Note: This check requires remote registry access for the remote Windows system to function properly.
This policy item checks if the file contains the regular expression
regex and that this expression matches
The check is performed by calling the function
ReadFile on the file handle.
Note: The file is read over SMB into a memory buffer on the Nessus server, and then the buffer is processed to check for compliance/non-compliance. Files are not saved on the disk of the Nessus server, they are only copied to a memory buffer for analysis.
(optional) check_type: [value]
(optional) file_option: [file_option]
The allowed type is:
The following predefined paths can be used in the file/folder name:
When using this audit type, please note the following:
value_datafield must include the full path to the file or folder name (e.g.,
C:\WINDOWS\SYSTEM32) or make use of the above path keywords. If using path keywords, the remote registry must be enabled to allow Nessus to determine the path variable values.
regexfield checks that an item is present in the file.
expectfield checks that the item matches the regular expression.
file_optionfield can be set to CAN_BE_NULL to force a success if the file does not exist.
file_optionfield can be set to CAN_NOT_BE_NULL to force an error if the file exists and is empty.
avoid_floppy_accessfield can be set to direct the audit not to perform a check that would result in accessing the floppy drive. This should be used if an audit is causing the floppy drive to be accessed when there is no disc in the drive.
description: "File content for C:\WINDOWS\win.ini"