Need Some Assistance with Nexpose File Searches with Scans

InsightVM
1

Good day. I support an air-gapped instance of Nexpose and I’m trying to perform a File Search for a specific file and I can’t seem to get the search syntax correct. To use Chrome as an example, I’ve tried these searches:

  • Chrome.exe
  • Chrome.*
  • Chrome
  • C:\Program Files (x86)\Google\Chrome\Application\Chrome.exe
  • C$/Program Files (x86)/Google/Chrome/Application/Chrome.exe

None of these are working and I’m not sure where I’m going wrong. I’ve read instructions from Rapid7 HERE and HERE.

Any assistance here would be appreciated; thank you!

2

So I had to ask about this one because i wasnt sure why the fourth o e didnt work but apparently the file search functionality is very dependent on old services and most likely would not work on modern systems. The exact versions im not sure about.

However i would suggest creating a custom policy check and see if that works better for you.

3

Thanks for the input John and I wasn’t aware that File Search relied on older technology. My first thought was to create a custom policy; I know how to do that with Tenable, but I’m newer to Rapid7 and couldn’t figure out the XML structure to search for specific files, but I’ll open a ticket and see if Support can help me there.

Thanks again and I hope you have a great rest of your day.

4

You tried the import method for custom policies. We have a GUI for that.

Custom Policy Builder | InsightVM Documentation.

5

Thank you sir; I’ll have a look through the documentation you linked :+1: