Installation guide
69
Malicious Process Detection (plugin 59275) allows you to upload a custom list of MD5 hashes to identify running
processes on scanned hosts when plugin 65548 is enabled. The format of the file is one MD5 hash per line without any
surrounding whitespace. Optionally, a description may be added by putting a comma after the hash and the text of the
description to be displayed in the scan results. Lines beginning with a # symbol are treated as comments and are ignored.
All other items are considered invalid.
# hashes for the foobar malware
11b95ccc1427be5f6c7f0e547bde34e6,foobar malware 1.0
333459378f2d53d861ed2819b8b298af,foobar malware 1.1
f80a405f55c2cd651e58a8fc59550830,foobar malware 1.2
# example.exe
4f8793a9c7560af2cb48f062cd7879af
The Modbus/TCP Coil Access (plugin 23817) drop-down menu item is dynamically generated by the SCADA plugins
available with the ProfessionalFeed. Modbus uses a function code of 1 to read “coils” in a Modbus slave. Coils represent
binary output settings and are typically mapped to actuators. The ability to read coils may help an attacker profile a
system and identify ranges of registers to alter via a “write coil” message. The defaults for this are “0” for the “Start reg”
and “16” for the “End reg”.
Nessus SYN scanner (plugin 11219) and Nessus TCP scanner (plugin 10335) options allow you to better tune the
native SYN and TCP scanner to detect the presence of a firewall.