CB Protection: Allow Tenable Security Center/Nessus scans to run on Windows endpoints
search cancel

CB Protection: Allow Tenable Security Center/Nessus scans to run on Windows endpoints

book

Article ID: 290908

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Agent is preventing Tenable/Nessus scans from completing successfully.

Environment

  • CB Protection Agent: All Verisons
  • Microsoft Windows: All Supported Versions
  • Tenable Security Center/Nessus Agent

Cause

Nessus utilizes .bat files that are unique to each endpoint, and aren’t signed by a publisher.

Resolution

  1. Create a new custom rule for 'Execution Control' using the following settings:
    1. Name: Nessus Scan Allow
    2. Description: Allow Nessus scans
    3. Status: Enabled
    4. Platform: Windows
    5. Rule Type: Execution Control
    6. Execute Action: Allow
    7. Path or File:
      1. c:\windows\temp\nessus*.bat
      2. c:\windows\tenable_mw_scan*.exe
    8. Process: Specific Process
      1. c:\windows\tenable_mw_scan*.exe
      2. c:\windows\system32\services.exe
      3. c:\windows\system32\cmd.exe
    9. User or Group: Any User
    10. Rule Applies To: All Policies

Additional Information

  • Instructions for creating a custom rules can be found in the CB Protection User Guide.
Powered by Wolken Software