Enable Windows Server Service During a Scan

Update: This feature has been delayed until 17 December.

Summary

We are releasing a new UI setting that will allow you to enable the Windows Server service, also known as LanmanServer, during a scan if it is not already enabled.

Change

The Server service is a core Windows service that enables the computer to share files and printers on a network. In most cases, the Server service is enabled by default on Windows, but may be disabled as a hardening measure.

This service is essential for remote Nessus scans using SMB credentials. If this service is not enabled, Nessus will be unable to access files remotely.

A new policy setting in Nessus Professional, T.io, and T.sc named "Start the Server service during the scan" is being added under Global Credential Settings. This new setting only affects Windows / SMB credentials. When it is set, Nessus will enable the Server service at the beginning of the scan, then disable the service at the end of the scan. Valid Windows credentials are required to enable this service.

Impact

This setting is disabled by default. Enabling the Server service increases the attack surface of the target for the duration of the scan. However, in some hardened environments enabling this service is required to perform a complete remote scan with credentials.

New Plugins

Start the Server Service during the scan (WMI)

Stop the Server Service after the scan (WMI)

Target Release Date

17 December 2020

Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.