Microsoft Windows SMB Registry : SFCDisable Key Permission Weakness

This script is Copyright (C) 2000-2016 Tenable Network Security, Inc.

Synopsis :

Local users have full privileges on the remote host.

Description :

The registry key HKLM\SOFTWARE\Microsoft\Windows
NT\WinLogon\SFCDisable has its value set to a value other than 0 or 4.

Any value other than 0 or 4 disables the Windows File Protection,
which allows any user on the remote host to view / modify any file he

This probably means that this host has been compromised.

See also :

Solution :

Set the value of this key to 0. You should reinstall this host

Risk factor :

High / CVSS Base Score : 7.2

Family: Windows

Nessus Plugin ID: 10449 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now