Nessus Windows Scan Not Performed with Admin Privileges
Info Nessus Plugin ID 24786
SynopsisThe Nessus scan of this host may be incomplete due to insufficient privileges provided.
DescriptionThe Nessus scanner testing the remote host has been given SMB credentials to log into the remote host, however these credentials do not have administrative privileges.
Typically, when Nessus performs a patch audit, it logs into the remote host and reads the version of the DLLs on the remote host to determine if a given patch has been applied or not. This is the method Microsoft recommends to determine if a patch has been applied.
If your Nessus scanner does not have administrative privileges when doing a scan, then Nessus has to fall back to perform a patch audit through the registry which may lead to false positives (especially when using third-party patch auditing tools) or to false negatives (not all patches can be detected through the registry).
SolutionReconfigure your scanner to use credentials with administrative privileges.