POWERSHELL_NO_RESULT: powershell command returned no result

Objective

  • Resolve the error condition “POWERSHELL_NO_RESULT: powershell command returned no result” in the Nessus auditfile for Windows.

This error occurs when an AUDIT_POWERSHELL check return no data.
For example when you query for a registry key that not exists.

<check_type: "Windows" version:"2">
<group_policy: "MS Windows">
 
<custom_item>
type: AUDIT_POWERSHELL
description: "Check if IPv6 is disabled"
value_type: POLICY_TEXT
value_data: "0xff"
powershell_args: 'reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters /v DisabledComponents'
check_type: CHECK_REGEX
</custom_item>
 
</group_policy>
</check_type>

We should have a FAILED end status (non compliant) but an ERROR is raised.

Windows Compliance Checks, version 1.207

Which file contains your security policy : SMB login : stty: 'standard input': Inappropriate ioctl for device
SMB password : stty: 'standard input': Inappropriate ioctl for device

SMB domain (optional) : "Check if IPv6 is disabled": [ERROR]

POWERSHELL_NO_RESULT: powershell command returned no result

Solution

To work around this issue we can catch the output in a variable and evaluate it before we end the check.

  if ($output -eq $Null) {write-host \'No Output Recorded\'} else {$output}

 

The update audit file check will look like this:

<check_type: "Windows" version:"2">
<group_policy: "MS Windows">
 
<custom_item>
type: AUDIT_POWERSHELL
description: "Check if IPv6 is disabled"
value_type: POLICY_TEXT
value_data: "0xff"
powershell_args: '$output=(reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters /v DisabledComponents) ; if ($output -eq $Null) {write-host \'No Output Recorded\'} else {$output}'
check_type: CHECK_REGEX
</custom_item>
 
</group_policy>
</check_type>

The output of the updated check will look like this:

 Windows Compliance Checks, version 1.207

Which file contains your security policy : SMB login : stty: 'standard input': Inappropriate ioctl for device
SMB password : stty: 'standard input': Inappropriate ioctl for device

SMB domain (optional) : "Check if IPv6 is disabled": [FAILED]

Remote value: 'No Output Recorded'
Policy value: '0xff'