Forum Discussion

Product Team

3 months ago

Improved Resource Management Control

Summary Improved resource management control for plugins leveraging Windows Management Instrumentation (WMI) on Nessus Agent 11.1.0 or higher. Impact Customers with Nessus Agent 11.1.0 and later v...

Connect Contributor IV

2 months ago

Do these changes mean that we will finally have a way to create exceptions in EDR products like Microsoft Defender for Endpoint? To this point it's been impossible to exclude an agent scan from the Defender Attack Surface Reduction rules like 'Block process creations originating from PSExec and WMI commands' because each process was independent. If the plugins are now child processes under nessud.exe or another executable in the Agent, we may have a solution! Am I understanding the new functionality correctly? It would be great to see some information in updated documentation to describe the process tree changes.

rhoy_tenable
Product Team
1 month ago
Hi paul_jacoby . You can find the agent release notes here.

Regarding your question about Microsoft Defender for Endpoint. I cannot comment on how that product works, but the changes made move command execution from under WMI to under the Nessus agent process tree for Nessus agent scans. There are no configuration options to change. There are still WMI queries executed that don't run commands, but spawning of processes like powershell.exe is now under the Nessus Agent's process tree.

Forum Discussion

Improved Resource Management Control

Recent Discussions

Plugin output for language library enumeration

Research Release Highlight - Potential Vulnerabilities

Improvement to Printer OS Fingerprinting

Tenable Post-Quantum Cryptography Inventory Support

CyberArk PVWA Credentials from CCP

Americas

Europe

Asia / Australia