This policy item checks if the file contains the regular expression regex and that this expression does not match expect. The check is performed by calling the function ReadFile on the file handle.

Note: This check requires remote registry access for the remote Windows system to function properly




description: ["description"]

value_type: [value_type]

value_data: ["filename"]

(optional) check_type: [value]

regex: ["regex"]

expect: ["regex"]

(optional) file_option: [file_option]


The allowed type is:

value_type: POLICY_TEXT

value_data: "PATH\Filename"

regex: "regex"

expect: "regex"

The following predefined paths can be used in the file/folder name:







When using this audit type, please note the following:

  • The value_data field must include the full path to the file or folder name (e.g., C:\WINDOWS\SYSTEM32) or make use of the above path keywords. If using path keywords, the remote registry must be enabled to allow Nessus to determine the path variable values.
  • The regex field checks that an item is present in the file
  • The expect field checks that the item matches the regular expression.
  • The file_option field can be set to CAN_BE_NULL to force a success if the file does not exist
  • The file_option field can be set to CAN_NOT_BE_NULL to force an error if the file exists and is empty.




description: "File content for C:\WINDOWS\win.ini"

value_type: POLICY_TEXT

value_data: "C:\WINDOWS\win.ini"

(optional) check_type: [value]

regex: "au=.*"

expect: "au=MPEGVideo2"

file_option: CAN_NOT_BE_NULL