Version check for installed software (Windows) with Nessus


  • Nessus has many plugins but it is not checking all applications that are installed.
    So we want to be able to create a simple version check with a Nessus auditfile for Windows applications.

What is installed?

You can review the output Nessus Plugin 20811 “Microsoft Windows Installed Software Enumeration (credentialed check)” or run the following powershell commando to get the same information as Nessus Plugin 20811:

Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | 
where {$_.DisplayName -match '[a-z]'} |
Select-Object DisplayName, DisplayVersion


Auditfile check

We can use the following windows audit file check to verify the version of Notepad++.
(or any other application that is installed)

<check_type: "Windows" version:"2">
<group_policy: "MS Windows">
description: "Version check Notepad++ must be 6.9.2"
info: "The latest version of Notepad++ can be downloaded from:"
info: "" 
value_type: POLICY_TEXT
value_data: " 6.9.2$"
powershell_args: '$SWString=\'Notepad\\+\\+\' ; Get-ItemProperty HKLM:\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\* | where {$_.Displayname -match $SWString} |Select-Object DisplayName, DisplayVersion | ft -HideTableHeaders'
check_type: CHECK_REGEX
powershell_option: CAN_BE_NULL