Vulnerability scans in RAS 4.0.4 report no hosts found or create ghost hosts

Article:TECH158541  |  Created: 2011-04-21  |  Updated: 2012-01-30  |  Article URL http://www.symantec.com/docs/TECH158541
Article Type
Technical Solution


Environment

Issue



Vulnerability scans in Risk Automation Suite 4.0.4 produce messages in the logs that no hosts were found on the scanned subnet when you know there are, in fact, hosts present.

Vulnerability scans may also create "ghost hosts" in the host inventory for every address on the subnet scanned that doesn't currently have a host.


Cause



These two issues are caused by changes in the format of the .nbe or .nessus file created by Nessus that is submitted to the portal after the vulnerability scans complete.


Solution



Apply the Risk Automation Suite patch 4.0.5.2807

  1. From your portal server go to Start -> All Programs -> Risk Automation Suite -> Check for Risk Automation Suite Updates.
  2. You will see a message in the task tray that there is an update available for download. Click the message and choose to download the update.
  3. When the update is finished downloading install it on the server. This step will take a while, be sure to let it finish.
  4. After the update is applied there will be a new patched version of SecureRecon in the "C:\<Install Path>\Risk Automation Suite\Extras\Scanner Clients" folder
  5. Copy the new SecureRecon tar file to the Nessus server and run "tar -xvf" on it.
  6. Choose the SecureRecon file for your Linux distribution, rename it to "SecureRecon" and copy it to the "/securerecon" folder
  7. Navigate to the /securerecon folder and re-run the SecureRecon setup "./SecureRecon -s"
  8. Re-register SecureRecon "./SecureRecon -r <ip or hostname of portal> <username of account with register scanner permissions in the portal> <password>"
  9. Activate the scanner in the portal 
  10. Edit your vulnerability scans to make sure the new scanner shows in the assigned scanner group.



Article URL http://www.symantec.com/docs/TECH158541


Terms of use for this information are found in Legal Notices