CBS Removed Package Enumeration (Windows Event Log Tool)

info Nessus Plugin ID 140578


Use wevtutil to extract package install info from the host.


Using the Windows Event Log command line tool, this plugin enumerates packages removed by CbsTask or Deepclean.

Note: The wevtutil command is limited to members of the Administrators group and must be run with elevated privileges.
Tenable software must be provided appropriate credentials to be able to leverage this plugin.

See Also

Plugin Details

Severity: Info

ID: 140578

File Name: wevtutil_removed_packages.nbin

Version: 1.62

Type: local

Agent: windows

Family: Windows

Published: 9/14/2020

Updated: 11/30/2022

Asset Inventory: true

Supported Sensors: Nessus Agent

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/Registry/Enumerated, SMB/WMI/Available