Malicious Process Detection: Authenticode Signed

info Nessus Plugin ID 104857

Synopsis

Nessus found trusted signed processes on the remote host.

Description

Running processes that are signed and trusted and today's date falls in the Not Before and Not After range on the certificate.

See Also

http://www.nessus.org/u?6a0123a1

http://www.nessus.org/u?c7777bf7

Plugin Details

Severity: Info

ID: 104857

File Name: wmi_malware_authenticode_signed.nbin

Version: 1.165

Type: local

Agent: windows

Family: Windows

Published: 11/29/2017

Updated: 11/12/2024

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: malscan/enabled