Objective
- Nessus has many plugins but it is not checking all applications that are installed.
So we want to be able to create a simple version check with a Nessus auditfile for Windows applications.
What is installed?
You can review the output Nessus Plugin 20811 “Microsoft Windows Installed Software Enumeration (credentialed check)” or run the following powershell commando to get the same information as Nessus Plugin 20811:
Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | where {$_.DisplayName -match '[a-z]'} | Select-Object DisplayName, DisplayVersion |
Auditfile check
We can use the following windows audit file check to verify the version of Notepad++.
(or any other application that is installed)
<check_type: "Windows" version:"2"> <group_policy: "MS Windows"> <custom_item> type: AUDIT_POWERSHELL description: "Version check Notepad++ must be 6.9.2" info: "The latest version of Notepad++ can be downloaded from:" info: "https://notepad-plus-plus.org/download" value_type: POLICY_TEXT value_data: " 6.9.2$" powershell_args: '$SWString=\'Notepad\\+\\+\' ; Get-ItemProperty HKLM:\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\* | where {$_.Displayname -match $SWString} |Select-Object DisplayName, DisplayVersion | ft -HideTableHeaders' check_type: CHECK_REGEX powershell_option: CAN_BE_NULL </custom_item> </group_policy> </check_type> |
