Microsoft's MS03-039 Scanner Reports False Negatives
peter.sentveld at planet.nl
peter.sentveld at planet.nl
Tue Sep 30 14:46:24 EDT 2003
>On Tue, Sep 30, 2003 at 11:02:48AM -0700, Jack Polimer wrote:
>> This is a little OT...
>>
>> I performed an MS03-039 scan with with Nessus and
>> performed a sanity check with Microsoft's MS03-039
>> scanner, KB824146Scan.exe. Microsoft's scanner
>> reported instances of false negatives (scanner said
>> box was patched when it was not) on devices that were
>> known not to have been patched. Has anyone else run
>> across this?
>
>Last time I checked, Microsoft scanner would not be able to audit NT4.0
>boxes which have port 139 disabled, so I'm not too surprised.
What i know from my workplace: the microsoft programs finds 63 systems with a lot of flase positives (windows 95/98 and VMS systems)
The nessus list contains 82 systems (of course without de w95/98 systems) and till now i never had a false positieve.
The systems found by nessus give strange results with the MS scanner from "host not found", some strange error codes and "needs investigation".
We used de MS list for a quicklist to act on (because its much quicker than nessus..) and once or twice a week a nessus list to be acurate...
Peter
More information about the Nessus
mailing list