CBS Removed Package Enumeration (Windows Event Log Tool)

Info Nessus Plugin ID 140578

Synopsis

Use wevtutil to extract package install info from the host.

Description

Using the Windows Event Log command line tool, this plugin enumerates packages removed by CbsTask or Deepclean.

Note: The wevtutil command is limited to members of the Administrators group and must be run with elevated privileges.
Tenable software must be provided appropriate credentials to be able to leverage this plugin.

See Also

http://www.nessus.org/u?8b788018

Plugin Details

Severity: Info

ID: 140578

File Name: wevtutil_removed_packages.nbin

Version: 1.3

Type: local

Agent: windows

Family: Windows

Published: 2020/09/14

Updated: 2020/10/07

Dependencies: 13855, 24269

Asset Inventory: True

Risk Information

Risk Factor: Info

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/Registry/Enumerated, SMB/WMI/Available