False Positives in Nessus scans

It is a frequent occurrence for a vulnerability to be identified based upon the version string of a product or component alone. These kind of alerts often do not dissapear after remediation. Instead, a mitgation log has to be establised in order to manually track compliance.

By using version-only vulnerability plugins, it is mostly useful for deep scans while it is not as appropriate for frequent scans because it will only generate ‘noise’ consisting of false positives once the mitigation is deployed and a manual compliance process is established.

Advertisements