cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 9

Nessus scanners causing reboot with SEM File Integrity Monitor

We have a Nessus scanner that runs credentialed scans every week on all workstations. When these scans run a handful of Windows servers reboot unexpectedly.

We believe we have tracked the issue to the SEM File Integrity Monitor connector running. We opened a case with MSFT and they pointed to a driver,  Swfsfltrv2.sys which appears to be associated with Solarwinds SEM. 

Has anyone else had any troubles with this? 

0 Kudos
2 Replies

I've had multiple issues with Nessus scanning inappropriate files, or scanning too deeply, too intensively.  It caused Distribution Switches and Core Routers to reboot.  It caused MS Print Servers to hang, requiring reboots to restore them.

Nessus is super-powerful, and requires careful adjusting to ensure it does the right level of probing without causing a DOS.   As a result, in the hands of the inexperienced or untrustworthy, Nessus would be a danger to online systems.

You should be able to create a new Safe Scan in Nessus that does not scan the specified file.  When we used Nessus, we were constantly tweaking and tuning it to do all it can without causing outages.

Swift Packets!

Rick Schroeder

0 Kudos

We are familiar with Nessus and the multitude of issues their scans can cause. We have also fought issues with printers and applications having issues after a scan.

I was more curious about the Swfsfltrv2.sys FIM connector driver in general though. Usually Tenable has been pretty good at helping us identify issues with their scans, this one puzzled them however to the point where we had to get Microsoft involved.

0 Kudos