo/

Tenable Nessus Agent startup parameters :
Display name : Tenable Nessus Agent
Service name : Tenable Nessus Agent
Log on as : LocalSystem
Executable path : "c:\Program Files\Tenable\Nessus Agent\nessus-service.exe"

Themes startup parameters :
Display name : Themes
Service name : Themes
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs

TrkWks startup parameters :
Display name : Distributed Link Tracking Client
Service name : TrkWks
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/

UxSms startup parameters :
Display name : Desktop Window Manager Session Manager
Service name : UxSms
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

WSearch startup parameters :
Display name : Windows Search
Service name : WSearch
Log on as : LocalSystem
Executable path : C:\Windows\system32\SearchIndexer.exe /Embedding
Dependencies : RPCSS/

WinDefend startup parameters :
Display name : Windows Defender
Service name : WinDefend
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k secsvcs
Dependencies : RpcSs/

Winmgmt startup parameters :
Display name : Windows Management Instrumentation
Service name : Winmgmt
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RPCSS/

clr_optimization_v4.0.30319_32 startup parameters :
Display name : Microsoft .NET Framework NGEN v4.0.30319_X86
Service name : clr_optimization_v4.0.30319_32
Log on as : LocalSystem
Executable path : C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

eventlog startup parameters :
Display name : Windows Event Log
Service name : eventlog
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

iphlpsvc startup parameters :
Display name : IP Helper
Service name : iphlpsvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k NetSvcs
Dependencies : RpcSS/Tdx/winmgmt/tcpip/nsi/

lmhosts startup parameters :
Display name : TCP/IP NetBIOS Helper
Service name : lmhosts
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : NetBT/Afd/

nsi startup parameters :
Display name : Network Store Interface Service
Service name : nsi
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : nsiproxy/

sppsvc startup parameters :
Display name : Software Protection
Service name : sppsvc
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\sppsvc.exe
Dependencies : RpcSs/

vmicheartbeat startup parameters :
Display name : Hyper-V Heartbeat Service
Service name : vmicheartbeat
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k ICService

vmickvpexchange startup parameters :
Display name : Hyper-V Data Exchange Service
Service name : vmickvpexchange
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

vmicrdv startup parameters :
Display name : Hyper-V Remote Desktop Virtualization Service
Service name : vmicrdv
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k ICService

vmicshutdown startup parameters :
Display name : Hyper-V Guest Shutdown Service
Service name : vmicshutdown
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

vmictimesync startup parameters :
Display name : Hyper-V Time Synchronization Service
Service name : vmictimesync
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

vmicvss startup parameters :
Display name : Hyper-V Volume Shadow Copy Requestor
Service name : vmicvss
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

wscsvc startup parameters :
Display name : Security Center
Service name : wscsvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : RpcSs/WinMgmt/

wuauserv startup parameters :
Display name : Windows Update
Service name : wuauserv
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : rpcss/

The following services must be started manually :

ALG startup parameters :
Display name : Application Layer Gateway Service
Service name : ALG
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\alg.exe

AeLookupSvc startup parameters :
Display name : Application Experience
Service name : AeLookupSvc
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs

AppIDSvc startup parameters :
Display name : Application Identity
Service name : AppIDSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Dependencies : RpcSs/AppID/CryptSvc/

AppMgmt startup parameters :
Display name : Application Management
Service name : AppMgmt
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs

Appinfo startup parameters :
Display name : Application Information
Service name : Appinfo
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RpcSs/ProfSvc/

AxInstSV startup parameters :
Display name : ActiveX Installer (AxInstSV)
Service name : AxInstSV
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k AxInstSVGroup
Dependencies : rpcss/

BITS startup parameters :
Display name : Background Intelligent Transfer Service
Service name : BITS
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RpcSs/EventSystem/

Browser startup parameters :
Display name : Computer Browser
Service name : Browser
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : LanmanWorkstation/LanmanServer/

COMSysApp startup parameters :
Display name : COM+ System Application
Service name : COMSysApp
Log on as : LocalSystem
Executable path : C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Dependencies : RpcSs/EventSystem/SENS/

EapHost startup parameters :
Display name : Extensible Authentication Protocol
Service name : EapHost
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RPCSS/KeyIso/

Fax startup parameters :
Display name : Fax
Service name : Fax
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\fxssvc.exe
Dependencies : TapiSrv/RpcSs/PlugPlay/Spooler/

FontCache3.0.0.0 startup parameters :
Display name : Windows Presentation Foundation Font Cache 3.0.0.0
Service name : FontCache3.0.0.0
Log on as : NT Authority\LocalService
Executable path : C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

HomeGroupListener startup parameters :
Display name : HomeGroup Listener
Service name : HomeGroupListener
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : LanmanServer/

HomeGroupProvider startup parameters :
Display name : HomeGroup Provider
Service name : HomeGroupProvider
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : netprofm/fdrespub/fdphost/

IEEtwCollectorService startup parameters :
Display name : Internet Explorer ETW Collector Service
Service name : IEEtwCollectorService
Log on as : LocalSystem
Executable path : C:\Windows\system32\IEEtwCollector.exe /V

IPBusEnum startup parameters :
Display name : PnP-X IP Bus Enumerator
Service name : IPBusEnum
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/fdPHost/

KeyIso startup parameters :
Display name : CNG Key Isolation
Service name : KeyIso
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : RpcSs/

KtmRm startup parameters :
Display name : KtmRm for Distributed Transaction Coordinator
Service name : KtmRm
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation
Dependencies : RPCSS/SamSS/

MSiSCSI startup parameters :
Display name : Microsoft iSCSI Initiator Service
Service name : MSiSCSI
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs

Netman startup parameters :
Display name : Network Connections
Service name : Netman
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/nsi/

PNRPAutoReg startup parameters :
Display name : PNRP Machine Name Publication Service
Service name : PNRPAutoReg
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServicePeerNet
Dependencies : pnrpsvc/

PNRPsvc startup parameters :
Display name : Peer Name Resolution Protocol
Service name : PNRPsvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServicePeerNet
Dependencies : p2pimsvc/

PcaSvc startup parameters :
Display name : Program Compatibility Assistant Service
Service name : PcaSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/

PeerDistSvc startup parameters :
Display name : BranchCache
Service name : PeerDistSvc
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k PeerDist
Dependencies : http/

PolicyAgent startup parameters :
Display name : IPsec Policy Agent
Service name : PolicyAgent
Log on as : NT Authority\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
Dependencies : Tcpip/bfe/

ProtectedStorage startup parameters :
Display name : Protected Storage
Service name : ProtectedStorage
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : RpcSs/

QWAVE startup parameters :
Display name : Quality Windows Audio Video Experience
Service name : QWAVE
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Dependencies : rpcss/psched/QWAVEdrv/LLTDIO/

RasAuto startup parameters :
Display name : Remote Access Auto Connection Manager
Service name : RasAuto
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RasMan/TapiSrv/RasAcd/

RasMan startup parameters :
Display name : Remote Access Connection Manager
Service name : RasMan
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : Tapisrv/SstpSvc/

RpcLocator startup parameters :
Display name : Remote Procedure Call (RPC) Locator
Service name : RpcLocator
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\locator.exe

SDRSVC startup parameters :
Display name : Windows Backup
Service name : SDRSVC
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k SDRSVC
Dependencies : RPCSS/

SNMPTRAP startup parameters :
Display name : SNMP Trap
Service name : SNMPTRAP
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\snmptrap.exe

SSDPSRV startup parameters :
Display name : SSDP Discovery
Service name : SSDPSRV
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Dependencies : HTTP/

SensrSvc startup parameters :
Display name : Adaptive Brightness
Service name : SensrSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

SessionEnv startup parameters :
Display name : Remote Desktop Configuration
Service name : SessionEnv
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RPCSS/LanmanWorkstation/

SstpSvc startup parameters :
Display name : Secure Socket Tunneling Protocol Service
Service name : SstpSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService

StiSvc startup parameters :
Display name : Windows Image Acquisition (WIA)
Service name : StiSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k imgsvc
Dependencies : RpcSs/ShellHWDetection/

TBS startup parameters :
Display name : TPM Base Services
Service name : TBS
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation

THREADORDER startup parameters :
Display name : Thread Ordering Server
Service name : THREADORDER
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService

TabletInputService startup parameters :
Display name : Tablet PC Input Service
Service name : TabletInputService
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : PlugPlay/RpcSs/

TapiSrv startup parameters :
Display name : Telephony
Service name : TapiSrv
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService
Dependencies : PlugPlay/RpcSs/

TermService startup parameters :
Display name : Remote Desktop Services
Service name : TermService
Log on as : NT Authority\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService
Dependencies : RPCSS/TermDD/

UI0Detect startup parameters :
Display name : Interactive Services Detection
Service name : UI0Detect
Log on as : LocalSystem
Executable path : C:\Windows\system32\UI0Detect.exe

UmRdpService startup parameters :
Display name : Remote Desktop Services UserMode Port Redirector
Service name : UmRdpService
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : TermService/RDPDR/

VSS startup parameters :
Display name : Volume Shadow Copy
Service name : VSS
Log on as : LocalSystem
Executable path : C:\Windows\system32\vssvc.exe
Dependencies : RPCSS/

VaultSvc startup parameters :
Display name : Credential Manager
Service name : VaultSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : rpcss/

W32Time startup parameters :
Display name : Windows Time
Service name : W32Time
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService

WMPNetworkSvc startup parameters :
Display name : Windows Media Player Network Sharing Service
Service name : WMPNetworkSvc
Log on as : NT AUTHORITY\NetworkService
Executable path : "C:\Program Files\Windows Media Player\wmpnetwk.exe"
Dependencies : http/

WPCSvc startup parameters :
Display name : Parental Controls
Service name : WPCSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : RpcSs/

WPDBusEnum startup parameters :
Display name : Portable Device Enumerator Service
Service name : WPDBusEnum
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/

WbioSrvc startup parameters :
Display name : Windows Biometric Service
Service name : WbioSrvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k WbioSvcGroup
Dependencies : RpcSs/VaultSvc/WUDFSvc/

WcsPlugInService startup parameters :
Display name : Windows Color System
Service name : WcsPlugInService
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k wcssvc
Dependencies : RpcSs/

WebClient startup parameters :
Display name : WebClient
Service name : WebClient
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : MRxDAV/

Wecsvc startup parameters :
Display name : Windows Event Collector
Service name : Wecsvc
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkService
Dependencies : HTTP/Eventlog/

WerSvc startup parameters :
Display name : Windows Error Reporting Service
Service name : WerSvc
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k WerSvcGroup

WinHttpAutoProxySvc startup parameters :
Display name : WinHTTP Web Proxy Auto-Discovery Service
Service name : WinHttpAutoProxySvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : Dhcp/

WinRM startup parameters :
Display name : Windows Remote Management (WS-Management)
Service name : WinRM
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService
Dependencies : RPCSS/HTTP/

Wlansvc startup parameters :
Display name : WLAN AutoConfig
Service name : Wlansvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : nativewifip/RpcSs/Ndisuio/Eaphost/

WwanSvc startup parameters :
Display name : WWAN AutoConfig
Service name : WwanSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Dependencies : PlugPlay/RpcSs/NdisUio/NlaSvc/

bthserv startup parameters :
Display name : Bluetooth Support Service
Service name : bthserv
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k bthsvcs
Dependencies : RpcSs/

defragsvc startup parameters :
Display name : Disk Defragmenter
Service name : defragsvc
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k defragsvc
Dependencies : RPCSS/

dot3svc startup parameters :
Display name : Wired AutoConfig
Service name : dot3svc
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/Ndisuio/Eaphost/

ehRecvr startup parameters :
Display name : Windows Media Center Receiver Service
Service name : ehRecvr
Log on as : NT AUTHORITY\networkService
Executable path : C:\Windows\ehome\ehRecvr.exe
Dependencies : RPCSS/

ehSched startup parameters :
Display name : Windows Media Center Scheduler Service
Service name : ehSched
Log on as : NT AUTHORITY\networkService
Executable path : C:\Windows\ehome\ehsched.exe
Dependencies : RPCSS/

fdPHost startup parameters :
Display name : Function Discovery Provider Host
Service name : fdPHost
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : RpcSs/http/

hidserv startup parameters :
Display name : Human Interface Device Access
Service name : hidserv
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

hkmsvc startup parameters :
Display name : Health Key and Certificate Management
Service name : hkmsvc
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RpcSs/

lltdsvc startup parameters :
Display name : Link-Layer Topology Discovery Mapper
Service name : lltdsvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalService
Dependencies : rpcss/lltdio/

msiserver startup parameters :
Display name : Windows Installer
Service name : msiserver
Log on as : LocalSystem
Executable path : C:\Windows\system32\msiexec.exe /V
Dependencies : rpcss/

napagent startup parameters :
Display name : Network Access Protection Agent
Service name : napagent
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService
Dependencies : RpcSs/

netprofm startup parameters :
Display name : Network List Service
Service name : netprofm
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalService
Dependencies : RpcSs/nlasvc/

p2pimsvc startup parameters :
Display name : Peer Networking Identity Manager
Service name : p2pimsvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServicePeerNet

p2psvc startup parameters :
Display name : Peer Networking Grouping
Service name : p2psvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServicePeerNet
Dependencies : p2pimsvc/PNRPSvc/

pla startup parameters :
Display name : Performance Logs & Alerts
Service name : pla
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
Dependencies : RPCSS/

seclogon startup parameters :
Display name : Secondary Logon
Service name : seclogon
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs

sppuinotify startup parameters :
Display name : SPP Notification Service
Service name : sppuinotify
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : EventSystem/

swprv startup parameters :
Display name : Microsoft Software Shadow Copy Provider
Service name : swprv
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k swprv
Dependencies : RPCSS/

upnphost startup parameters :
Display name : UPnP Device Host
Service name : upnphost
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Dependencies : SSDPSRV/HTTP/

vds startup parameters :
Display name : Virtual Disk
Service name : vds
Log on as : LocalSystem
Executable path : C:\Windows\System32\vds.exe
Dependencies : RpcSs/PlugPlay/

wbengine startup parameters :
Display name : Block Level Backup Engine Service
Service name : wbengine
Log on as : localSystem
Executable path : "C:\Windows\system32\wbengine.exe"

wcncsvc startup parameters :
Display name : Windows Connect Now - Config Registrar
Service name : wcncsvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
Dependencies : rpcss/

wercplsupport startup parameters :
Display name : Problem Reports and Solutions Control Panel Support
Service name : wercplsupport
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs

wmiApSrv startup parameters :
Display name : WMI Performance Adapter
Service name : wmiApSrv
Log on as : localSystem
Executable path : C:\Windows\system32\wbem\WmiApSrv.exe

wudfsvc startup parameters :
Display name : Windows Driver Foundation - User-mode Driver Framework
Service name : wudfsvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : PlugPlay/WudfPf/

The following services are disabled :

Mcx2Svc startup parameters :
Display name : Media Center Extender Service
Service name : Mcx2Svc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Dependencies : SSDPSRV/IPBusEnum/TermService/fdphost/

NetMsmqActivator startup parameters :
Display name : Net.Msmq Listener Adapter
Service name : NetMsmqActivator
Log on as : NT AUTHORITY\NetworkService
Executable path : "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator
Dependencies : was/msmq/

NetPipeActivator startup parameters :
Display name : Net.Pipe Listener Adapter
Service name : NetPipeActivator
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
Dependencies : was/

NetTcpActivator startup parameters :
Display name : Net.Tcp Listener Adapter
Service name : NetTcpActivator
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
Dependencies : was/NetTcpPortSharing/

NetTcpPortSharing startup parameters :
Display name : Net.Tcp Port Sharing Service
Service name : NetTcpPortSharing
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

RemoteAccess startup parameters :
Display name : Routing and Remote Access
Service name : RemoteAccess
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RpcSS/Bfe/RasMan/Http/+NetBIOSGroup/

SharedAccess startup parameters :
Display name : Internet Connection Sharing (ICS)
Service name : SharedAccess
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : Netman/WinMgmt/RasMan/BFE/

aspnet_state startup parameters :
Display name : ASP.NET State Service
Service name : aspnet_state
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

clr_optimization_v2.0.50727_32 startup parameters :
Display name : Microsoft .NET Framework NGEN v2.0.50727_X86
Service name : clr_optimization_v2.0.50727_32
Log on as : LocalSystem
Executable path : C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
48942 - Microsoft Windows SMB Registry : OS Version and Processor Architecture
Synopsis
It was possible to determine the processor architecture, build lab strings, and Windows OS version installed on the remote system.
Description
Nessus was able to determine the the processor architecture, build lab strings, and the Windows OS version installed on the remote system by connecting to the remote registry with the supplied credentials.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2010/08/31, Modified: 2016/11/16
Plugin Output

tcp/445

Operating system version = 6.1.7601
Architecture = x86
Build lab extended = 7601.23915.x86fre.win7sp1_ldr.170913-0600
51351 - Microsoft .NET Framework Detection
Synopsis
A software framework is installed on the remote host.
Description
Microsoft .NET Framework, a software framework for Microsoft Windows operating systems, is installed on the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2010/12/20, Modified: 2017/10/31
Plugin Output

tcp/445


The remote host has the following version(s) of Microsoft .NET Framework
installed :

+ Version : 2.0.50727
- Full Version : 2.0.50727.5420
- SP : 2

+ Version : 3.0
- Full Version : 3.0.30729.5420
- SP : 2

+ Version : 3.5
- Full Version : 3.5.30729.5420
- SP : 1
- Path : C:\Windows\Microsoft.NET\Framework\v3.5\

+ Version : 4.5
- Install Type : Full
- Full Version : 4.5.50709
- Path : C:\Windows\Microsoft.NET\Framework\v4.0.30319\

+ Version : 4.5
- Install Type : Client
- Full Version : 4.5.50709
- Path : C:\Windows\Microsoft.NET\Framework\v4.0.30319\
52459 - Microsoft Windows SMB Registry : Win 7 / Server 2008 R2 Service Pack Detection
Synopsis
It was possible to determine the service pack installed on the remote system.
Description
It is possible to determine the Service Pack version of the Windows 7 / Server 2008 R2 system by reading the registry key 'HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\CSDVersion'.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/02/25, Modified: 2014/02/17
Plugin Output

tcp/445


The remote Windows 7 / Server 2008 R2 system has Service Pack 1 applied.
56954 - Microsoft Revoked Digital Certificates Enumeration
Synopsis
The remote Windows host a list of revoked digital certificates.
Description
The remote Windows host contains a list of digital certificates that have been revoked by Microsoft.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/11/28, Modified: 2015/01/12
Plugin Output

tcp/445


The following certificates are listed in the disallowed certificate registry :

1916A2AF346D399F50313C393200F14140456616
2A83E9020591A55FC6DDAD3FB102794C52B24E70
2B84BFBB34EE2EF949FE1CBE30AA026416EB2216
305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6
367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB
3A850044D8A195CD401A680C012CB0A3B5F8DC08
40AA38731BD189F9CDB5B9DC35E2136F38777AF4
43D9BCB568E039D073A74A71D8511F7476089CC3
471C949A8143DB5AD5CDF1C972864A2504FA23C9
51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74
5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179
61793FCBFA4F9008309BBA5FF12D2CB29CD4151A
637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6
63FEAE960BAA91E343CE2BD8B71798C76BDB77D0
6431723036FD26DEA502792FA595922493030F97
7D7F4414CCEF168ADF6BF40753B5BECD78375931
80962AE4D6C5B442894E95A13E4A699E07D694CF
86E817C81A5CA672FE000F36F878C19518D6F844
8E5BD50D6AE686D65252F843A9D4B96D197730AB
9845A431D51959CAF225322B4A4FE9F223CE6D15
B533345D06F64516403C00DA03187D3BFEF59156
B86E791620F759F17B8D25E38CA8BE32E7D5EAC2
C060ED44CBD881BD0EF86C0BA287DDCF8167478C
CEA586B2CE593EC7D939898337C57814708AB2BE
D018B62DC518907247DF50925BB09ACF4A5CB3AD
F8A54E03AADC5692B850496A4C4630FFEAA29D83
FA6660A94AB45F6A88C0D7874D89A863D74DEE97
57033 - Microsoft Patch Bulletin Feasibility Check
Synopsis
Nessus is able to check for Microsoft patch bulletins.
Description
Using credentials supplied in the scan policy, Nessus is able to collect information about the software and patches installed on the remote Windows host and will use that information to check for missing Microsoft security updates.

Note that this plugin is purely informational.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/12/06, Modified: 2016/02/12
Plugin Output

tcp/445



Nessus is able to test for missing patches using :
Nessus
58181 - Windows DNS Server Enumeration
Synopsis
Nessus enumerated the DNS servers being used by the remote Windows host.
Description
Nessus was able to enumerate the DNS servers configured on the remote Windows host by looking in the registry.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2012/03/01, Modified: 2015/03/17
Plugin Output

tcp/445


Nessus enumerated DNS servers for the following interfaces :

Interface: Default
DhcpNameServer: 192.168.1.198 8.8.8.8 71.242.0.12
63080 - Microsoft Windows Mounted Devices
Synopsis
It is possible to get a list of mounted devices that may have been connected to the remote system in the past.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates mounted devices that have been connected to the remote host in the past.
See Also
Solution
Make sure that the mounted drives agree with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information:
Published: 2012/11/28, Modified: 2012/11/28
Plugin Output

tcp/445


Name : \??\volume{11225e88-f551-11e6-a4bd-806e6f6e6963}
Data : \??\FDC#GENERIC_FLOPPY_DRIVE#5&3aa3947e&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c004600440043002300470045004e0045005200490043005f0046004c004f005000500059005f004400520049005600450023003500260033006100610033003900340037006500260030002600300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{11225e87-f551-11e6-a4bd-806e6f6e6963}
Data : \??\IDE#CdRomMsft_Virtual_CD#ROM_____________________1.0_____#5&cfb56de&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c0049004400450023004300640052006f006d004d007300660074005f005600690072007400750061006c005f0043004400230052004f004d005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f0031002e0030005f005f005f005f005f00230035002600630066006200350036006400650026003000260031002e0030002e00300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \dosdevices\d:
Data : \??\IDE#CdRomMsft_Virtual_CD#ROM_____________________1.0_____#5&cfb56de&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c0049004400450023004300640052006f006d004d007300660074005f005600690072007400750061006c005f0043004400230052004f004d005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f0031002e0030005f005f005f005f005f00230035002600630066006200350036006400650026003000260031002e0030002e00300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{11225e84-f551-11e6-a4bd-806e6f6e6963}
Data : P
Raw data : c89b15080000500600000000

Name : \dosdevices\c:
Data : P
Raw data : c89b15080000500600000000

Name : \dosdevices\a:
Data : \??\FDC#GENERIC_FLOPPY_DRIVE#5&3aa3947e&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c004600440043002300470045004e0045005200490043005f0046004c004f005000500059005f004400520049005600450023003500260033006100610033003900340037006500260030002600300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{11225e83-f551-11e6-a4bd-806e6f6e6963}
Data :
Raw data : c89b15080000100000000000
63620 - Windows Product Key Retrieval
Synopsis
This plugin retrieves the Windows Product key of the remote Windows host.
Description
Using the supplied credentials, Nessus was able to obtain the retrieve the Windows host's partial product key'.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2013/01/18, Modified: 2013/01/18
Plugin Output

tcp/445


Product key : XXXXX-XXXXX-XXXXX-XXXXX-TDDQ9

Note that all but the final portion of the key has been obfuscated.
66424 - Microsoft Malicious Software Removal Tool Installed
Synopsis
An antimalware application is installed on the remote Windows host.
Description
The Microsoft Malicious Software Removal Tool is installed on the remote host. This tool is an application that attempts to detect and remove known malware from Windows systems.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2013/05/15, Modified: 2017/05/10
Plugin Output

tcp/445


File : C:\Windows\system32\MRT.exe
Version : 4.19.7304.0
Release at last run : April 2013
Report infection information to Microsoft : Yes
72367 - Microsoft Internet Explorer Version Detection
Synopsis
Internet Explorer is installed on the remote host.
Description
The remote Windows host contains Internet Explorer, a web browser created by Microsoft.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2014/02/06, Modified: 2014/02/13
Plugin Output

tcp/445


Version : 11.0.9600.18837
73990 - MS KB2871997: Update to Improve Credentials Protection and Management
Synopsis
The remote Windows host is missing an update to improve credentials protection and management.
Description
The remote host is missing one or more of the following Microsoft updates: KB2871997, KB2973351, KB2975625, KB2982378, KB2984972, KB2984976, KB2984981, KB2973501, or KB3126593. These updates are needed to improve the protection against possible credential theft.

- For Windows 7 / 2008 R2 :
KB2984972, KB2871997, KB2982378, and KB2973351 are required; also, KB2984976 (if KB2592687 is installed) or KB2984981 (if KB2830477 is installed).

- For Windows 8 / 2012 :
KB2973501, KB2871997, and KB2973351 are required.

- For Windows 8.1 / 2012 R2 :
KB2973351 (if Update 1 is installed) or KB2975625 (if Update 1 isn't installed).

These updates provide additional protection for the Local Security Authority (LSA), add a restricted administrative mode for Credential Security Support Provider (CredSSP), introduce support for the protected account-restricted domain user category, enforce stricter authentication policies, add additional protection for users' credentials, and add a restricted administrative mode for Remote Desktop Connection and Remote Desktop Protocol.
See Also
Solution
Microsoft has released a set of patches for Windows 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
Risk Factor
None
STIG Severity
II
References
MSKB 2871997
XREF IAVA:2016-A-0327
Plugin Information:
Published: 2014/05/14, Modified: 2017/08/30
Plugin Output

tcp/445




A required registry setting is missing:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest\UseLogonCredential = 0

More information: https://blogs.technet.microsoft.com/kfalde/2014/11/01/kb2871997-and-wdigest-part-1/
93962 - Microsoft Security Rollup Enumeration
Synopsis
This plugin enumerates installed Microsoft security rollups.
Description
Nessus was able to enumerate the Microsoft security rollups installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2016/10/11, Modified: 2017/12/05
Plugin Output

tcp/445


Cumulative Rollup : 11_2017 [KB4048957]
Cumulative Rollup : 10_2017 [KB4041681]
Cumulative Rollup : 09_2017 [KB4038777]
Cumulative Rollup : 08_2017 [KB4034664]
Cumulative Rollup : 07_2017 [KB4025341]
Cumulative Rollup : 06_2017 [KB4022719]
Cumulative Rollup : 05_2017 [KB4019264]
Cumulative Rollup : 04_2017 [KB4015549]
Cumulative Rollup : 03_2017 [KB4012215]
Cumulative Rollup : 01_2017 [KB3212646]

Latest effective update level : 11_2017
File checked : C:\Windows\system32\win32k.sys
File version : 6.1.7601.23932
Associated KB : 3185330, 3192391, 3192403
96982 - Server Message Block (SMB) Protocol Version 1 Enabled (uncredentialed check)
Synopsis
The remote Windows host supports the SMBv1 protocol.
Description
The remote Windows host supports Server Message Block Protocol version 1 (SMBv1). Microsoft recommends that users discontinue the use of SMBv1 due to the lack of security features that were included in later SMB versions. Additionally, the Shadow Brokers group reportedly has an exploit that affects SMB; however, it is unknown if the exploit affects SMBv1 or another version. In response to this, US-CERT recommends that users disable SMBv1 per SMB best practices to mitigate these potential issues.
See Also
Solution
Disable SMBv1 according to the vendor instructions in Microsoft KB2696547. Additionally, block SMB directly by blocking TCP port 445 on all network boundary devices. For SMB over the NetBIOS API, block TCP ports 137 / 139 and UDP ports 137 / 138 on all network boundary devices.
Risk Factor
None
References
XREF OSVDB:151058
Plugin Information:
Published: 2017/02/03, Modified: 2017/02/16
Plugin Output

tcp/445


The remote host supports SMBv1.
97086 - Server Message Block (SMB) Protocol Version 1 Enabled
Synopsis
The remote Windows host supports the SMBv1 protocol.
Description
The remote Windows host supports Server Message Block Protocol version 1 (SMBv1). Microsoft recommends that users discontinue the use of SMBv1 due to the lack of security features that were included in later SMB versions. Additionally, the Shadow Brokers group reportedly has an exploit that affects SMB; however, it is unknown if the exploit affects SMBv1 or another version. In response to this, US-CERT recommends that users disable SMBv1 per SMB best practices to mitigate these potential issues.
See Also
Solution
Disable SMBv1 according to the vendor instructions in Microsoft KB2696547. Additionally, block SMB directly by blocking TCP port 445 on all network boundary devices. For SMB over the NetBIOS API, block TCP ports 137 / 139 and UDP ports 137 / 138 on all network boundary devices.
Risk Factor
None
References
XREF OSVDB:151058
Plugin Information:
Published: 2017/02/09, Modified: 2017/10/26
Plugin Output

tcp/445


SMBv1 server is enabled :
- HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 : NULL or missing
SMBv1 client is enabled :
- HKLM\SYSTEM\CurrentControlSet\Services\mrxsmb10\Start : 3
100574 - Tenable Windows Nessus Agent Installed
Synopsis
A vulnerability scanning application is installed on the remote Windows host.
Description
Tenable Windows Nessus Agent, an agent for the Tenable Nessus vulnerability scanner, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2017/06/01, Modified: 2017/12/06
Plugin Output

tcp/445


Path : c:\Program Files\Tenable\Nessus Agent
Version : 7.0.0.21020
100871 - Microsoft Windows SMB Versions Supported (remote check)
Synopsis
It was possible to obtain information about the version of SMB running on the remote host.
Description
Nessus was able to obtain the version of SMB running on the remote host by sending an authentication request to port 139 or 445.

Note that this plugin is a remote check and does not work on agents.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2017/06/19, Modified: 2017/06/19
Plugin Output

tcp/445


The remote host supports the following versions of SMB :
SMBv1
SMBv2

34220 - Netstat Portscanner (WMI)
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/16, Modified: 2017/12/04
Plugin Output

udp/500

Port 500/udp was found to be open
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/23, Modified: 2017/11/20
Plugin Output

udp/500


The Win32 process 'svchost.exe' is listening on this port (pid 968).

This process 'svchost.exe' (pid 968) is hosting the following Windows services :
BITS (@%SystemRoot%\system32\qmgr.dll,-1000)
Browser (@%systemroot%\system32\browser.dll,-100)
CertPropSvc (@%SystemRoot%\System32\certprop.dll,-11)
IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501)
iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500)
LanmanServer (@%systemroot%\system32\srvsvc.dll,-100)
ProfSvc (@%systemroot%\system32\profsvc.dll,-300)
Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
SENS (@%SystemRoot%\system32\Sens.dll,-200)
SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026)
Themes (@%SystemRoot%\System32\themeservice.dll,-8192)
Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205)
wuauserv (@%systemroot%\system32\wuaueng.dll,-105)

34220 - Netstat Portscanner (WMI)
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/16, Modified: 2017/12/04
Plugin Output

udp/1900

Port 1900/udp was found to be open
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/23, Modified: 2017/11/20
Plugin Output

udp/1900


The Win32 process 'svchost.exe' is listening on this port (pid 1632).

This process 'svchost.exe' (pid 1632) is hosting the following Windows services :
FDResPub (@%systemroot%\system32\fdrespub.dll,-100)
SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)

35291 - SSL Certificate Signed Using Weak Hashing Algorithm
Synopsis
An SSL certificate in the certificate chain has been signed using a weak hash algorithm.
Description
The remote service uses an SSL certificate chain that has been signed using a cryptographically weak hashing algorithm (e.g. MD2, MD4, MD5, or SHA1). These signature algorithms are known to be vulnerable to collision attacks. An attacker can exploit this to generate another certificate with the same digital signature, allowing an attacker to masquerade as the affected service.

Note that this plugin reports all SSL certificate chains signed with SHA-1 that expire after January 1, 2017 as vulnerable. This is in accordance with Google's gradual sunsetting of the SHA-1 cryptographic hash algorithm.

Note that certificates in the chain that are contained in the Nessus CA database (known_CA.inc) have been ignored.
See Also
Solution
Contact the Certificate Authority to have the certificate reissued.
Risk Factor
Medium
CVSS Base Score
4.0 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVSS Temporal Score
3.5 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 33065
BID 11849
CVE CVE-2004-2761
XREF CWE:310
XREF CERT:836068
XREF OSVDB:45127
XREF OSVDB:45108
XREF OSVDB:45106
Plugin Information:
Published: 2009/01/05, Modified: 2017/06/12
Plugin Output

tcp/3389


The following certificates were part of the certificate chain sent by
the remote host, but contain hashes that are considered to be weak.

|-Subject : CN=win7x86-qa.localhost.local
|-Signature Algorithm : SHA-1 With RSA Encryption
|-Valid From : Oct 14 14:57:33 2017 GMT
|-Valid To : Apr 15 14:57:33 2018 GMT
42873 - SSL Medium Strength Cipher Suites Supported
Synopsis
The remote service supports the use of medium strength SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
See Also
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Plugin Information:
Published: 2009/11/23, Modified: 2017/09/01
Plugin Output

tcp/3389


Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
45411 - SSL Certificate with Wrong Hostname
Synopsis
The SSL certificate for this service is for a different host.
Description
The 'commonName' (CN) attribute of the SSL certificate presented for this service is for a different machine.
Solution
Purchase or generate a proper certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
Plugin Information:
Published: 2010/04/03, Modified: 2017/06/05
Plugin Output

tcp/3389


The identities known by Nessus are :

192.168.1.53
fe80::cd5c:f34c:3250:4242
win7x86-qa

The Common Name in the certificate is :

win7x86-qa.localhost.local
51192 - SSL Certificate Cannot Be Trusted
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information:
Published: 2010/12/15, Modified: 2017/05/18
Plugin Output

tcp/3389


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=win7x86-qa.localhost.local
|-Issuer : CN=win7x86-qa.localhost.local
57582 - SSL Self-Signed Certificate
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Solution
Purchase or generate a proper certificate for this service.
Risk Factor
Medium
CVSS Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information:
Published: 2012/01/17, Modified: 2016/12/14
Plugin Output

tcp/3389


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : CN=win7x86-qa.localhost.local
65821 - SSL RC4 Cipher Suites Supported (Bar Mitzvah)
Synopsis
The remote service supports the use of the RC4 cipher.
Description
The remote host supports the use of RC4 in one or more cipher suites.
The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing its randomness.

If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of millions) ciphertexts, the attacker may be able to derive the plaintext.
See Also
Solution
Reconfigure the affected application, if possible, to avoid use of RC4 ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser and web server support.
Risk Factor
Low
CVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVSS Temporal Score
2.2 (CVSS2#E:F/RL:TF/RC:ND)
References
BID 73684
BID 58796
CVE CVE-2015-2808
CVE CVE-2013-2566
XREF OSVDB:117855
XREF OSVDB:91162
Plugin Information:
Published: 2013/04/05, Modified: 2016/12/14
Plugin Output

tcp/3389


List of RC4 cipher suites supported by the remote server :

High Strength Ciphers (>= 112-bit key)

RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
83875 - SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)
Synopsis
The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits.
Description
The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in a short amount of time (depending on modulus size and attacker resources). This may allow an attacker to recover the plaintext or potentially violate the integrity of connections.
See Also
Solution
Reconfigure the service to use a unique Diffie-Hellman moduli of 2048 bits or greater.
Risk Factor
Low
CVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N)
References
BID 74733
CVE CVE-2015-4000
XREF OSVDB:122331
Plugin Information:
Published: 2015/05/28, Modified: 2016/06/16
Plugin Output

tcp/3389


Vulnerable connection combinations :

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)
10863 - SSL Certificate Information
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/05/19, Modified: 2015/12/30
Plugin Output

tcp/3389

Subject Name:

Common Name: win7x86-qa.localhost.local

Issuer Name:

Common Name: win7x86-qa.localhost.local

Serial Number: 5F DA 53 D0 14 30 18 A7 4E 59 53 77 35 E0 74 21

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Oct 14 14:57:33 2017 GMT
Not Valid After: Apr 15 14:57:33 2018 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 B9 49 89 9C 5B F7 CD AF B5 4D 1E BE 3B 08 96 67 AE 22 AD
55 77 9E 36 19 E2 01 D0 F1 CD 9B 0A 02 46 3A 66 58 94 79 20
72 47 26 D4 B3 86 FD 48 B6 BB 3C 48 EE 92 A4 0A AD 9F D3 A1
C3 28 C1 59 1F 3F F6 3D 9C 05 C0 CF 54 83 51 2A A5 79 33 A2
D0 D5 57 A8 79 D8 44 E4 30 3E 5A 38 82 53 9F 8F 4E 05 09 58
D4 25 95 A2 FC 1C 00 92 12 B2 E6 E8 C0 C4 8A 36 18 23 B1 25
D2 C0 B4 6E 58 64 BC 2C E9 F9 0C F3 CF CD 07 CE 48 33 26 99
28 43 67 04 5F D0 1E 73 B8 3C EB 53 66 D3 7F EF 97 68 A4 DA
6C 25 73 A2 44 98 30 8A 4D AF 60 A2 14 DB 62 F9 6B 44 73 F8
A8 9E EA 46 A5 25 61 73 9C 22 A6 DC BB 59 62 C5 A4 91 FE 88
43 79 A3 64 D9 A1 B6 CF FC E9 8A 34 6B E7 89 34 A7 C3 6E DB
0E E4 A9 2B B3 76 43 17 63 08 D7 FE 4E 0E E8 20 13 9F A6 48
7E C7 D2 5A 37 74 4B 89 B9 2C 90 5A 4F 67 D2 BA 95
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 7F 25 F5 2F 35 36 75 52 FA 84 23 91 7F D7 B3 87 89 F7 83
2B D8 DF 11 0F 57 3D FD D1 3E 4A 8A F7 95 59 D2 DE DA 0E 91
77 81 CA FE 22 3A 77 7A C6 C0 CA F2 95 BB 60 C6 0F 27 F7 0C
BA 6E 22 35 21 40 93 07 50 77 07 80 41 DB 4B 56 81 FF 35 38
C9 46 23 1E 7C 54 14 DC 9C 9A EE A9 42 6C 64 C1 7A 26 DE 72
3B F5 71 4A 3C F9 D6 07 56 76 7E 6F 16 9E 28 25 FE 51 C4 5E
09 B0 25 34 E1 80 E5 FF 2F 82 46 91 F2 B9 B5 49 DC 84 66 AD
C5 18 25 A9 E2 C6 04 E1 ED 1E A5 FD E3 6E FB 08 1E EA 91 5E
C2 78 38 42 5C 74 B0 DC D9 06 46 19 A8 48 D2 C3 1A 79 4E 87
D4 EA 3A C0 B4 E8 BB 58 A6 82 EB 92 03 E7 90 6D 0C 69 5E A6
84 2D B6 81 3F 4F 5C 17 11 D1 5C C2 FE 4D AD 26 A5 E6 22 93
73 B2 F8 2E FC DE D3 EC A8 BB 37 B9 54 4A 17 0D ED FB D8 ED
D7 98 17 85 7C E6 62 93 91 40 88 20 3F 46 D9 0E A8

Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment


Fingerprints :

SHA-256 Fingerprint: A5 5C 0E F5 B8 EC 34 DD F2 63 84 6A 4F 91 1E 57 19 9B 06 4E
D5 DA F8 24 61 E2 61 77 48 75 31 80
SHA-1 Fingerprint: A0 86 D2 5D 68 CA 4F 51 C7 FC 3E 0D 91 AB 6B C7 34 7E DE 5A
MD5 Fingerprint: 62 17 5F CC E8 EB F4 0C 4F B5 67 09 15 F3 9C BD
10940 - Windows Terminal Services Enabled
Synopsis
The remote Windows host has Terminal Services enabled.
Description
Terminal Services allows a Windows user to remotely obtain a graphical login (and therefore act as a local user on the remote host).

If an attacker gains a valid login and password, this service could be used to gain further access on the remote host. An attacker may also use this service to mount a dictionary attack against the remote host to try to log in remotely.

Note that RDP (the Remote Desktop Protocol) is vulnerable to Man-in-the-middle attacks, making it easy for attackers to steal the credentials of legitimate users by impersonating the Windows server.
Solution
Disable Terminal Services if you do not use it, and do not allow this service to run across the Internet.
Risk Factor
None
Plugin Information:
Published: 2002/04/20, Modified: 2017/08/07
Plugin Output

tcp/3389

21643 - SSL Cipher Suites Supported
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2006/06/05, Modified: 2017/11/13
Plugin Output

tcp/3389


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA256 Kx=DH Au=RSA Enc=AES-GCM(128) Mac=SHA256
DHE-RSA-AES256-SHA384 Kx=DH Au=RSA Enc=AES-GCM(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-GCM(128) Mac=SHA256
RSA-AES256-SHA384 Kx=RSA Au=RSA Enc=AES-GCM(256) Mac=SHA384
DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256


SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1


SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
34220 - Netstat Portscanner (WMI)
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/16, Modified: 2017/12/04
Plugin Output

tcp/3389

Port 3389/tcp was found to be open
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/23, Modified: 2017/11/20
Plugin Output

tcp/3389


The Win32 process 'svchost.exe' is listening on this port (pid 1232).

This process 'svchost.exe' (pid 1232) is hosting the following Windows services :
CryptSvc (@%SystemRoot%\system32\cryptsvc.dll,-1001)
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)
LanmanWorkstation (@%systemroot%\system32\wkssvc.dll,-100)
NlaSvc (@%SystemRoot%\System32\nlasvc.dll,-1)
TermService (@%SystemRoot%\System32\termsrv.dll,-268)
45410 - SSL Certificate 'commonName' Mismatch
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Risk Factor
None
Plugin Information:
Published: 2010/04/03, Modified: 2017/06/05
Plugin Output

tcp/3389


The host name known by Nessus is :

win7x86-qa

The Common Name in the certificate is :

win7x86-qa.localhost.local
51891 - SSL Session Resume Supported
Synopsis
The remote host allows resuming SSL sessions.
Description
This script detects whether a host allows resuming SSL sessions by performing a full SSL handshake to receive a session ID, and then reconnecting with the previously used session ID. If the server accepts the session ID in the second connection, the server maintains a cache of sessions that can be resumed.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/02/07, Modified: 2013/10/18
Plugin Output

tcp/3389


This port supports resuming TLSv1 sessions.
56984 - SSL / TLS Versions Supported
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/12/01, Modified: 2017/11/06
Plugin Output

tcp/3389


This port supports TLSv1.0/TLSv1.1/TLSv1.2.
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/12/07, Modified: 2017/06/12
Plugin Output

tcp/3389


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA256 Kx=DH Au=RSA Enc=AES-GCM(128) Mac=SHA256
DHE-RSA-AES256-SHA384 Kx=DH Au=RSA Enc=AES-GCM(256) Mac=SHA384
DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
64814 - Terminal Services Use SSL/TLS
Synopsis
The remote Terminal Services use SSL/TLS.
Description
The remote Terminal Services is configured to use SSL/TLS.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2013/02/22, Modified: 2017/06/15
Plugin Output

tcp/3389

Subject Name:

Common Name: win7x86-qa.localhost.local

Issuer Name:

Common Name: win7x86-qa.localhost.local

Serial Number: 5F DA 53 D0 14 30 18 A7 4E 59 53 77 35 E0 74 21

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Oct 14 14:57:33 2017 GMT
Not Valid After: Apr 15 14:57:33 2018 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 B9 49 89 9C 5B F7 CD AF B5 4D 1E BE 3B 08 96 67 AE 22 AD
55 77 9E 36 19 E2 01 D0 F1 CD 9B 0A 02 46 3A 66 58 94 79 20
72 47 26 D4 B3 86 FD 48 B6 BB 3C 48 EE 92 A4 0A AD 9F D3 A1
C3 28 C1 59 1F 3F F6 3D 9C 05 C0 CF 54 83 51 2A A5 79 33 A2
D0 D5 57 A8 79 D8 44 E4 30 3E 5A 38 82 53 9F 8F 4E 05 09 58
D4 25 95 A2 FC 1C 00 92 12 B2 E6 E8 C0 C4 8A 36 18 23 B1 25
D2 C0 B4 6E 58 64 BC 2C E9 F9 0C F3 CF CD 07 CE 48 33 26 99
28 43 67 04 5F D0 1E 73 B8 3C EB 53 66 D3 7F EF 97 68 A4 DA
6C 25 73 A2 44 98 30 8A 4D AF 60 A2 14 DB 62 F9 6B 44 73 F8
A8 9E EA 46 A5 25 61 73 9C 22 A6 DC BB 59 62 C5 A4 91 FE 88
43 79 A3 64 D9 A1 B6 CF FC E9 8A 34 6B E7 89 34 A7 C3 6E DB
0E E4 A9 2B B3 76 43 17 63 08 D7 FE 4E 0E E8 20 13 9F A6 48
7E C7 D2 5A 37 74 4B 89 B9 2C 90 5A 4F 67 D2 BA 95
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 7F 25 F5 2F 35 36 75 52 FA 84 23 91 7F D7 B3 87 89 F7 83
2B D8 DF 11 0F 57 3D FD D1 3E 4A 8A F7 95 59 D2 DE DA 0E 91
77 81 CA FE 22 3A 77 7A C6 C0 CA F2 95 BB 60 C6 0F 27 F7 0C
BA 6E 22 35 21 40 93 07 50 77 07 80 41 DB 4B 56 81 FF 35 38
C9 46 23 1E 7C 54 14 DC 9C 9A EE A9 42 6C 64 C1 7A 26 DE 72
3B F5 71 4A 3C F9 D6 07 56 76 7E 6F 16 9E 28 25 FE 51 C4 5E
09 B0 25 34 E1 80 E5 FF 2F 82 46 91 F2 B9 B5 49 DC 84 66 AD
C5 18 25 A9 E2 C6 04 E1 ED 1E A5 FD E3 6E FB 08 1E EA 91 5E
C2 78 38 42 5C 74 B0 DC D9 06 46 19 A8 48 D2 C3 1A 79 4E 87
D4 EA 3A C0 B4 E8 BB 58 A6 82 EB 92 03 E7 90 6D 0C 69 5E A6
84 2D B6 81 3F 4F 5C 17 11 D1 5C C2 FE 4D AD 26 A5 E6 22 93
73 B2 F8 2E FC DE D3 EC A8 BB 37 B9 54 4A 17 0D ED FB D8 ED
D7 98 17 85 7C E6 62 93 91 40 88 20 3F 46 D9 0E A8

Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment

70544 - SSL Cipher Block Chaining Cipher Suites Supported
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2013/10/22, Modified: 2013/10/22
Plugin Output

tcp/3389


Here is the list of SSL CBC ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

High Strength Ciphers (>= 112-bit key)

DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES-CBC(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA1
ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
ECDHE-RSA-AES128-SHA256 Kx=ECDH Au=RSA Enc=AES-CBC(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 Kx=ECDH Au=RSA Enc=AES-CBC(256) Mac=SHA384
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA256
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA256

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
104743 - TLS Version 1.0 Protocol Detection
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.1 and 1.2 are designed against these flaws and should be used whenever possible.

PCI DSS v3.1 requires that TLS 1.0 be disabled entirely by June 2018, except for point-of-sale terminals and their termination points.
Solution
Enable support for TLS 1.1 and 1.2, and disable support for TLS 1.0.
Risk Factor
None
Plugin Information:
Published: 2017/11/22, Modified: 2017/11/22
Plugin Output

tcp/3389

TLSv1 is enabled and the server supports at least one cipher.

34220 - Netstat Portscanner (WMI)
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/16, Modified: 2017/12/04
Plugin Output

udp/3702

Port 3702/udp was found to be open
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/23, Modified: 2017/11/20
Plugin Output

udp/3702


The Win32 process 'svchost.exe' is listening on this port (pid 1632).

This process 'svchost.exe' (pid 1632) is hosting the following Windows services :
FDResPub (@%systemroot%\system32\fdrespub.dll,-100)
SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)

34220 - Netstat Portscanner (WMI)
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/16, Modified: 2017/12/04
Plugin Output

udp/4500

Port 4500/udp was found to be open
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/23, Modified: 2017/11/20
Plugin Output

udp/4500


The Win32 process 'svchost.exe' is listening on this port (pid 968).

This process 'svchost.exe' (pid 968) is hosting the following Windows services :
BITS (@%SystemRoot%\system32\qmgr.dll,-1000)
Browser (@%systemroot%\system32\browser.dll,-100)
CertPropSvc (@%SystemRoot%\System32\certprop.dll,-11)
IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501)
iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500)
LanmanServer (@%systemroot%\system32\srvsvc.dll,-100)
ProfSvc (@%systemroot%\system32\profsvc.dll,-300)
Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
SENS (@%SystemRoot%\system32\Sens.dll,-200)
SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026)
Themes (@%SystemRoot%\System32\themeservice.dll,-8192)
Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205)
wuauserv (@%systemroot%\system32\wuaueng.dll,-105)

34220 - Netstat Portscanner (WMI)
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/16, Modified: 2017/12/04
Plugin Output

udp/5355

Port 5355/udp was found to be open
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/23, Modified: 2017/11/20
Plugin Output

udp/5355


The Win32 process 'svchost.exe' is listening on this port (pid 1232).

This process 'svchost.exe' (pid 1232) is hosting the following Windows services :
CryptSvc (@%SystemRoot%\system32\cryptsvc.dll,-1001)
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)
LanmanWorkstation (@%systemroot%\system32\wkssvc.dll,-100)
NlaSvc (@%SystemRoot%\System32\nlasvc.dll,-1)
TermService (@%SystemRoot%\System32\termsrv.dll,-268)
53513 - Link-Local Multicast Name Resolution (LLMNR) Detection
Synopsis
The remote device supports LLMNR.
Description
The remote device answered to a Link-local Multicast Name Resolution (LLMNR) request. This protocol provides a name lookup service similar to NetBIOS or DNS. It is enabled by default on modern Windows versions.
See Also
Solution
Make sure that use of this software conforms to your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information:
Published: 2011/04/21, Modified: 2012/03/05
Plugin Output

udp/5355


According to LLMNR, the name of the remote host is 'win7x86-qa'.

22964 - Service Detection
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/08/19, Modified: 2017/07/07
Plugin Output

tcp/5357

A web server is running on this port.
34220 - Netstat Portscanner (WMI)
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/16, Modified: 2017/12/04
Plugin Output

tcp/5357

Port 5357/tcp was found to be open
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/23, Modified: 2017/11/20
Plugin Output

tcp/5357


The Win32 process 'System' is listening on this port (pid 4).

10736 - DCE Services Enumeration
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2001/08/26, Modified: 2014/05/12
Plugin Output

tcp/49152


The following DCERPC services are available on TCP port 49152 :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49152
IP : 192.168.1.53
34220 - Netstat Portscanner (WMI)
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/16, Modified: 2017/12/04
Plugin Output

tcp/49152

Port 49152/tcp was found to be open
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/23, Modified: 2017/11/20
Plugin Output

tcp/49152


The Win32 process 'wininit.exe' is listening on this port (pid 488).

10736 - DCE Services Enumeration
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2001/08/26, Modified: 2014/05/12
Plugin Output

tcp/49153


The following DCERPC services are available on TCP port 49153 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Remote RPC service
TCP Port : 49153
IP : 192.168.1.53

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Remote RPC service
TCP Port : 49153
IP : 192.168.1.53

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Remote RPC service
TCP Port : 49153
IP : 192.168.1.53

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Remote RPC service
TCP Port : 49153
IP : 192.168.1.53

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Remote RPC service
TCP Port : 49153
IP : 192.168.1.53
34220 - Netstat Portscanner (WMI)
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/16, Modified: 2017/12/04
Plugin Output

tcp/49153

Port 49153/tcp was found to be open
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/23, Modified: 2017/11/20
Plugin Output

tcp/49153


The Win32 process 'svchost.exe' is listening on this port (pid 876).

This process 'svchost.exe' (pid 876) is hosting the following Windows services :
Audiosrv (@%SystemRoot%\system32\audiosrv.dll,-200)
Dhcp (@%SystemRoot%\system32\dhcpcore.dll,-100)
eventlog (@%SystemRoot%\system32\wevtsvc.dll,-200)
lmhosts (@%SystemRoot%\system32\lmhsvc.dll,-101)
vmictimesync (@%SystemRoot%\system32\vmicres.dll,-401)
wscsvc (@%SystemRoot%\System32\wscsvc.dll,-200)

10736 - DCE Services Enumeration
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2001/08/26, Modified: 2014/05/12
Plugin Output

tcp/49154


The following DCERPC services are available on TCP port 49154 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49154
IP : 192.168.1.53

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Remote RPC service
TCP Port : 49154
IP : 192.168.1.53

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Remote RPC service
TCP Port : 49154
IP : 192.168.1.53

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Remote RPC service
TCP Port : 49154
IP : 192.168.1.53

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Remote RPC service
TCP Port : 49154
IP : 192.168.1.53

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49154
IP : 192.168.1.53
34220 - Netstat Portscanner (WMI)
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/16, Modified: 2017/12/04
Plugin Output

tcp/49154

Port 49154/tcp was found to be open
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/23, Modified: 2017/11/20
Plugin Output

tcp/49154


The Win32 process 'svchost.exe' is listening on this port (pid 968).

This process 'svchost.exe' (pid 968) is hosting the following Windows services :
BITS (@%SystemRoot%\system32\qmgr.dll,-1000)
Browser (@%systemroot%\system32\browser.dll,-100)
CertPropSvc (@%SystemRoot%\System32\certprop.dll,-11)
IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501)
iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500)
LanmanServer (@%systemroot%\system32\srvsvc.dll,-100)
ProfSvc (@%systemroot%\system32\profsvc.dll,-300)
Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
SENS (@%SystemRoot%\system32\Sens.dll,-200)
SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026)
Themes (@%SystemRoot%\System32\themeservice.dll,-8192)
Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205)
wuauserv (@%systemroot%\system32\wuaueng.dll,-105)

10736 - DCE Services Enumeration
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2001/08/26, Modified: 2014/05/12
Plugin Output

tcp/49172


The following DCERPC services are available on TCP port 49172 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0
Description : Service Control Manager
Windows process : svchost.exe
Type : Remote RPC service
TCP Port : 49172
IP : 192.168.1.53
34220 - Netstat Portscanner (WMI)
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/16, Modified: 2017/12/04
Plugin Output

tcp/49172

Port 49172/tcp was found to be open
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/23, Modified: 2017/11/20
Plugin Output

tcp/49172


The Win32 process 'services.exe' is listening on this port (pid 584).

10736 - DCE Services Enumeration
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2001/08/26, Modified: 2014/05/12
Plugin Output

tcp/49177


The following DCERPC services are available on TCP port 49177 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1.0
Description : Unknown RPC service
Annotation : Remote Fw APIs
Type : Remote RPC service
TCP Port : 49177
IP : 192.168.1.53

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0
Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe
Annotation : IPSec Policy agent endpoint
Type : Remote RPC service
TCP Port : 49177
IP : 192.168.1.53
34220 - Netstat Portscanner (WMI)
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/16, Modified: 2017/12/04
Plugin Output

tcp/49177

Port 49177/tcp was found to be open
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/23, Modified: 2017/11/20
Plugin Output

tcp/49177


The Win32 process 'svchost.exe' is listening on this port (pid 1124).

This process 'svchost.exe' (pid 1124) is hosting the following Windows services :
PolicyAgent (@%SystemRoot%\System32\polstore.dll,-5010)

10736 - DCE Services Enumeration
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2001/08/26, Modified: 2014/05/12
Plugin Output

tcp/49180


The following DCERPC services are available on TCP port 49180 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
TCP Port : 49180
IP : 192.168.1.53
34220 - Netstat Portscanner (WMI)
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/16, Modified: 2017/12/04
Plugin Output

tcp/49180

Port 49180/tcp was found to be open
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/23, Modified: 2017/11/20
Plugin Output

tcp/49180


The Win32 process 'lsass.exe' is listening on this port (pid 592).

This process 'lsass.exe' (pid 592) is hosting the following Windows services :
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)

34220 - Netstat Portscanner (WMI)
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/16, Modified: 2017/12/04
Plugin Output

udp/49848

Port 49848/udp was found to be open
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/23, Modified: 2017/11/20
Plugin Output

udp/49848


The Win32 process 'svchost.exe' is listening on this port (pid 1632).

This process 'svchost.exe' (pid 1632) is hosting the following Windows services :
FDResPub (@%systemroot%\system32\fdrespub.dll,-100)
SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)

34220 - Netstat Portscanner (WMI)
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/16, Modified: 2017/12/04
Plugin Output

udp/64208

Port 64208/udp was found to be open
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/23, Modified: 2017/11/20
Plugin Output

udp/64208


The Win32 process 'svchost.exe' is listening on this port (pid 1632).

This process 'svchost.exe' (pid 1632) is hosting the following Windows services :
FDResPub (@%systemroot%\system32\fdrespub.dll,-100)
SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
192.168.1.55
4
8
4
2
156
Critical
High
Medium
Low
Info
Scan Information
Start time: Mon Dec 11 10:56:01 2017
End time: Mon Dec 11 11:09:21 2017
Host Information
DNS Name: server-2016
Netbios Name: SERVER-2016
IP: 192.168.1.55
MAC Address: 00:15:5d:0f:c6:dd
OS: Microsoft Windows Server 2016 Datacenter
Vulnerabilities

10114 - ICMP Timestamp Request Remote Date Disclosure
Synopsis
It is possible to determine the exact time set on the remote host.
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authentication protocols.

Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, but usually within 1000 seconds of the actual system time.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
References
CVE CVE-1999-0524
XREF CWE:200
XREF OSVDB:94
Plugin Information:
Published: 1999/08/01, Modified: 2012/06/18
Plugin Output

icmp/0

This host returns non-standard timestamps (high bit is set)
The ICMP timestamps might be in little endian format (not in network format)
The remote clock is synchronized with the local clock.

10897 - Microsoft Windows - Users Information : Disabled Accounts
Synopsis
At least one user account has been disabled.
Description
Using the supplied credentials, Nessus was able to list user accounts that have been disabled.
Solution
Delete accounts that are no longer needed.
Risk Factor
None
References
XREF OSVDB:752
Plugin Information:
Published: 2002/03/15, Modified: 2017/01/26
Plugin Output

tcp/0


The following user account has been disabled :

- Guest


Note that, in addition to the Administrator, Guest, and Kerberos
accounts, Nessus has enumerated only those domain users with UIDs
between 1000 and 1200. To use a different range, edit the scan policy
and change the 'Start UID' and/or 'End UID' preferences for
'SMB use domain SID to enumerate users' setting, and then re-run the scan.
10898 - Microsoft Windows - Users Information : Never Changed Password
Synopsis
At least one user has never changed his or her password.
Description
Using the supplied credentials, Nessus was able to list users who have never changed their passwords.
Solution
Allow or require users to change their passwords regularly.
Risk Factor
None
References
XREF OSVDB:755
Plugin Information:
Published: 2002/03/15, Modified: 2017/01/26
Plugin Output

tcp/0


The following user has never changed his/her password :

- Guest


Note that, in addition to the Administrator, Guest, and Kerberos
accounts, Nessus has enumerated only those domain users with UIDs
between 1000 and 1200. To use a different range, edit the scan policy
and change the 'Start UID' and/or 'End UID' preferences for
'SMB use domain SID to enumerate users' setting, and then re-run the scan.
10899 - Microsoft Windows - Users Information : User Has Never Logged In
Synopsis
At least one user has never logged into his or her account.
Description
Using the supplied credentials, Nessus was able to list users who have never logged into their accounts.
Solution
Delete accounts that are not needed.
Risk Factor
None
References
XREF OSVDB:754
Plugin Information:
Published: 2002/03/15, Modified: 2017/01/26
Plugin Output

tcp/0


The following user has never logged in :

- Guest


Note that, in addition to the Administrator, Guest, and Kerberos
accounts, Nessus has enumerated only those domain users with UIDs
between 1000 and 1200. To use a different range, edit the scan policy
and change the 'Start UID' and/or 'End UID' preferences for
'SMB use domain SID to enumerate users' setting, and then re-run the scan.
10913 - Microsoft Windows - Local Users Information : Disabled Accounts
Synopsis
At least one local user account has been disabled.
Description
Using the supplied credentials, Nessus was able to list local user accounts that have been disabled.
Solution
Delete accounts that are no longer needed.
Risk Factor
None
References
XREF OSVDB:752
Plugin Information:
Published: 2002/03/17, Modified: 2017/01/26
Plugin Output

tcp/0


The following local user account has been disabled :

- Guest


Note that, in addition to the Administrator and Guest accounts, Nessus
has only checked for local users with UIDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for 'SMB use host SID to enumerate
local users' setting, and then re-run the scan.
10914 - Microsoft Windows - Local Users Information : Never Changed Passwords
Synopsis
At least one local user has never changed his or her password.
Description
Using the supplied credentials, Nessus was able to list local users who have never changed their passwords.
Solution
Allow or require users to change their passwords regularly.
Risk Factor
None
References
XREF OSVDB:755
Plugin Information:
Published: 2002/03/17, Modified: 2017/01/26
Plugin Output

tcp/0


The following local user has never changed his/her password :

- Guest


Note that, in addition to the Administrator and Guest accounts, Nessus
has only checked for local users with UIDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for 'SMB use host SID to enumerate
local users' setting, and then re-run the scan.
10915 - Microsoft Windows - Local Users Information : User Has Never Logged In
Synopsis
At least one local user has never logged into his or her account.
Description
Using the supplied credentials, Nessus was able to list local users who have never logged into their accounts.
Solution
Delete accounts that are not needed.
Risk Factor
None
References
XREF OSVDB:754
Plugin Information:
Published: 2002/03/17, Modified: 2017/01/26
Plugin Output

tcp/0


The following local user has never logged in :

- Guest


Note that, in addition to the Administrator and Guest accounts, Nessus
has only checked for local users with UIDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for 'SMB use host SID to enumerate
local users' setting, and then re-run the scan.
11936 - OS Identification
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2003/12/09, Modified: 2017/08/29
Plugin Output

tcp/0


Remote operating system : Microsoft Windows Server 2016 Datacenter
Confidence level : 100
Method : SMB


The remote host is running Microsoft Windows Server 2016 Datacenter
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


192.168.1.55 resolves as server-2016.
19506 - Nessus Scan Information
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- Whether credentialed or third-party patch management checks are possible.
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2005/08/26, Modified: 2017/10/26
Plugin Output

tcp/0

Information about this scan :

Nessus version : 7.0.0
Plugin feed version : 201712110615
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Basic Network Scan
Scanner IP : 192.168.1.108
Port scanner(s) : wmi_netstat
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : yes, as '192.168.1.55\administrator' via SMB
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 30
Max checks : 4
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes
Scan Start Date : 2017/12/11 10:56 Eastern Standard Time
Scan duration : 795 sec
24269 - Windows Management Instrumentation (WMI) Available
Synopsis
WMI queries can be made against the remote host.
Description
The supplied credentials can be used to make WMI (Windows Management Instrumentation) requests against the remote host over DCOM.

These requests can be used to gather information about the remote host, such as its current state, network interface configuration, etc.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/02/03, Modified: 2017/11/20
Plugin Output

tcp/0

24270 - Computer Manufacturer Information (WMI)
Synopsis
It is possible to obtain the name of the remote computer manufacturer.
Description
By making certain WMI queries, it is possible to obtain the model of the remote computer as well as the name of its manufacturer and its serial number.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/02/02, Modified: 2017/11/20
Plugin Output

tcp/0


Computer Manufacturer : Microsoft Corporation
Computer Model : Virtual Machine
Computer SerialNumber : 7115-9469-0718-6223-2117-0856-54
Computer Type : Desktop

Computer Physical CPU's : 1
Computer Logical CPU's : 1
CPU0
Architecture : x64
Physical Cores: 1
Logical Cores : 1

Computer Memory : 4025 MB
None
Form Factor: Unknown
Type : Unknown
Capacity : 3968 MB
None
Form Factor: Unknown
Type : Unknown
Capacity : 60 MB
24272 - Network Interfaces Enumeration (WMI)
Synopsis
Nessus was able to obtain the list of network interfaces on the remote host.
Description
Nessus was able, via WMI queries, to extract a list of network interfaces on the remote host and the IP addresses attached to them.
Note that this plugin only enumerates IPv6 addresses for systems running Windows Vista or later.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/02/03, Modified: 2017/12/04
Plugin Output

tcp/0

+ Network Interface Information :

- Network Interface = [00000001] Microsoft Hyper-V Network Adapter
- MAC Address = 00:15:5D:0F:C6:DD
- IPAddress/IPSubnet = 192.168.1.55/255.255.255.0
- IPAddress/IPSubnet = fe80::68ab:3a8b:39b3:e915/64


+ Routing Information :

Destination Netmask Gateway
----------- ------- -------
0.0.0.0 0.0.0.0 192.168.1.1
127.0.0.0 255.0.0.0 0.0.0.0
127.0.0.1 255.255.255.255 0.0.0.0
127.255.255.255 255.255.255.255 0.0.0.0
192.168.1.0 255.255.255.0 0.0.0.0
192.168.1.55 255.255.255.255 0.0.0.0
192.168.1.255 255.255.255.255 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0
25220 - TCP/IP Timestamps Supported
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/05/16, Modified: 2011/03/20
Plugin Output

tcp/0

34096 - BIOS Version (WMI)
Synopsis
The BIOS version could be read.
Description
It is possible to get information about the BIOS vendor and its version via the host's WMI interface.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/05, Modified: 2017/11/20
Plugin Output

tcp/0


Vendor : Microsoft Corporation
Version : Hyper-V UEFI Release v1.0
Release date : 20121126000000.000000+000
UUID : A68CC768-F019-41F8-8329-E3ADF6486FDA
34220 - Netstat Portscanner (WMI)
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/16, Modified: 2017/12/04
Plugin Output

tcp/0


Nessus was able to find 25 open ports.
35716 - Ethernet Card Manufacturer Detection
Synopsis
The manufacturer can be identified from the Ethernet OUI.
Description
Each ethernet MAC address starts with a 24-bit Organizationally Unique Identifier (OUI). These OUIs are registered by IEEE.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2009/02/19, Modified: 2017/11/17
Plugin Output

tcp/0


The following card manufacturers were identified :

00:15:5d:0f:c6:dd : Microsoft Corporation
42897 - SMB Registry : Start the Registry Service during the scan (WMI)
Synopsis
The registry service was enabled for the duration of the scan.
Description
To perform a full credentialed scan, Nessus needs the ability to connect to the remote registry service (RemoteRegistry). If the service is down, this plugin will attempt to start for the duration of the scan.

For this plugin to work, you need to select the option 'Start the Remote Registry service during the scan' on the credentials page when you add your Windows credentials.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2009/11/25, Modified: 2017/11/20
Plugin Output

tcp/0


The registry service was successfully started for the duration of the scan.
42898 - SMB Registry : Stop the Registry Service after the scan (WMI)
Synopsis
The registry service was stopped after the scan.
Description
To perform a full credentialed scan, Nessus needs the ability to connect to the remote registry service (RemoteRegistry). If the service is down and if Nessus automatically enabled the registry for the duration of the scan, this plugins will stop it afterwards.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2009/11/25, Modified: 2017/11/20
Plugin Output

tcp/0


The registry service was successfully stopped after the scan.
44871 - WMI Windows Feature Enumeration
Synopsis
It is possible to enumerate Windows features using WMI.
Description
Nessus was able to enumerate the server features of the remote host by querying the 'Win32_ServerFeature' class of the '\Root\cimv2' WMI namespace for Windows Server versions or the 'Win32_OptionalFeature' class of the '\Root\cimv2' WMI namespace for Windows Desktop versions.

Note that Features can only be enumerated for Windows 7 and later for desktop versions.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2010/02/24, Modified: 2017/11/20
Plugin Output

tcp/0


Nessus enumerated the following Windows features :

- .NET Framework 4.6
- .NET Framework 4.6 Features
- File and Storage Services
- GUI for Windows Defender
- SMB 1.0/CIFS File Sharing Support
- Storage Services
- TCP Port Sharing
- WCF Services
- Windows Defender
- Windows Defender Features
- Windows PowerShell
- Windows PowerShell 5.1
- Windows PowerShell ISE
- WoW64 Support
45590 - Common Platform Enumeration (CPE)
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.

Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2010/04/21, Modified: 2017/06/06
Plugin Output

tcp/0


The remote operating system matched the following CPE :

cpe:/o:microsoft:windows_server_2016:::x64-datacenter

Following application CPE matched on the remote system :

cpe:/a:microsoft:ie:11.1358.14393.0
46180 - Additional DNS Hostnames
Synopsis
Nessus has detected potential virtual hosts.
Description
Hostnames different from the current hostname have been collected by miscellaneous plugins. Nessus has generated a list of hostnames that point to the remote host. Note that these are only the alternate hostnames for vhosts discovered on a web server.

Different web servers may be hosted on name-based virtual hosts.
See Also
Solution
If you want to test them, re-scan using the special vhost syntax, such as :

www.example.com[192.0.32.10]
Risk Factor
None
Plugin Information:
Published: 2010/04/29, Modified: 2017/04/27
Plugin Output

tcp/0

The following hostnames point to the remote host :
- server-2016.localhost.local
48337 - Windows ComputerSystemProduct Enumeration (WMI)
Synopsis
It is possible to obtain product information from the remote host using WMI.
Description
By querying the WMI class 'Win32_ComputerSystemProduct', it is possible to extract product information about the computer system such as UUID, IdentifyingNumber, vendor, etc.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2010/08/16, Modified: 2017/11/20
Plugin Output

tcp/0


+ Computer System Product
- IdentifyingNumber : 7115-9469-0718-6223-2117-0856-54
- Description : Computer System Product
- Vendor : Microsoft Corporation
- Name : Virtual Machine
- UUID : A68CC768-F019-41F8-8329-E3ADF6486FDA
- Version : Hyper-V UEFI Release v1.0
52001 - WMI QuickFixEngineering (QFE) Enumeration
Synopsis
The remote Windows host has quick-fix engineering updates installed.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via WMI.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/02/16, Modified: 2017/11/20
Plugin Output

tcp/0


Here is a list of quick-fix engineering updates installed on the
remote system :

+ KB3192137
- Description : Update
- InstalledOn : 9/12/2016

+ KB4022715
- Description : Security Update
- InstalledOn : 6/15/2017

Note that for detailed information on installed QFE's such as InstalledBy, Caption,
and so on, please run the scan with 'Report Verbosity' set to 'verbose'.
54615 - Device Type
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/05/23, Modified: 2011/05/23
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 100
55472 - Device Hostname
Synopsis
It was possible to determine the remote system hostname.
Description
This plugin reports a device's hostname collected via SSH or WMI.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/06/30, Modified: 2017/12/04
Plugin Output

tcp/0


Hostname : SERVER-2016
SERVER-2016 (WMI)
56310 - Firewall Rule Enumeration
Synopsis
A firewall is configured on the remote host.
Description
Using the supplied credentials, Nessus was able to get a list of firewall rules from the remote host.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/09/28, Modified: 2015/06/02
Plugin Output

tcp/0

report output too big - ending list here

56468 - Time of Last System Startup
Synopsis
The system has been started.
Description
Using the supplied credentials, Nessus was able to determine when the host was last started.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/10/12, Modified: 2015/08/21
Plugin Output

tcp/0


20171029161447.188844-240
58651 - Netstat Active Connections
Synopsis
Active connections are enumerated via the 'netstat' command.
Description
This plugin runs 'netstat' on the remote machine to enumerate all active 'ESTABLISHED' or 'LISTENING' tcp/udp connections.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2012/04/10, Modified: 2015/06/02
Plugin Output

tcp/0


Netstat output :

Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 704
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 864
TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 456
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 568
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 308
TCP 0.0.0.0:49671 0.0.0.0:0 LISTENING 620
TCP 0.0.0.0:49673 0.0.0.0:0 LISTENING 568
TCP 0.0.0.0:49697 0.0.0.0:0 LISTENING 1804
TCP 0.0.0.0:49698 0.0.0.0:0 LISTENING 556
TCP 0.0.0.0:49722 0.0.0.0:0 LISTENING 2820
TCP 127.0.0.1:64539 127.0.0.1:64540 ESTABLISHED 1164
TCP 127.0.0.1:64540 127.0.0.1:64539 ESTABLISHED 1164
TCP 192.168.1.55:135 192.168.1.108:56925 ESTABLISHED 704
TCP 192.168.1.55:139 0.0.0.0:0 LISTENING 4
TCP 192.168.1.55:445 192.168.1.108:56921 ESTABLISHED 4
TCP 192.168.1.55:49671 192.168.1.108:56926 ESTABLISHED 620
TCP [::]:135 [::]:0 LISTENING 704
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:3389 [::]:0 LISTENING 864
TCP [::]:5985 [::]:0 LISTENING 4
TCP [::]:47001 [::]:0 LISTENING 4
TCP [::]:49664 [::]:0 LISTENING 456
TCP [::]:49665 [::]:0 LISTENING 568
TCP [::]:49666 [::]:0 LISTENING 308
TCP [::]:49671 [::]:0 LISTENING 620
TCP [::]:49673 [::]:0 LISTENING 568
TCP [::]:49697 [::]:0 LISTENING 1804
TCP [::]:49698 [::]:0 LISTENING 556
TCP [::]:49722 [::]:0 LISTENING 2820
UDP 0.0.0.0:123 *:* 312
UDP 0.0.0.0:500 *:* 620
UDP 0.0.0.0:3389 *:* 864
UDP 0.0.0.0:4500 *:* 620
UDP 0.0.0.0:5050 *:* 312
UDP 0.0.0.0:5353 *:* 496
UDP 0.0.0.0:5355 *:* 496
UDP 127.0.0.1:1900 *:* 3020
UDP 127.0.0.1:62980 *:* 620
UDP 127.0.0.1:63459 *:* 3020
UDP 127.0.0.1:64131 *:* 496
UDP 127.0.0.1:64133 *:* 964
UDP 127.0.0.1:64135 *:* 568
UDP 192.168.1.55:137 *:* 4
UDP 192.168.1.55:138 *:* 4
UDP 192.168.1.55:1900 *:* 3020
UDP 192.168.1.55:63458 *:* 3020
UDP [::]:123 *:* 312
UDP [::]:500 *:* 620
UDP [::]:3389 *:* 864
UDP [::]:4500 *:* 620
UDP [::]:5353 *:* 496
UDP [::]:5355 *:* 496
UDP [::1]:1900 *:* 3020
UDP [::1]:63457 *:* 3020
UDP [fe80::68ab:3a8b:39b3:e915%4]:1900 *:* 3020
UDP [fe80::68ab:3a8b:39b3:e915%4]:63456 *:* 3020
62042 - SMB QuickFixEngineering (QFE) Enumeration
Synopsis
The remote host has quick-fix engineering updates installed.
Description
By connecting to the host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via the registry.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2012/09/11, Modified: 2013/03/28
Plugin Output

tcp/0


Here is a list of quick-fix engineering updates installed on the
remote system :

KB3192137, Installed on: 2016/09/12
KB4022715, Installed on: 2017/06/15
KB4023834
KB4025339
KB4034658
KB4035631
KB4038782
64582 - Netstat Connection Information
Synopsis
Nessus was able to parse the results of the 'netstat' command on the remote host.
Description
The remote host has listening ports or established connections that Nessus was able to extract from the results of the 'netstat' command.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2013/02/13, Modified: 2016/08/05
Plugin Output

tcp/0

tcp4 (listen)
src: [host=0.0.0.0, port=135]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=445]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=3389]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=5985]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=47001]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49664]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49665]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49666]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49671]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49673]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49697]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49698]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49722]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=127.0.0.1, port=64539]
dst: [host=127.0.0.1, port=64540]

tcp4 (established)
src: [host=127.0.0.1, port=64540]
dst: [host=127.0.0.1, port=64539]

tcp4 (established)
src: [host=192.168.1.55, port=135]
dst: [host=192.168.1.108, port=56925]

tcp4 (listen)
src: [host=192.168.1.55, port=139]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=192.168.1.55, port=445]
dst: [host=192.168.1.108, port=56921]

tcp4 (established)
src: [host=192.168.1.55, port=49671]
dst: [host=192.168.1.108, port=56926]

tcp6 (listen)
src: [host=[::], port=135]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=445]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=3389]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=5985]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=47001]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49664]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49665]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49666]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49671]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49673]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49697]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49698]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49722]
dst: [host=[::], port=0]

udp4 (listen)
src: [host=0.0.0.0, port=123]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=500]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=3389]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=4500]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=5050]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=5353]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=5355]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=1900]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=62980]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=63459]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=64131]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=64133]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=64135]
dst: [host=*, port=*]

udp4 (listen)
src: [host=192.168.1.55, port=137]
dst: [host=*, port=*]

udp4 (listen)
src: [host=192.168.1.55, port=138]
dst: [host=*, port=*]

udp4 (listen)
src: [host=192.168.1.55, port=1900]
dst: [host=*, port=*]

udp4 (listen)
src: [host=192.168.1.55, port=63458]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=123]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=500]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=3389]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=4500]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=5353]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=5355]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::1], port=1900]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::1], port=63457]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[fe80::68ab:3a8b:39b3:e915%4], port=1900]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[fe80::68ab:3a8b:39b3:e915%4], port=63456]
dst: [host=*, port=*]
66334 - Patch Report
Synopsis
The remote host is missing several patches.
Description
The remote host is missing one or more security patches. This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date.
Solution
Install the patches listed below.
Risk Factor
None
Plugin Information:
Published: 2013/07/08, Modified: 2017/11/20
Plugin Output

tcp/0

. Microsoft Operating System Patches :
+ To patch the remote system, you need to install the following Microsoft patches :
- KB4048953 (6 vulnerabilities)
- KB3169704


. You need to take the following action :
[ Microsoft Malware Protection Engine < 1.1.14405.2 RCE (105109) ]

+ Action to take : Enable automatic updates to update the scan engine for the relevant antimalware applications. Refer to Knowledge Base Article 2510781 for information on how to verify that MMPE has been updated.

70329 - Microsoft Windows Process Information
Synopsis
Use WMI to obtain running process information.
Description
Report details on the running processes on the machine.

This plugin is informative only and could be used for forensic investigation, malware detection, and to confirm that your system processes conform to your system policies.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2013/10/08, Modified: 2017/11/20
Plugin Output

tcp/0

Process Overview :
SID: Process (PID)
0 : System Idle Process (0)
0 : |- System (4)
0 : |- smss.exe (248)
2 : csrss.exe (2436)
2 : winlogon.exe (2588)
2 : |- dwm.exe (3004)
0 : csrss.exe (356)
1 : csrss.exe (440)
0 : wininit.exe (456)
0 : |- services.exe (556)
0 : |- svchost.exe (1084)
0 : |- VSSVC.exe (1124)
2 : |- svchost.exe (1472)
0 : |- TrustedInstaller.exe (168)
0 : |- spoolsv.exe (1804)
0 : |- svchost.exe (1864)
0 : |- svchost.exe (2032)
0 : |- svchost.exe (2040)
0 : |- msdtc.exe (2292)
0 : |- svchost.exe (2820)
0 : |- nessus-service.exe (3016)
0 : |- nessusd.exe (1164)
0 : |- svchost.exe (3020)
0 : |- svchost.exe (308)
0 : |- svchost.exe (312)
0 : |- sppsvc.exe (3876)
0 : |- svchost.exe (496)
0 : |- svchost.exe (620)
2 : |- taskhostw.exe (2256)
2 : |- sihost.exe (2728)
0 : |- svchost.exe (648)
2 : |- RuntimeBroker.exe (2128)
0 : |- WmiPrvSE.exe (2372)
0 : |- TiWorker.exe (2388)
2 : |- ApplicationFrameHost.exe (2600)
2 : |- SearchUI.exe (3428)
0 : |- WmiPrvSE.exe (3640)
0 : |- svchost.exe (704)
0 : |- svchost.exe (768)
0 : |- svchost.exe (864)
2 : |- rdpclip.exe (372)
0 : |- svchost.exe (904)
0 : |- svchost.exe (964)
0 : |- lsass.exe (568)
1 : winlogon.exe (488)
1 : |- LogonUI.exe (808)
1 : |- dwm.exe (828)
70331 - Microsoft Windows Process Module Information
Synopsis
Use WMI to obtain running process module information.
Description
Report details on the running processes modules on the machine.

This plugin is informative only and could be used for forensic investigation, malware detection, and to that confirm your system processes conform to your system policies.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2013/10/08, Modified: 2017/11/20
Plugin Output

tcp/0

Process_Modules_.csv : lists the loaded modules for each process.
71246 - Enumerate Local Group Memberships
Synopsis
Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members.
Description
Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2013/12/06, Modified: 2017/11/20
Plugin Output

tcp/0

Group Name : Access Control Assistance Operators
Host Name : SERVER-2016
Group SID : S-1-5-32-579
Members :

Group Name : Administrators
Host Name : SERVER-2016
Group SID : S-1-5-32-544
Members :
Name : Administrator
Domain : SERVER-2016
Class : Win32_UserAccount
SID : S-1-5-21-1914581703-3198222407-549970799-500
Name : Domain Admins
Domain : localhost
Class : Win32_Group
SID :

Group Name : Backup Operators
Host Name : SERVER-2016
Group SID : S-1-5-32-551
Members :

Group Name : Certificate Service DCOM Access
Host Name : SERVER-2016
Group SID : S-1-5-32-574
Members :

Group Name : Cryptographic Operators
Host Name : SERVER-2016
Group SID : S-1-5-32-569
Members :

Group Name : Distributed COM Users
Host Name : SERVER-2016
Group SID : S-1-5-32-562
Members :

Group Name : Event Log Readers
Host Name : SERVER-2016
Group SID : S-1-5-32-573
Members :

Group Name : Guests
Host Name : SERVER-2016
Group SID : S-1-5-32-546
Members :
Name : Guest
Domain : SERVER-2016
Class : Win32_UserAccount
SID : S-1-5-21-1914581703-3198222407-549970799-501

Group Name : Hyper-V Administrators
Host Name : SERVER-2016
Group SID : S-1-5-32-578
Members :

Group Name : IIS_IUSRS
Host Name : SERVER-2016
Group SID : S-1-5-32-568
Members :
Name : IUSR
Domain : SERVER-2016
Class : Win32_SystemAccount
SID : S-1-5-17

Group Name : Network Configuration Operators
Host Name : SERVER-2016
Group SID : S-1-5-32-556
Members :

Group Name : Performance Log Users
Host Name : SERVER-2016
Group SID : S-1-5-32-559
Members :

Group Name : Performance Monitor Users
Host Name : SERVER-2016
Group SID : S-1-5-32-558
Members :

Group Name : Power Users
Host Name : SERVER-2016
Group SID : S-1-5-32-547
Members :

Group Name : Print Operators
Host Name : SERVER-2016
Group SID : S-1-5-32-550
Members :

Group Name : RDS Endpoint Servers
Host Name : SERVER-2016
Group SID : S-1-5-32-576
Members :

Group Name : RDS Management Servers
Host Name : SERVER-2016
Group SID : S-1-5-32-577
Members :

Group Name : RDS Remote Access Servers
Host Name : SERVER-2016
Group SID : S-1-5-32-575
Members :

Group Name : Remote Desktop Users
Host Name : SERVER-2016
Group SID : S-1-5-32-555
Members :

Group Name : Remote Management Users
Host Name : SERVER-2016
Group SID : S-1-5-32-580
Members :

Group Name : Replicator
Host Name : SERVER-2016
Group SID : S-1-5-32-552
Members :

Group Name : Storage Replica Administrators
Host Name : SERVER-2016
Group SID : S-1-5-32-582
Members :

Group Name : System Managed Accounts Group
Host Name : SERVER-2016
Group SID : S-1-5-32-581
Members :
Name : DefaultAccount
Domain : SERVER-2016
Class : Win32_UserAccount
SID : S-1-5-21-1914581703-3198222407-549970799-503

Group Name : Users
Host Name : SERVER-2016
Group SID : S-1-5-32-545
Members :
Name : INTERACTIVE
Domain : SERVER-2016
Class : Win32_SystemAccount
SID : S-1-5-4
Name : Authenticated Users
Domain : SERVER-2016
Class : Win32_SystemAccount
SID : S-1-5-11
Name : Domain Users
Domain : localhost
Class : Win32_Group
SID :
72482 - Windows Display Driver Enumeration
Synopsis
Nessus was able to enumerate one or more of the display drivers on the remote host.
Description
Nessus was able to enumerate one or more of the display drivers on the remote host via WMI.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2014/02/06, Modified: 2017/11/20
Plugin Output

tcp/0


Device Name : Microsoft Hyper-V Video
Driver File Version : 10.0.14393.0
Driver Date : 06/21/2006
72684 - Enumerate Local Users
Synopsis
Nessus was able to connect to a host via SMB to retrieve a list of local users.
Description
Nessus was able to connect to a host via SMB to retrieve a list of local users.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2014/02/25, Modified: 2017/11/20
Plugin Output

tcp/0


Name : Administrator
SID : S-1-5-21-1914581703-3198222407-549970799-500
Disabled : False
Lockout : False
Change password : True

Name : DefaultAccount
SID : S-1-5-21-1914581703-3198222407-549970799-503
Disabled : True
Lockout : False
Change password : True

Name : Guest
SID : S-1-5-21-1914581703-3198222407-549970799-501
Disabled : True
Lockout : False
Change password : False
84047 - Hyper-V Virtual Machine Detection
Synopsis
The remote host is a Hyper-V virtual machine.
Description
According to the MAC address of its network adapter, the remote host is a Microsoft Hyper-V virtual machine.
See Also
Solution
Since it is physically accessible through the network, ensure that its configuration matches your organization's security policy.
Risk Factor
None
Plugin Information:
Published: 2015/06/09, Modified: 2017/11/20
Plugin Output

tcp/0


The remote host is a Hyper-V virtual machine.
90511 - MS KB3152550: Update to Improve Wireless Mouse Input Filtering
Synopsis
The remote Windows host is missing an update to wireless mouse input filtering.
Description
The remote Windows host is missing an update to the wireless mouse input filtering functionality. The missing update enhances security by filtering out QWERTY key packets in keystroke communications issued when receiving communication from USB wireless dongles. The update resolves a vulnerability that allows a local attacker in the physical proximity of the wireless mouse range to inject keyboard HID packets into Microsoft wireless mouse devices through the use of USB dongles.
See Also
Solution
Microsoft has released a set of patches for Windows 7, 8.1, and 10.
Risk Factor
None
References
MSKB 3152550
Plugin Information:
Published: 2016/04/13, Modified: 2017/08/30
Plugin Output

tcp/0

Nessus has determined that the remote Windows host is missing files
that are created upon installation of the update corresponding to
Microsoft Security Advisory 3152550.
92365 - Microsoft Windows Hosts File
Synopsis
Nessus was able to collect the hosts file from the remote host.
Description
Nessus was able to collect the hosts file from the remote Windows host and report it as attachment.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2016/07/19, Modified: 2017/08/30
Plugin Output

tcp/0

Windows hosts file attached.
92367 - Microsoft Windows PowerShell Execution Policy
Synopsis
Nessus was able to collect and report the PowerShell execution policy for the remote host.
Description
Nessus was able to collect and report the PowerShell execution policy for the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2016/07/19, Modified: 2017/08/30
Plugin Output

tcp/0

HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy : RemoteSigned
HKLM\SOFTWARE\Wow6432Node\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy : RemoteSigned
92371 - Microsoft Windows DNS Cache
Synopsis
Nessus was able to collect and report DNS cache information from the remote host.
Description
Nessus was able to collect details of the DNS cache from the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2016/07/19, Modified: 2017/12/06
Plugin Output

tcp/0

_ldap._tcp.pdc._msdcs.localhost.local
data.localhost.local
isatap.localhost.local
nessushost08r2
nessushost08r2
wpad

DNS cache information attached.
92421 - Internet Explorer Typed URLs
Synopsis
Nessus was able to enumerate URLs that were manually typed into the Internet Explorer address bar.
Description
Nessus was able to generate a list URLs that were manually typed into the Internet Explorer address bar.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2016/07/19, Modified: 2017/08/30
Plugin Output

tcp/0

http://go.microsoft.com/fwlink/p/?LinkId=255141

Internet Explorer typed URL report attached.
92424 - MUICache Program Execution History
Synopsis
Nessus was able to enumerate recently executed programs on the remote host.
Description
Nessus was able to query the MUIcache registry key to find evidence of program execution.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2016/07/19, Modified: 2017/08/30
Plugin Output

tcp/0

c:\windows\system32\fsquirt.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\shell32.dll.applicationcompany : Microsoft Corporation
c:\windows\system32\explorerframe.dll.friendlyappname : ExplorerFrame
c:\windows\system32\explorerframe.dll.applicationcompany : Microsoft Corporation
c:\windows\system32\cmd.exe.friendlyappname : Windows Command Processor
c:\windows\explorer.exe.friendlyappname : Windows Explorer
c:\windows\explorer.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\msiexec.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\cmd.exe.applicationcompany : Microsoft Corporation
langid : .
c:\windows\system32\shell32.dll.friendlyappname : Windows Shell Common Dll
c:\windows\system32\fsquirt.exe.friendlyappname : fsquirt
c:\windows\system32\msiexec.exe.friendlyappname : Windows. installer
@peerdistsh.dll,-9000 : BranchCache - Content Retrieval (Uses HTTP)
@c:\windows\system32\iscsicpl.dll,-5001 : iSCSI Initiator
c:\windows\system32,@elscore.dll,-8 : Microsoft Malayalam to Latin Transliteration
@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust
@c:\windows\system32\mstsc.exe,-4000 : Remote Desktop Connection
@c:\windows\system32\comres.dll,-3410 : Component Services
languagelist : en-US
92428 - Recent File History
Synopsis
Nessus was able to enumerate recently opened files on the remote host.
Description
Nessus was able to gather evidence of files opened by file type from the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2016/07/19, Modified: 2017/08/30
Plugin Output

tcp/0

C:\\Users\administrator.localhost\AppData\Roaming\Microsoft\Windows\Recent\The Internet.lnk
Recent files found in registry and appdata attached.
92431 - User Shell Folders Settings
Synopsis
Nessus was able to find the folder paths for user folders on the remote host.
Description
Nessus was able to gather a list of settings from the target system that store common user folder locations. A few of the more common locations are listed below :

- Administrative Tools
- AppData
- Cache
- CD Burning
- Cookies
- Desktop
- Favorites
- Fonts
- History
- Local AppData
- My Music
- My Pictures
- My Video
- NetHood
- Personal
- PrintHood
- Programs
- Recent
- SendTo
- Start Menu
- Startup
- Templates
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2016/07/19, Modified: 2017/08/30
Plugin Output

tcp/0

localhost.LOCAL\administrator
- {7d1d3a04-debb-4115-95cf-2f29da2920da} : C:\Users\administrator.localhost\Searches
- {1b3ea5dc-b587-4786-b4ef-bd1dc332aeae} : C:\Users\administrator.localhost\AppData\Roaming\Microsoft\Windows\Libraries
- {374de290-123f-4565-9164-39c4925e467b} : C:\Users\administrator.localhost\Downloads
- recent : C:\Users\administrator.localhost\AppData\Roaming\Microsoft\Windows\Recent
- my video : C:\Users\administrator.localhost\Videos
- my music : C:\Users\administrator.localhost\Music
- {56784854-c6cb-462b-8169-88e350acb882} : C:\Users\administrator.localhost\Contacts
- {bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968} : C:\Users\administrator.localhost\Links
- {a520a1a4-1780-4ff6-bd18-167343c5af16} : C:\Users\administrator.localhost\AppData\LocalLow
- sendto : C:\Users\administrator.localhost\AppData\Roaming\Microsoft\Windows\SendTo
- start menu : C:\Users\administrator.localhost\AppData\Roaming\Microsoft\Windows\Start Menu
- cookies : C:\Users\administrator.localhost\AppData\Local\Microsoft\Windows\INetCookies
- personal : C:\Users\administrator.localhost\Documents
- administrative tools : C:\Users\administrator.localhost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
- startup : C:\Users\administrator.localhost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
- history : C:\Users\administrator.localhost\AppData\Local\Microsoft\Windows\History
- nethood : C:\Users\administrator.localhost\AppData\Roaming\Microsoft\Windows\Network Shortcuts
- {4c5c32ff-bb9d-43b0-b5b4-2d72e54eaaa4} : C:\Users\administrator.localhost\Saved Games
- {00bcfc5a-ed94-4e48-96a1-3f6217f21990} : C:\Users\administrator.localhost\AppData\Local\Microsoft\Windows\RoamingTiles
- !do not use this registry key : Use the SHGetFolderPath or SHGetKnownFolderPath function instead
- local appdata : C:\Users\administrator.localhost\AppData\Local
- my pictures : C:\Users\administrator.localhost\Pictures
- templates : C:\Users\administrator.localhost\AppData\Roaming\Microsoft\Windows\Templates
- printhood : C:\Users\administrator.localhost\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
- cache : C:\Users\administrator.localhost\AppData\Local\Microsoft\Windows\INetCache
- desktop : C:\Users\administrator.localhost\Desktop
- programs : C:\Users\administrator.localhost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
- fonts : C:\Windows\Fonts
- cd burning : C:\Users\administrator.localhost\AppData\Local\Microsoft\Windows\Burn\Burn
- favorites : C:\Users\administrator.localhost\Favorites
- appdata : C:\Users\administrator.localhost\AppData\Roaming
92434 - User Download Folder Files
Synopsis
Nessus was able to enumerate downloaded files on the remote host.
Description
Nessus was able to generate a report of all files listed in the default user download folder.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2016/07/19, Modified: 2017/08/30
Plugin Output

tcp/0

C:\\Users\Administrator\Downloads\desktop.ini
C:\\Users\administrator.localhost\Downloads\desktop.ini
C:\\Users\Public\Downloads\desktop.ini

Download folder content report attached.

10287 - Traceroute Information
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 1999/11/27, Modified: 2017/08/22
Plugin Output

udp/0

For your information, here is the traceroute from 192.168.1.108 to 192.168.1.55 :
192.168.1.108
192.168.1.55

Hop Count: 1

34220 - Netstat Portscanner (WMI)
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/16, Modified: 2017/12/04
Plugin Output

udp/123

Port 123/udp was found to be open
34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/09/23, Modified: 2017/11/20
Plugin Output

udp/123


The Win32 process 'svchost.exe' is listening on this port (pid 312).

This process 'svchost.exe' (pid 312) is hosting the following Windows services :
CDPSvc (@%SystemRoot%\system32\cdpsvc.dll,-100)
EventSystem (@comres.dll,-2450)
FontCache (@%systemroot%\system32\FntCache.dll,-100)
netprofm (@%SystemRoot%\system32\netprofmsvc.dll,-202)
nsi (@%SystemRoot%\system32\nsisvc.dll,-200)
RemoteRegistry (@regsvc.dll,-1)
W32Time (@%SystemRoot%\system32\w32time.dll,-200)
WinHttpAutoProxySvc (@%SystemRoot%\system32\winhttp.dll,-100)

10736 - DCE Services Enumeration
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2001/08/26, Modified: 2014/05/12
Plugin Output

tcp/135


The following DCERPC services are available locally :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc03E330

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc03E330

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : NETLOGON_LRPC

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : d2716e94-25cb-4820-bc15-537866578562, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE5CDB3EC75FAD2F3E0D669868550D

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : d2716e94-25cb-4820-bc15-537866578562, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-d9b18e0f513ea3de3d

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0c53aa2e-fb1c-49c5-bfb6-c54f8e5857cd, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE5CDB3EC75FAD2F3E0D669868550D

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0c53aa2e-fb1c-49c5-bfb6-c54f8e5857cd, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-d9b18e0f513ea3de3d

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 923c9623-db7f-4b34-9e6d-e86580f8ca2a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE5CDB3EC75FAD2F3E0D669868550D

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 923c9623-db7f-4b34-9e6d-e86580f8ca2a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-d9b18e0f513ea3de3d

Object UUID : 00000002-0000-0000-0000-000000000000
UUID : 8ec21e98-b5ce-4916-a3d6-449fa428a007, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEC392BC261B8968C68CDBD5FFE8EC

Object UUID : 00000002-0000-0000-0000-000000000000
UUID : 8ec21e98-b5ce-4916-a3d6-449fa428a007, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ffca622758cba13e5e

Object UUID : 00000002-0000-0000-0000-000000000000
UUID : 0fc77b1a-95d8-4a2e-a0c0-cff54237462b, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEC392BC261B8968C68CDBD5FFE8EC

Object UUID : 00000002-0000-0000-0000-000000000000
UUID : 0fc77b1a-95d8-4a2e-a0c0-cff54237462b, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ffca622758cba13e5e

Object UUID : 00000002-0000-0000-0000-000000000000
UUID : b1ef227e-dfa5-421e-82bb-67a6a129c496, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEC392BC261B8968C68CDBD5FFE8EC

Object UUID : 00000002-0000-0000-0000-000000000000
UUID : b1ef227e-dfa5-421e-82bb-67a6a129c496, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ffca622758cba13e5e

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000002
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc083EBE222

Object UUID : 52ef130c-08fd-4388-86b3-6edf00000002
UUID : 12e65dd8-887f-41ef-91bf-8d816c42c2e7, version 1.0
Description : Unknown RPC service
Annotation : Secure Desktop LRPC interface
Type : Local RPC service
Named pipe : WMsgKRpc083EBE222

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1.0
Description : Unknown RPC service
Annotation : Remote Fw APIs
Type : Local RPC service
Named pipe : ipsec

Object UUID : 375ebf25-78de-42d1-8869-74de560e10cd
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-839804191861f51320

Object UUID : 9f7b8a1e-3785-4ae5-bd00-c2de8627ecab
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-839804191861f51320

Object UUID : 8942a4f9-4243-43b7-be7e-88a705fcd223
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-839804191861f51320

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4b112204-0e19-11d3-b42b-0000f81feb9f, version 1.0
Description : SSDP service
Windows process : unknow
Type : Local RPC service
Named pipe : LRPC-76e477aeaf49d1a229

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4c9dbf19-d39e-4bb9-90ee-8f7179b20283, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-26c1a6c994662defff

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e38f5360-8572-473e-b696-1b46873beeab, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-26c1a6c994662defff

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Local RPC service
Named pipe : LRPC-d058ae8cbac2fd7fb4

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0
Description : Unknown RPC service
Annotation : IdSegSrv service
Type : Local RPC service
Named pipe : LRPC-d058ae8cbac2fd7fb4

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0
Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LRPC-a1eb9a16c29074bdaa

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-a1eb9a16c29074bdaa

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-a1eb9a16c29074bdaa

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-a1eb9a16c29074bdaa

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-a1eb9a16c29074bdaa

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f2c9b409-c1c9-4100-8639-d8ab1486694a, version 1.0
Description : Unknown RPC service
Annotation : Witness Client Upcall Server
Type : Local RPC service
Named pipe : DNSResolver

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f2c9b409-c1c9-4100-8639-d8ab1486694a, version 1.0
Description : Unknown RPC service
Annotation : Witness Client Upcall Server
Type : Local RPC service
Named pipe : nlaplg

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f2c9b409-c1c9-4100-8639-d8ab1486694a, version 1.0
Description : Unknown RPC service
Annotation : Witness Client Upcall Server
Type : Local RPC service
Named pipe : nlaapi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : eb081a0d-10ee-478a-a1dd-50995283e7a8, version 3.0
Description : Unknown RPC service
Annotation : Witness Client Test Interface
Type : Local RPC service
Named pipe : DNSResolver

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : eb081a0d-10ee-478a-a1dd-50995283e7a8, version 3.0
Description : Unknown RPC service
Annotation : Witness Client Test Interface
Type : Local RPC service
Named pipe : nlaplg

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : eb081a0d-10ee-478a-a1dd-50995283e7a8, version 3.0
Description : Unknown RPC service
Annotation : Witness Client Test Interface
Type : Local RPC service
Named pipe : nlaapi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0
Description : Unknown RPC service
Annotation : DfsDs service
Type : Local RPC service
Named pipe : DNSResolver

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0
Description : Unknown RPC service
Annotation : DfsDs service
Type : Local RPC service
Named pipe : nlaplg

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0
Description : Unknown RPC service
Annotation : DfsDs service
Type : Local RPC service
Named pipe : nlaapi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e72914679e23024d60

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b37f900a-eae4-4304-a2ab-12bb668c0188, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e72914679e23024d60

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b3781086-6a54-489b-91c8-51d067172ab7, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e72914679e23024d60

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e7f76134-9ef5-4949-a2d6-3368cc0988f3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e72914679e23024d60

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7aeb6705-3ae6-471a-882d-f39c109edc12, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e72914679e23024d60

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f763c91c-2ab1-47fa-868f-7de7efd42194, version 1.0
Description : Unknown RPC service
Annotation : VM Allow-List Provider RPC
Type : Local RPC service
Named pipe : OLEFFBA0A209868626826DC25F5D5CB

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f763c91c-2ab1-47fa-868f-7de7efd42194, version 1.0
Description : Unknown RPC service
Annotation : VM Allow-List Provider RPC
Type : Local RPC service
Named pipe : RdvVmAllowListRpc

Object UUID : 6c637067-6569-746e-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 666f7270-6c69-7365-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 24d1f7c7-76af-4f28-9ccd-7f6cb6468601
UUID : 2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0
Description : Unknown RPC service
Annotation : Group Policy RPC Interface
Type : Local RPC service
Named pipe : LRPC-620cb7ab59d0c9fd18

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLEF3D3E88FB9470520B11DF54369DB

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEF3D3E88FB9470520B11DF54369DB

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e736df0e7ddd5cd25e

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : senssvc

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : OLEF3D3E88FB9470520B11DF54369DB

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-e736df0e7ddd5cd25e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLEF3D3E88FB9470520B11DF54369DB

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : LRPC-e736df0e7ddd5cd25e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLEF3D3E88FB9470520B11DF54369DB

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : LRPC-e736df0e7ddd5cd25e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEF3D3E88FB9470520B11DF54369DB

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e736df0e7ddd5cd25e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : SessEnvPrivateRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEF3D3E88FB9470520B11DF54369DB

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e736df0e7ddd5cd25e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : SessEnvPrivateRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-8a72ed6002aeaf96ae

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEF3D3E88FB9470520B11DF54369DB

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e736df0e7ddd5cd25e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : SessEnvPrivateRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-8a72ed6002aeaf96ae

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEF3D3E88FB9470520B11DF54369DB

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e736df0e7ddd5cd25e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : SessEnvPrivateRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-8a72ed6002aeaf96ae

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : OLEF3D3E88FB9470520B11DF54369DB

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : LRPC-e736df0e7ddd5cd25e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : SessEnvPrivateRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : LRPC-8a72ed6002aeaf96ae

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : LRPC-298105dea9522b6422

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : OLEF3D3E88FB9470520B11DF54369DB

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : LRPC-e736df0e7ddd5cd25e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : SessEnvPrivateRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : LRPC-8a72ed6002aeaf96ae

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : LRPC-298105dea9522b6422

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : OLEF3D3E88FB9470520B11DF54369DB

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : LRPC-e736df0e7ddd5cd25e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : SessEnvPrivateRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : LRPC-8a72ed6002aeaf96ae

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : LRPC-298105dea9522b6422

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Local RPC service
Named pipe : OLEF3D3E88FB9470520B11DF54369DB

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Local RPC service
Named pipe : LRPC-e736df0e7ddd5cd25e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Local RPC service
Named pipe : SessEnvPrivateRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Local RPC service
Named pipe : LRPC-8a72ed6002aeaf96ae

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Local RPC service
Named pipe : LRPC-298105dea9522b6422

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Local RPC service
Named pipe : OLEF3D3E88FB9470520B11DF54369DB

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Local RPC service
Named pipe : LRPC-e736df0e7ddd5cd25e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Local RPC service
Named pipe : SessEnvPrivateRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Local RPC service
Named pipe : LRPC-8a72ed6002aeaf96ae

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Local RPC service
Named pipe : LRPC-298105dea9522b6422

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : OLEF3D3E88FB9470520B11DF54369DB

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : LRPC-e736df0e7ddd5cd25e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : SessEnvPrivateRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : LRPC-8a72ed6002aeaf96ae

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : LRPC-298105dea9522b6422

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : OLEF3D3E88FB9470520B11DF54369DB

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : LRPC-e736df0e7ddd5cd25e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : SessEnvPrivateRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : LRPC-8a72ed6002aeaf96ae

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : LRPC-298105dea9522b6422

Object UUID : 582a47b2-bcd8-4d3c-8acb-fe09d5bd6eec
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 582a47b2-bcd8-4d3c-8acb-fe09d5bd6eec
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 582a47b2-bcd8-4d3c-8acb-fe09d5bd6eec
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEF3D3E88FB9470520B11DF54369DB

Object UUID : 582a47b2-bcd8-4d3c-8acb-fe09d5bd6eec
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e736df0e7ddd5cd25e

Object UUID : 582a47b2-bcd8-4d3c-8acb-fe09d5bd6eec
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : SessEnvPrivateRpc

Object UUID : 582a47b2-bcd8-4d3c-8acb-fe09d5bd6eec
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 582a47b2-bcd8-4d3c-8acb-fe09d5bd6eec
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-8a72ed6002aeaf96ae

Object UUID : 582a47b2-bcd8-4d3c-8acb-fe09d5bd6eec
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-298105dea9522b6422

Object UUID : 582a47b2-bcd8-4d3c-8acb-fe09d5bd6eec
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : DeviceSetupManager

Object UUID : 582a47b2-bcd8-4d3c-8acb-fe09d5bd6eec
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-014308ca6fa1f0432c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : df4df73a-c52d-4e3a-8003-8437fdf8302a, version 0.0
Description : Unknown RPC service
Annotation : WM_WindowManagerRPC\Server
Type : Local RPC service
Named pipe : LRPC-f70195bf52be621155

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0
Description : Unknown RPC service
Annotation : Base Firewall Engine API
Type : Local RPC service
Named pipe : LRPC-f70195bf52be621155

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0
Description : Unknown RPC service
Annotation : Base Firewall Engine API
Type : Local RPC service
Named pipe : LRPC-161dd518920bc4844d

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-f70195bf52be621155

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-161dd518920bc4844d

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-6a28e84eaf3b5984d5

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-f70195bf52be621155

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-161dd518920bc4844d

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-6a28e84eaf3b5984d5

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-f70195bf52be621155

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-161dd518920bc4844d

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-6a28e84eaf3b5984d5

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Local RPC service
Named pipe : LRPC-5fe15263aabba4daf4

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : LRPC-5fe15263aabba4daf4

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : LRPC-5fe15263aabba4daf4

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc6

Object UUID : b5ccd5ef-4238-440b-bba0-999f828f1cfe
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-5fe15263aabba4daf4

Object UUID : b5ccd5ef-4238-440b-bba0-999f828f1cfe
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : eventlog

Object UUID : b5ccd5ef-4238-440b-bba0-999f828f1cfe
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : dhcpcsvc

Object UUID : b5ccd5ef-4238-440b-bba0-999f828f1cfe
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : dhcpcsvc6

Object UUID : b5ccd5ef-4238-440b-bba0-999f828f1cfe
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-7feacae53c56a9800a

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-5fe15263aabba4daf4

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : dhcpcsvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : dhcpcsvc6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-7feacae53c56a9800a

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-21ed7ec0bdabfc5e21

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : LRPC-5fe15263aabba4daf4

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : dhcpcsvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : dhcpcsvc6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : LRPC-7feacae53c56a9800a

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : LRPC-21ed7ec0bdabfc5e21

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service
Annotation : NSI server endpoint
Type : Local RPC service
Named pipe : LRPC-2071a6fa8cd7c28813

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : LRPC-2071a6fa8cd7c28813

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : OLE645D0786E42F0A305F52327E8B4D

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : W32TIME_ALT

Object UUID : 3bdb59a0-d736-4d44-9074-c1ee00000001
UUID : f3f09ffd-fbcf-4291-944d-70ad6e0e73bb, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-3050fa9b756a467731

Object UUID : fdd099c6-df06-4904-83b4-a87a27903c70
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-d3d444c8f34249703a

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5222821f-d5e2-4885-84f1-5f6185a0ec41, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint for NCB Reset module
Type : Local RPC service
Named pipe : LRPC-d3d444c8f34249703a

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5222821f-d5e2-4885-84f1-5f6185a0ec41, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint for NCB Reset module
Type : Local RPC service
Named pipe : LRPC-4a58d4e89487c1d93c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0
Description : Unknown RPC service
Annotation : KAPI Service endpoint
Type : Local RPC service
Named pipe : LRPC-d3d444c8f34249703a

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0
Description : Unknown RPC service
Annotation : KAPI Service endpoint
Type : Local RPC service
Named pipe : LRPC-4a58d4e89487c1d93c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0
Description : Unknown RPC service
Annotation : KAPI Service endpoint
Type : Local RPC service
Named pipe : OLE55E464D0ADCD92154867EC60BFAE

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0
Description : Unknown RPC service
Annotation : KAPI Service endpoint
Type : Local RPC service
Named pipe : LRPC-08591fdddf7d2e0c7e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint
Type : Local RPC service
Named pipe : LRPC-d3d444c8f34249703a

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint
Type : Local RPC service
Named pipe : LRPC-4a58d4e89487c1d93c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint
Type : Local RPC service
Named pipe : OLE55E464D0ADCD92154867EC60BFAE

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint
Type : Local RPC service
Named pipe : LRPC-08591fdddf7d2e0c7e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0
Description : Unknown RPC service
Annotation : PcaSvc
Type : Local RPC service
Named pipe : LRPC-d3d444c8f34249703a

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0
Description : Unknown RPC service
Annotation : PcaSvc
Type : Local RPC service
Named pipe : LRPC-4a58d4e89487c1d93c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0
Description : Unknown RPC service
Annotation : PcaSvc
Type : Local RPC service
Named pipe : OLE55E464D0ADCD92154867EC60BFAE

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0
Description : Unknown RPC service
Annotation : PcaSvc
Type : Local RPC service
Named pipe : LRPC-08591fdddf7d2e0c7e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0
Description : Unknown RPC service
Annotation : PcaSvc
Type : Local RPC service
Named pipe : TSUMRPD_PRINT_DRV_LPC_API

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bf4dc912-e52f-4904-8ebe-9317c1bdd497, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-d3d444c8f34249703a

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bf4dc912-e52f-4904-8ebe-9317c1bdd497, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-4a58d4e89487c1d93c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bf4dc912-e52f-4904-8ebe-9317c1bdd497, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE55E464D0ADCD92154867EC60BFAE

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bf4dc912-e52f-4904-8ebe-9317c1bdd497, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-08591fdddf7d2e0c7e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bf4dc912-e52f-4904-8ebe-9317c1bdd497, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : TSUMRPD_PRINT_DRV_LPC_API

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bf4dc912-e52f-4904-8ebe-9317c1bdd497, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : trkwks

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bf4dc912-e52f-4904-8ebe-9317c1bdd497, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-a538fee2bf2fe643bd

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000001
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc03E6D1

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4bec6bb8-b5c2-4b6f-b2c1-5da5cf92d0d9, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4bec6bb8-b5c2-4b6f-b2c1-5da5cf92d0d9, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 085b0334-e454-4d91-9b8c-4134f9e793f3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 085b0334-e454-4d91-9b8c-4134f9e793f3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8782d3b9-ebbd-4644-a3d8-e8725381919b, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8782d3b9-ebbd-4644-a3d8-e8725381919b, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3b338d89-6cfa-44b8-847e-531531bc9992, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3b338d89-6cfa-44b8-847e-531531bc9992, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bdaa0970-413b-4a3e-9e5d-f6dc9d7e0760, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bdaa0970-413b-4a3e-9e5d-f6dc9d7e0760, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5824833b-3c1a-4ad2-bdfd-c31d19e23ed2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5824833b-3c1a-4ad2-bdfd-c31d19e23ed2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 6d726574-7273-0076-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : umpo

Object UUID : 6d726574-7273-0076-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : actkernel

Object UUID : 6d726574-7273-0076-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-3009868dbe1a9c45ed

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-3009868dbe1a9c45ed

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-3009868dbe1a9c45ed

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-3009868dbe1a9c45ed

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-3009868dbe1a9c45ed

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-3009868dbe1a9c45ed

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2c7fd9ce-e706-4b40-b412-953107ef9bb0, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2c7fd9ce-e706-4b40-b412-953107ef9bb0, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2c7fd9ce-e706-4b40-b412-953107ef9bb0, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-3009868dbe1a9c45ed

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2c7fd9ce-e706-4b40-b412-953107ef9bb0, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2c7fd9ce-e706-4b40-b412-953107ef9bb0, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEDCFCEC96B3BB06395E6413A32D5B

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c521facf-09a9-42c5-b155-72388595cbf0, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c521facf-09a9-42c5-b155-72388595cbf0, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c521facf-09a9-42c5-b155-72388595cbf0, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-3009868dbe1a9c45ed

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c521facf-09a9-42c5-b155-72388595cbf0, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c521facf-09a9-42c5-b155-72388595cbf0, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEDCFCEC96B3BB06395E6413A32D5B

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1832bcf6-cab8-41d4-85d2-c9410764f75a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1832bcf6-cab8-41d4-85d2-c9410764f75a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1832bcf6-cab8-41d4-85d2-c9410764f75a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-3009868dbe1a9c45ed

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1832bcf6-cab8-41d4-85d2-c9410764f75a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1832bcf6-cab8-41d4-85d2-c9410764f75a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEDCFCEC96B3BB06395E6413A32D5B

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4dace966-a243-4450-ae3f-9b7bcb5315b8, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4dace966-a243-4450-ae3f-9b7bcb5315b8, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4dace966-a243-4450-ae3f-9b7bcb5315b8, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-3009868dbe1a9c45ed

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4dace966-a243-4450-ae3f-9b7bcb5315b8, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4dace966-a243-4450-ae3f-9b7bcb5315b8, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEDCFCEC96B3BB06395E6413A32D5B

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-3009868dbe1a9c45ed

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEDCFCEC96B3BB06395E6413A32D5B

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-41e56cb12f7332285e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-3009868dbe1a9c45ed

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEDCFCEC96B3BB06395E6413A32D5B

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-41e56cb12f7332285e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-3009868dbe1a9c45ed

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEDCFCEC96B3BB06395E6413A32D5B

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-41e56cb12f7332285e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-3009868dbe1a9c45ed

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEDCFCEC96B3BB06395E6413A32D5B

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-41e56cb12f7332285e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-3009868dbe1a9c45ed

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEDCFCEC96B3BB06395E6413A32D5B

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-41e56cb12f7332285e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b8cadbaf-e84b-46b9-84f2-6f71c03f9e55, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b8cadbaf-e84b-46b9-84f2-6f71c03f9e55, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b8cadbaf-e84b-46b9-84f2-6f71c03f9e55, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-3009868dbe1a9c45ed

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b8cadbaf-e84b-46b9-84f2-6f71c03f9e55, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b8cadbaf-e84b-46b9-84f2-6f71c03f9e55, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEDCFCEC96B3BB06395E6413A32D5B

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b8cadbaf-e84b-46b9-84f2-6f71c03f9e55, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-41e56cb12f7332285e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-3009868dbe1a9c45ed

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEDCFCEC96B3BB06395E6413A32D5B

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-41e56cb12f7332285e

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-3009868dbe1a9c45ed

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEDCFCEC96B3BB06395E6413A32D5B

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-41e56cb12f7332285e

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e39c3514bcb6f08467

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-3009868dbe1a9c45ed

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEDCFCEC96B3BB06395E6413A32D5B

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-41e56cb12f7332285e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e39c3514bcb6f08467

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-66353bbd809b84ac2b

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-3009868dbe1a9c45ed

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEDCFCEC96B3BB06395E6413A32D5B

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-41e56cb12f7332285e

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e39c3514bcb6f08467

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-66353bbd809b84ac2b

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : csebpub

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-3009868dbe1a9c45ed

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEDCFCEC96B3BB06395E6413A32D5B

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-41e56cb12f7332285e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-e39c3514bcb6f08467

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-66353bbd809b84ac2b

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : csebpub

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : dabrpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-34a09d1a7755237ee9

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-3009868dbe1a9c45ed

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LSMApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe :