Malicious Process Detection

by Dave Breslin
June 19, 2012


This report template uses the Nessus Malicious Process Detection plugins, 59275 and 59641, to provide the details of malware and potentially unwanted software running on Windows hosts.

Everything you need to know about plugin 59275 is covered in the Tenable blog post entitled Detecting Known Malware Processes Using Nessus. Version 2 of this template accounts for the plugin update that divided the original detection results of 59275 using two plugins, 59275 and 59641.

Troubleshooting Tip

One of the requirements of using plugins 59275 and 59641 is that the Nessus scanner being used by SecurityCenter is capable of performing DNS lookups to the Internet. If you are initially unsure of how the host that Nessus is installed on is configured for DNS lookups you may wish to run a test using a credentialed scan policy (ensuring 59275 is enabled) via the Nessus GUI and look at the Audit Trail result.