Vulnerability Scanning Windows

Z0sickxZ0sickx Posts: 147Member ■■■□□□□□□□
edited February 8 in Troubleshooting
Guess i'll break the cherry in this section, looking for any ideas on why Nessus would take 20-40 mins to scan one box. For example testing one windows 10.3 box it sits at 0% then at the 20 min mark or so its starts to progress, these would be hardened DoD Windows images. The domain account is able to login and has domain admin privileges and it does login as soon as the scan is launched based on event viewer but i feel like something is slowing it down.

any ideas/or approaches? This only happened after systems transitioned to a new windows 10 build so i feel like a certain STIG/GPO policy setting is doing this

Comments

  • iBrokeITiBrokeIT Posts: 1,165Member ■■■■■■■■□□
    The Nessus scan settings that you choose have a huge impact on performance and scan time.  
  • Z0sickxZ0sickx Posts: 147Member ■■■□□□□□□□
    iBrokeIT said:
    The Nessus scan settings that you choose have a huge impact on performance and scan time.  
    right but as of now they're run with conservative settings, we've even tried cutting those max host/max plugins in half with no noticeable difference other then long scan times. In the mean time as i've troubleshooted I changed all scanners to use HIGH memory usage to squeeze a little more performance out of them and since they are dedicated scanners with plenty of RAM
  • iBrokeITiBrokeIT Posts: 1,165Member ■■■■■■■■□□
    Should we try praying to Cthulhu to see if that works?  If your expectation is for people to troubleshoot your issue, youre going to need to start posting relevant details such has your entire Nessus scan configuration otherwise best of luck with Cthulhu.
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,125Admin Admin
    Does Nessus provide a very verbose output format that timestamps each of the scanning operations that it performs? Seems like that would be the best way to determine where it is spending most of its time.
  • iBrokeITiBrokeIT Posts: 1,165Member ■■■■■■■■□□
    JDMurray said:
    Does Nessus provide a very verbose output format that timestamps each of the scanning operations that it performs? Seems like that would be the best way to determine where it is spending most of its time.
    Interesting fact, if you place a check mark next to "Enable plugin debugging" it will triple your scan times because Nessus will have that write the verbose output to disk.  That is according to what a Tenable support engineer told me last fall.  There are numerous other settings that will have a performance impact which is why he needs to post the full scan config.
  • Z0sickxZ0sickx Posts: 147Member ■■■□□□□□□□
    Don't have the exact settings in front of me now so i'll have to wait until monday. everything is being run in SecurityCenter but can just use one of the standalone scanners and modify the logging on Nessus to output verbose details with full audit trail to see if i can find consistent plugins that take long..hoping its just a handful of plugins cause long scan time and not all of them...from the scans i looked at today they tended to take 1300-1900 seconds to complete per system
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,125Admin Admin
    iBrokeIT said:
    Interesting fact, if you place a check mark next to "Enable plugin debugging" it will triple your scan times because Nessus will have that write the verbose output to disk.
    I'd write those logs to an SSD or virtual (RAM) drive to speed that up.
Sign In or Register to comment.