Detections
Analytics

CBS Removed Package Enumeration (Windows Event Log Tool)

info Nessus Plugin ID 140578

Language:

Synopsis

Use wevtutil to extract package install info from the host.

Description

Using the Windows Event Log command line tool, this plugin enumerates packages removed by CbsTask or Deepclean.

Note: The wevtutil command is limited to members of the Administrators group and must be run with elevated privileges.
 Tenable software must be provided appropriate credentials to be able to leverage this plugin.

See Also

http://www.nessus.org/u?8b788018

Plugin Details

Severity: Info

ID: 140578

File Name: wevtutil_removed_packages.nbin

Version: 1.114

Type: local

Agent: windows

Family: Windows

Published: 9/14/2020

Updated: 11/12/2024

Asset Inventory: true

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/Registry/Enumerated, SMB/WMI/Available