"Credentialed scans on Windows systems often fail due to blocked ports, misconfigured firewalls or limited account privileges. When this happens, Nessus may be unable to perform the necessary authenticated checks through SMB or WMI, resulting in incomplete scan results. The following walkthrough outlines the key steps and observations made while resolving such issues during a real-world scan exercise. 1. Initial Network Assessment to Check Reachability"
"In this scenario, a preliminary port scan was conducted. However, the commonly used management ports (135 and 445) did not appear in the results. This indicated that the host was reachable but not allowing inbound connections on these ports. The issue was traced to the host's firewall which was filtering or blocking access to the required SMB and RPC services."
"Once the inbound rules are configured on the host firewall, subsequent port scans indicate that ports 139 and 445 are now open. This confirms that the firewall is allowing SMB traffic, enabling the Nessus scanner to establish the necessary communication channels with the Windows host for credentialed checks. This is verified through the initial SYN Scan by the Nessus scan where it shows the all open ports with details."
Credentialed Windows scans often fail when required management ports or authentication channels are inaccessible. Network reachability must be verified and essential Windows management ports (such as 135, 139, and 445) must be visible to the scanner. Host firewalls commonly filter SMB and RPC traffic, requiring inbound rule configuration to restore access. After opening SMB ports, SYN scans can confirm port status and allow Nessus to perform authenticated SMB/WMI checks. External network controls such as firewalls, IPS, or IDS can still block traffic and require whitelisting of the scanner's IP range. Proper port access and network-level allowances are necessary for complete, authenticated scan results.
Read at Medium
Unable to calculate read time
Collection
[
|
...
]