Recently, Tenable’s Research group added the ability for Nessus credentialed scans to automatically start and stop the Windows Remote Registry service. This blog entry discusses the technical and political ramifications of this new feature.
Scanning Systems without the Remote Registry service running
The Remote Registry service allows remote computers with credentials to access the registry of the computer being audited. If the service is not running, reading keys and values from the registry won’t be possible, even with full credentials.