Transcription
SecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 2012TENABLE NETWORK SECURITY, INC.AntivirusSoftware CheckMay 14, 2012 at 8:00pm CDT[dbreslin7]Confidential: The following report contains confidential information. Do not distribute, email, fax,or transfer via any electronic mechanism unless it has been approved by the recipient company'ssecurity policy. All copies and backups of this document should be saved on protected storage at alltimes. Do not share any of the information contained within this report with anyone unless they areauthorized to view the information. Violating any of the previous instructions is grounds for termination.
Antivirus Software CheckSecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 2012Table of Contents7 Day Trend of Antivirus Check ResultsAntivirus Check Results.1.Antivirus Check Fails Grouped by Subnet and LocationAntivirus Check Fails Grouped by Host.245.10.10.0.45 . 610.20.0.100 . 710.40.0.201 . 810.60.1.15 . 910.70.5.75 . 1010.80.5.7 . 1110.90.0.3 . 1210.100.0.9 . 1310.110.0.20 . 1410.110.2.9 . 1510.120.0.36 . 1610.200.100.64 . 1710.200.100.98 . 18Table of ContentsTenable Network Securityi
Antivirus Software CheckSecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 20127 Day Trend of Antivirus CheckResults7 Day Trend7 Day Trend of Antivirus Check ResultsTenable Network Security1
Antivirus Software CheckSecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 2012Antivirus Check ResultsAntivirus Check Pass and FailsAntivirus Check ResultsTenable Network Security2
Antivirus Software CheckSecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 2012Antivirus Check Pass TotalPlugin16193Total26SeverityInfoPlugin NameAntivirus SoftwareCheckFamilyWindowsAntivirus Check Fail TotalsPluginTotalSeverityPlugin NameFamily565681CriticalMac OS X XProtectInstalledMacOS X Local Security Checks548461CriticalSophos Anti-VirusDetection (Mac OSX)MacOS X Local Security Checks526681CriticalF-Secure AntivirusDetectionWindows525441CriticalMicrosoft ForefrontEndpoint Protection/WindowsAnti-malware ClientDetection242321CriticalBitDefenderAntivirus DetectionWindows217251CriticalSymantecAntivirus Detection(Corporate Edition)Windows216081CriticalESET NOD32Antivirus DetectionWindows202841CriticalKaspersky AntiVirus DetectionWindows202831CriticalPanda AntivirusDetectionWindows161921CriticalTrend MicroAntivirus DetectionWindows122151CriticalSophos Anti-VirusDetectionWindows121071CriticalMcAfee AntivirusDetectionWindows121061CriticalNorton AntivirusDetectionWindowsAntivirus Check ResultsTenable Network Security3
Antivirus Software CheckSecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 2012Antivirus Check Fails Groupedby Subnet and LocationFails Grouped by SubnetIP 0.0.0/24110.200.100.0/242Fails Grouped by LocationAssetTotalHQ6Chicago Contact Center4Milton Keynes Contact Center3Antivirus Check Fails Grouped by Subnet and LocationTenable Network Security4
Antivirus Software CheckSecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 2012Antivirus Check Fails Groupedby HostHost Fail SummaryIP AddressNetBIOS NameDNS NameMAC 031.itsdept.com60:c5:47:5b:10:11Antivirus Check Fails Grouped by HostTenable Network Security5
Antivirus Software CheckSecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 201210.10.0.45NetBIOS Name: ITSDEPT\DT1013Vulnerabilities: Critical: 1, High: 44, Medium: 16, Low: 5, Info: 106DNS Name: dt1013.itsdept.comLast Scan: May 13, 2012 @ 10:06AMHost Fail DetailsPlugin12106Plugin NameNorton opsis: An antivirus is installed on the remote host, but it is not working properly.Description: Norton Anti-Virus, a commercial anti-virus software package for Windows, is installed on the remote host. However,there is a problem with the install - either its services are not running or its engine and/or virus definition are out-of-date.Solution: Make sure updates are working and the associated services are running.Risk Factor: CriticalCVSS Base Score: 10.0CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:CPlugin Output:The remote host has the Norton Antivirus installed. It has beenfingerprinted as :Norton/Symantec Antivirus 15.0.0.58DAT version : 20070820The remote host has an out-dated version of the Nortonvirus database. Last version is 20120501The remote Norton AntiVirus is not running.As a result, the remote host might be infected by viruses received byemail or other means.Plugin Publication Date: 2004/03/16Plugin Modification Date: 2012/05/02Plugin Type: localSource File: nav installed.naslAntivirus Check Fails Grouped by HostTenable Network Security6
Antivirus Software CheckSecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 201210.20.0.100NetBIOS Name: ITSDEPT\DT2099Vulnerabilities: Critical: 1, High: 44, Medium: 16, Low: 5, Info: 102DNS Name: dt2099.itsdept.comLast Scan: May 13, 2012 @ 10:17AMHost Fail DetailsPlugin20284Plugin NameKaspersky nopsis: An antivirus is installed on the remote host, but it is not working properly.Description: Kaspersky Anti-Virus, a commercial anti-virus software package for Windows, is installed on the remote host.However, there is a problem with the install - either its services are not running or its engine and/or virus definitions are out-ofdate.Solution: Make sure updates are working and the associated services are running.See Also: http://www.kaspersky.com/Risk Factor: CriticalCVSS Base Score: 10.0CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:CPlugin Output:Kaspersky Anti-Virus is installed on the remote host :Product Name: . B828@CA .0A?5@A:>3>;O Windows WorkstationsVersion: 6.0.2.678Installation Path: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows WorkstationsVirus signatures: 03/05/2007The virus signatures on the remote host are out-of-date - the lastknown update from the vendor is 05/02/2012The remote Kaspersky Anti-Virus service is not running.As a result, the remote host might be infected by viruses.Plugin Publication Date: 2005/12/09Plugin Modification Date: 2012/05/02Plugin Type: localSource File: kaspersky installed.naslAntivirus Check Fails Grouped by HostTenable Network Security7
Antivirus Software CheckSecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 201210.40.0.201NetBIOS Name: ITSDEPT\DT4113Vulnerabilities: Critical: 1, High: 40, Medium: 16, Low: 5, Info: 102DNS Name: dt4113.itsdept.comLast Scan: May 13, 2012 @ 10:32AMHost Fail DetailsPlugin52544Plugin NameSeverityMicrosoft ForefrontEndpoint Protection/Anti-malware ClientDetectionCriticalFamilyWindowsSynopsis: An antivirus or anti-malware is installed on the remote host, but it is not working properly.Description: Microsoft Forefront Endpoint Protection or other anti-malware product from Microsoft is installed on the remote host.However, there is a problem with the install - either its services are not running or its engine and/or virus definitions are out-ofdate.Solution: Make sure updates are working and the associated services are running.See Also: http://www.nessus.org/u?8dfaf4e2Risk Factor: CriticalCVSS Base Score: 10.0CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:CPlugin Output:A Microsoft anti-malware product is installed on the remote host :Product name : Microsoft Security ClientPath : c:\Program Files\Microsoft Security Client\Antimalware\Version : 2.2.0903.0It was not possible to determine whether antivirus signatures are up-to-date.It was not possible to determine whether Antispyware signatures are up-to-date.It was not possible to determine the engine version for the antivirus software.As a result, the remote host might be infected by viruses received byemail or other means.Plugin Publication Date: 2011/03/04Plugin Modification Date: 2012/05/02Plugin Type: localSource File: fep installed.naslAntivirus Check Fails Grouped by HostTenable Network Security8
Antivirus Software CheckSecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 201210.60.1.15NetBIOS Name: ITSDEPT\DT6120Vulnerabilities: Critical: 1, High: 41, Medium: 18, Low: 5, Info: 104DNS Name: dt6120.itsdept.comLast Scan: May 13, 2012 @ 10:43AMHost Fail DetailsPlugin24232Plugin NameBitDefender opsis: An antivirus is installed on the remote host, but it is not working properly.Description: BitDefender, a commercial antivirus software package for Windows, is installed on the remote host. However, thereis a problem with the install - either its services are not running or its engine and/or virus definition are out-of-date.Solution: Make sure updates are working and the associated services are running.See Also: http://www.bitdefender.com/Risk Factor: CriticalCVSS Base Score: 10.0CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:CPlugin Output:BitDefender is installed on the remote host :Product name : unknownVersion : unknownInstallation path : C:\Program Files\Softwin\BitDefender10Signature number : 532320Signature update : Mon Apr 16 17:52:28 2007Engine : 7.12435The virus signatures on the remote host are out-of-date - the lastknown update from the vendor is signature number 7126243.As a result, the remote host might be infected by viruses.Plugin Publication Date: 2007/01/22Plugin Modification Date: 2012/05/02Plugin Type: localSource File: bitdefender installed.naslAntivirus Check Fails Grouped by HostTenable Network Security9
Antivirus Software CheckSecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 201210.70.5.75NetBIOS Name: ITSDEPT\DT7440Vulnerabilities: Critical: 1, High: 42, Medium: 17, Low: 5, Info: 108DNS Name: dt7440.itsdept.comLast Scan: May 13, 2012 @ 11:04AMHost Fail DetailsPlugin12107Plugin NameMcAfee opsis: The remote antivirus is not up to date.Description: The remote host is running McAfee VirusScan Antivirus. The remote version of this software is not up to date (engineand/or virus definitions).It may allow an infection of the remote host by a virus or a worm.Solution: Update your virus definitions and/or antivirus engineRisk Factor: CriticalCVSS Base Score: 10.0CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:CPlugin Output:The remote host has the McAfee antivirus installed.Engine version : 5100.194DAT version : 4834Updated date : 2006/08/21ePO Agent : not present.The remote host has an out-dated version of the McAfeevirus engine. Latest version is 5400The remote host has an out-dated version of the McAfeevirus database. Latest version is 6698Plugin Publication Date: 2004/03/16Plugin Modification Date: 2012/05/02Plugin Type: localSource File: mcafee installed.naslAntivirus Check Fails Grouped by HostTenable Network Security10
Antivirus Software CheckSecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 201210.80.5.7NetBIOS Name: ITSDEPT\DT8773Vulnerabilities: Critical: 1, High: 42, Medium: 16, Low: 5, Info: 103DNS Name: dt8773.itsdept.comLast Scan: May 13, 2012 @ 11:13AMHost Fail DetailsPlugin20283Plugin NamePanda opsis: An antivirus is installed on the remote host, but it is not working properly.Description: Panda Anti-Virus, a commercial antivirus software package for Windows, is installed on the remote host. However,there is a problem with the install - either its services are not running or its engine or virus definitions are out-of-date.Solution: Make sure updates are working and the associated services are running.See Also: http://www.pandasoftware.com/Risk Factor: CriticalCVSS Base Score: 10.0CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:CPlugin Output:Panda Antivirus is installed on the remote host :Product Name: Panda Antivirus Pro 2010Version: 9.01.00.0000Installation Path: C:\Program Files\Panda Security\Panda Antivirus Pro 2010\Virus signatures: 10-15-2009The virus signatures on the remote host are out-of-date - the lastknown update from the vendor is 05-01-2012As a result, the remote host might be infected by viruses.Plugin Publication Date: 2005/12/09Plugin Modification Date: 2012/05/02Plugin Type: localSource File: panda antivirus installed.naslAntivirus Check Fails Grouped by HostTenable Network Security11
Antivirus Software CheckSecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 201210.90.0.3NetBIOS Name: ITSDEPT\DT9002Vulnerabilities: Critical: 1, High: 42, Medium: 16, Low: 5, Info: 147DNS Name: dt9002.itsdept.comLast Scan: May 13, 2012 @ 11:37AMHost Fail DetailsPlugin12215Plugin NameSeveritySophos Anti-VirusDetectionCriticalFamilyWindowsSynopsis: An antivirus is installed on the remote host, but it is not working properly.Description: Sophos Anti-Virus, a commercial antivirus software package for Windows, is installed on the remote host. However,there is a problem with the install - either its services are not running or its engine and/or virus definition are out of date.Solution: Make sure updates are working and the associated services are running.See Also: http://www.sophos.com/Risk Factor: CriticalCVSS Base Score: 10.0CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:CPlugin Output:Sophos Anti-Virus is installed on the remote host :Installation path : c:\Program Files\Sophos\Sophos Anti-VirusProduct version : 10.0.4Engine version : 3.31.20.1956Virus signatures last updated : neverThe virus signatures on the remote host have never been updated!The last update from the vendor was on 2012/05/02.As a result, the remote host might be infected by viruses.CPE: cpe:/a:sophos:sophos anti-virusPlugin Publication Date: 2004/04/26Plugin Modification Date: 2012/05/02Plugin Type: localSource File: sophos installed.naslAntivirus Check Fails Grouped by HostTenable Network Security12
Antivirus Software CheckSecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 201210.100.0.9NetBIOS Name: ITSDEPT\LT1004Vulnerabilities: Critical: 1, High: 46, Medium: 16, Low: 5, Info: 114DNS Name: lt1004.itsdept.comLast Scan: May 13, 2012 @ 12:25PMHost Fail DetailsPlugin16192Plugin NameTrend Micro opsis: An antivirus is installed on the remote host, but it is not working properly.Description: Trend Micro Antivirus, a commercial antivirus software package for Windows, is installed on the remote host, but it isnot working properly.Solution: Make sure updates are working and the associated services are running.See Also: http://www.trendmicro.com/Risk Factor: CriticalCVSS Base Score: 10.0CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:CPlugin Output:Nessus has gathered the following information about the installationof Trend Micro AntiVirus on the remote host :Trend Micro AntiVirus : 8.0Engine version : 8710Virus Def version : 822Virus database : 20040315The remote host is using an outdated virus engine - 9500 is current.The remote host is using an outdated virus database - 20120501 is current.As a result, the remote host might be infected by viruses received viaemail or some other means.Plugin Publication Date: 2005/01/18Plugin Modification Date: 2012/05/02Plugin Type: localSource File: trendmicro installed.naslAntivirus Check Fails Grouped by HostTenable Network Security13
Antivirus Software CheckSecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 201210.110.0.20NetBIOS Name: ITSDEPT\LT2010Vulnerabilities: Critical: 1, High: 40, Medium: 16, Low: 5, Info: 97DNS Name: lt2010.itsdept.comLast Scan: May 13, 2012 @ 9:06PMHost Fail DetailsPlugin21608Plugin NameSeverityESET NOD32 AntivirusDetectionCriticalFamilyWindowsSynopsis: An antivirus is installed on the remote host, but it is not working properly.Description: NOD32 Antivirus, a commercial antivirus software package for Windows, is installed on the remote host. However,there is a problem with the install - either its services are not running or its engine and/or virus definition are out of date.Solution: Make sure updates are working and the associated services are running.See Also: http://www.nod32.com/Risk Factor: CriticalCVSS Base Score: 10.0CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:CPlugin Output:The NOD32 Antivirus System is installed on the remote host :Version: 5.0.94.0Installation Path: C:\Program Files\ESET\ESET NOD32 AntivirusVirus signatures: 6484 (20110922)The virus signatures on the remote host are out-of-date - the last knownupdate from the vendor is 20120501.As a result, the remote host might be infected by viruses.Plugin Publication Date: 2006/05/27Plugin Modification Date: 2012/05/02Plugin Type: localSource File: nod32 installed.naslAntivirus Check Fails Grouped by HostTenable Network Security14
Antivirus Software CheckSecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 201210.110.2.9NetBIOS Name: ITSDEPT\LT2051Vulnerabilities: Critical: 1, High: 42, Medium: 22, Low: 7, Info: 148DNS Name: lt2051.itsdept.comLast Scan: May 13, 2012 @ 12:11PMHost Fail DetailsPlugin21725Plugin NameSymantec AntivirusDetection opsis: Symantec Antivirus Corporate is installed.Description: This plugin checks that the remote host has Symantec Antivirus Corporate installed and properly running, and makessure that the latest Vdefs are loaded.Solution: Make sure SAVCE is installed, running and using the latest VDEFS.Risk Factor: CriticalCVSS Base Score: 10.0CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:CPlugin Output:The remote host has an antivirus software from Symantec installed. It hasbeen fingerprinted as :Symantec Endpoint Protection : 12.1.1101.401DAT version : 20120405The remote host has an out-dated version of the SymantecCorporate virus signatures. Last version is 20120501As a result, the remote host might be infected by viruses received byemail or other means.Plugin Publication Date: 2006/06/16Plugin Modification Date: 2012/05/02Plugin Type: localSource File: savce installed.naslAntivirus Check Fails Grouped by HostTenable Network Security15
Antivirus Software CheckSecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 201210.120.0.36NetBIOS Name: ITSDEPT\LT3010Vulnerabilities: Critical: 1, High: 36, Medium: 15, Low: 5, Info: 101DNS Name: lt3010.itsdept.comLast Scan: May 13, 2012 @ 10:32PMHost Fail DetailsPlugin52668Plugin NameF-Secure opsis: An antivirus product is installed on the remote host, but it is not working properly.Description: F-Secure Antivirus is installed on the remote host, however according to its status obtained via querying 'polutil.exe'it is not active and/or definitions are not up to date.Solution: Make sure the application is running and automatic updates are enabled.See Also: http://www.nessus.org/u?eaaffa37Risk Factor: CriticalCVSS Base Score: 10.0CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:CPlugin Output:Antivirus status is not active and/or up to date.Definition Serial Number : 2008-03-24 01Current POLUTIL.exe Status : 19Expected POLUTIL.exe Status : 32As a result, the remote host might be infected by viruses received by email or other means.Plugin Publication Date: 2011/03/14Plugin Modification Date: 2011/03/15Plugin Type: localSource File: wmi fsecure av check.nbinAntivirus Check Fails Grouped by HostTenable Network Security16
Antivirus Software CheckSecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 201210.200.100.64NetBIOS Name: UNKNOWN\MM0014Vulnerabilities: Critical: 2, High: 17, Medium: 2, Low: 0, Info: 43DNS Name: mm0014.itsdept.comLast Scan: May 13, 2012 @ 12:32PMHost Fail DetailsPlugin54846Plugin NameSophos Anti-VirusDetection (Mac OS X)SeverityCriticalFamilyMacOS X Local Security ChecksSynopsis: An antivirus program is installed on the remote host, but the program does not function properly.Description: Sophos Anti-Virus for Mac OS X, a commercial antivirus software package, is installed on the remote host. There isa problem with the install - either its services are not running or its engine and/or virus definitions are out of date.Solution: Make sure updates are working and the associated services are running.See Also: http://www.sophos.com/Risk Factor: CriticalCVSS Base Score: 10.0CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:CPlugin Output:Sophos Anti-Virus version :Installed version : 8.0.2Sophos Anti-Virus Virus Definitions :Installed version : 4.76.0Sophos has not been updated since it was installed.As a result, the remote host might be infected by viruses.Plugin Publication Date: 2011/05/27Plugin Modification Date: 2012/04/06Plugin Type: localSource File: macosx sophos installed.naslAntivirus Check Fails Grouped by HostTenable Network Security17
Antivirus Software CheckSecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT 201210.200.100.98NetBIOS Name: UNKNOWN\MM0031Vulnerabilities: Critical: 2, High: 17, Medium: 2, Low: 0, Info: 43DNS Name: mm0031.itsdept.comLast Scan: May 13, 2012 @ 9:47PMHost Fail DetailsPlugin56568Plugin NameMac OS X XProtectInstalledSeverityCriticalFamilyMacOS X Local Security ChecksSynopsis: An antivirus program is installed on the remote host, but the program does not function properly.Description: There is a problem with the installation of the Apple XProtect application on the remote Mac OS X host - eitherupdates are not enabled / running or its definitions are out of date.Solution: Make sure updates are working and the associated services are running.See Also: http://en.wikipedia.org/wiki/XprotectRisk Factor: CriticalCVSS Base Score: 10.0CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:CPlugin Output:The remote Mac OS X host includes Apple's XProtect software.Safe Download definitions :Last updated : Mon, 02 Apr 2012 21:09:30 GMTCurrent version : 1026The XProtectUpdater daemon does not exist or is an empty file.Plugin Publication Date: 2011/10/20Plugin Modification Date: 2012/04/03Plugin Type: localSource File: macosx xprotect installed.naslAntivirus Check Fails Grouped by HostTenable Network Security18
The remote host has the Norton Antivirus installed. It has been fingerprinted as : Norton/Symantec Antivirus 15.0.0.58 DAT version : 20070820 The remote host has an out-dated version of the Norton virus database. Last version is 20120501 The remote Norton AntiVirus is not running. As a result, the remote host might be infected by viruses .
