Vulnerability scans in RAS 4.0.4 report no hosts found or create ghost hosts
|Article:TECH158541|||||Created: 2011-04-21|||||Updated: 2012-01-30|||||Article URL http://www.symantec.com/docs/TECH158541|
Vulnerability scans in Risk Automation Suite 4.0.4 produce messages in the logs that no hosts were found on the scanned subnet when you know there are, in fact, hosts present.
Vulnerability scans may also create "ghost hosts" in the host inventory for every address on the subnet scanned that doesn't currently have a host.
These two issues are caused by changes in the format of the .nbe or .nessus file created by Nessus that is submitted to the portal after the vulnerability scans complete.
Apply the Risk Automation Suite patch 126.96.36.19907
- From your portal server go to Start -> All Programs -> Risk Automation Suite -> Check for Risk Automation Suite Updates.
- You will see a message in the task tray that there is an update available for download. Click the message and choose to download the update.
- When the update is finished downloading install it on the server. This step will take a while, be sure to let it finish.
- After the update is applied there will be a new patched version of SecureRecon in the "C:\<Install Path>\Risk Automation Suite\Extras\Scanner Clients" folder
- Copy the new SecureRecon tar file to the Nessus server and run "tar -xvf" on it.
- Choose the SecureRecon file for your Linux distribution, rename it to "SecureRecon" and copy it to the "/securerecon" folder
- Navigate to the /securerecon folder and re-run the SecureRecon setup "./SecureRecon -s"
- Re-register SecureRecon "./SecureRecon -r <ip or hostname of portal> <username of account with register scanner permissions in the portal> <password>"
- Activate the scanner in the portal
- Edit your vulnerability scans to make sure the new scanner shows in the assigned scanner group.
Article URL http://www.symantec.com/docs/TECH158541