All New Ports ({0} total) Severity: {0} %PROGRAMFILES(X86)% ({0}) ACL on pipe {0} allows tampering by multiple non-administrator accounts. ACL on section {0} allows tampering by by multiple non-administrator accounts. COM class {0} is vulnerable to tampering by multiple non-administrator accounts. DCOM object {0} may be vulnerable to unauthorized access by multiple non-administrator accounts. Service {0} is vulnerable to tampering by multiple non-administrator accounts. The ACL on pipe {0} allows tampering by multiple non-administrator accounts. The ACL on section {0} allows tampering by by multiple non-administrator accounts. The ACL on the registry key {0} allows tampering by multiple non-administrator accounts. Security sensitive value(s): The COM control {0} is vulnerable to tampering by multiple non-administrator accounts. The DCOM object {0} may be vulnerable to unauthorized access by multiple non-administrator accounts. The account {0} has been granted multiple sensitive privileges which may allow the account to elevate to administrator. The account {0} has been granted multiple sensitive privileges. The folder {0} contains files and/or folders with ACLs that allow tampering by multiple non-administrator accounts. The service {0} is vulnerable to tampering by multiple non-administrator accounts. Weak ACL on process {0} allows tampering multiple non-administrator accounts. Weak ACL on registry key {0} allows tampering by multiple non-administrator accounts. Weak ACL on {0} allows tampering by multiple non-administrator accounts. %ALLUSERSPROFILE% ({0}) %SYSTEMDRIVE% ({0}) %SYSTEMROOT% ({0}) %USERPROFILE% ({0}) NX: {0} Failed to execute collection task {0} Failed to parse data from {0} Owner: {0} Please review the usage of {0} in the application and consider alternatives. Process {0} contains potentially vulnerable windows. Service {0} restarts repeatedly when under attack. Shell command: {0} Task {0} was disabled Terminate On Heap Corruption: {0} The process {0} was detected with the NX setting disabled. The process {0} was detected with the terminate on heap corruption setting disabled. The service {0} is vulnerable to repeated attacks due to frequent service restart settings. It is required that the service restart at most twice in a 24-hour period. The task {0} was disabled. Consequently, we are unable to perform all security checks. Please contact support for assistance. {0} has the NX setting disabled. {0} has the terminate on heap corruption setting disabled. {0} has threads vulnerable to tampering by multiple non-administrator accounts. {0} holds an active impersonation token. {0} holds multiple active impersonation tokens for high-privilege accounts. {0} is a dangerous configuration as it is commonly used by hackers in exploiting SQL Server. ACL on pipe {0} allows tampering by {1}. ACL on section {0} allows tampering by {1}. COM class {0} is vulnerable to tampering by {1}. DCOM object {0} may be vulnerable to unauthorized access by {1}. Process {0} running as {1} allows tampering by multiple non-administrator accounts. Process {0} running as {1} contains multiple active impersonation tokens for high-privilege accounts. Service {0} is vulnerable to tampering by {1}. The ACL on pipe {0} allows tampering by {1}. The ACL on section {0} allows tampering by {1}. The ACL on the registry key {0} allows tampering by {1}. The COM control {0} is vulnerable to tampering by {1}. The DCOM object {0} may be vulnerable to unauthorized access by {1}. The account {0} has been granted the sensitive privilege {1} which may allow the account to elevate to administrator. The account {0} has been granted the sensitive privilege {1}. The folder {0} contains files and/or folders with ACLs that allow tampering by {1}. The service {0} is vulnerable to tampering by {1}. Threads for the process {0} running as {1} allow tampering by multiple non-administrator accounts. Weak ACL on process {0} allows tampering by {1}. Weak ACL on registry key {0} allows tampering by {1}. Weak ACL on {0} allows tampering by {1}. ASA found one or more processes with the name {0} running as {1} with windows. Since these processes were running as an admin user other than the user that ran ASA, we have flagged these windows. Elevation from login {0} to login {1} Elevation from user {0} to user {1} Please review the permission or role membership grant on {0} to {1}. If this is by design then no action is needed, otherwise please remove this permission or role membership. Please review the usage of cross database ownership chains on {0} and {1}. The plugin for collecting data from {0} failed with error code {1}. Consequently, we are unable to perform all security checks. Please contact support for assistance. The task {0} failed. Error: {1}. Consequently, we are unable to perform all security checks. Please contact support for assistance. This inherited ACL affects an additional {0} files.{1} Account: {0} Rights: {1}{0} has threads vulnerable to tampering by {1}. {0} is enabled on SQL instance {1}. {0}: {1} Process {0} running as {1} allows tampering by {2}. Process {0} running as {1} contains an active impersonation token for {2}. Threads for the process {0} running as {1} allow tampering by {2}. Elevation from login {0} to login {1}. Reason: {2}. Elevation from user {0} to user {1}{2}. (Linker Version: {0}.{1}.{2}{3}) Login {0}${1} can read/update/delete data from {2}${3}. User {0}${1}${2} can read/update/delete data from {3}${4} as both {5} and {6} databases have CrossDatabaseOwnershipChain turned on. Links (.LNK) Other Avoid hosting windows from services on low-privilege account desktops. Any code that does this should have its message loop code reviewed. If you have any UI in your service, you should consult your security advisor for risk assessment. Elevation-sensitive privileges must not be granted to low-privilege accounts. The ACL should be tightened. Do not allow users to write to start points, files or directories that influence control over other users. %PATH% Entries(ASLR)(Managed EXE)(Uses /GS)(Uses SafeSEH), ACLACL weaknesses to change InProcHandler: ACL weaknesses to change InProcServer: ACL weaknesses to change local server: ACLsASLR DisabledASLR should not be disabled.Access Control Entries:Access PermissionsAccountAccount NameAccount PrivilegesAccount: {0} AccountsActionAction: ActiveX Name and CLSIDAddedAddress Space Layout Randomization is disabled machine-wide in the registry flag HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\MoveImagesAdmin Only?AppIDApplicationAuthorized ApplicationsAutorun EntriesBaseline Collection TimeBaseline Data FileBaseline Scanner VersionBinary PathBinary path writable by: Binary path: Block All Inbound TrafficBrowser Helper ObjectsCLSIDCOM ClassCOM class: Class: Command LineComputer RoleConfiguration ValueDACLDCOM Default PermissionsDLL NameDatabase NameDatabase PermissionsDatabase RoleDefault DatabaseDefault Inbound ActionDefault Outbound ActionDescriptionDescription:DesktopsDetailsDetails: DirectionElevation PolicyEnabledEndpointEndpoint Binding(s)Endpoint NameEvent IDEvent Log (Security)Exceptions Not AllowedExecutable Memory PagesExecute AsFile ExtensionFile RegistrationsFile: FilesFirewallFirewall EnabledFirewall ProfilesFirewall RulesFirewall Service Restriction RulesFlagsFriendly NameGroup Account Belongs ToGroup MembershipGroupsGuardGuid: HandlerIE Actions PolicyIE ZonesImageImage Name (PID)Image PathImpersonate PermissionsImpersonation PermissionsImpersonation TokensImpersonation tokens should be destroyed as soon as possible. Active tokens can be used by an attacker to elevate. InInstance NameInteresting access permissions: Interesting launch permissions: Interface GUIDInterface UUIDInternet ExplorerKernel ObjectsKeyKey: Security Descriptor: Launch PermissionsLaunch StringLaunch at Medium IL after getting consent (2)Linked Server NameLocal EndpointLocal Login/Remote LoginLogin NameLogin TypeLoginsMachine NameMembersMessageMicrosoftMinimum - MaximumModulesNONENameName: Named PipesNetwork DeniedNetwork InformationNetwork InterfacesNetwork NameNetwork PortsNetwork SharesNotesNull Sessions AllowedOSOS VersionObject NameOption NameOutOwnerOwner:Ownership ChainKeyPathPermissionPermissionsPipe NamePluggable Protocol HandlersPolicyPort NamePreapproved ControlsPrevented from Launching (0)PrivilegesPrivileges: ProcessProcess FlagsProcess Name: Process: ProductProduct Collection TimeProduct Data FileProduct Scanner VersionProfileProg Id: ProtocolProtocol/Payload TypeProviderRPC EndpointsRegistered ActiveX ControlsRegistered COM ControlsRegistered DCOM ServersRegistryRegistry keys writable by: Registry keys writeable by: Remote AddressesRemote Admin EnabledRemote EndpointRemovedReport Analyzer VersionReport DetailsRightsRights: RoleRunning As: Running ProcessesRunning ValueRunning as Local ServiceRunning as Network ServiceRunning as OtherRunning as SystemRunning as: SIDSQL DatabaseSQL InstanceSQL InstancesSQL LoginsSQL ServerSQL Server Configuration OptionsSQL Server Database Internal ObjectsSQL Server Database RolesSQL Server Database User ObjectsSQL Server Database UsersSQL Server DatabasesSQL Server EndpointsSQL Server Instance ObjectsSQL Server Linked ServersSQL Server RolesSafe for Scripting/Safe for InitializationSafeDLLSearchMode DisabledSafeDLLSearchMode is disabled machine-wide in the registry flag HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\SafeDllSearchModeSafeDLLSearchMode should not be disabled.Schema Name (Type)ScopeSection: Self MappingServer PermissionsServer TypeService InformationService NameService Pack VersionService configuration writable by: Service: SettingSilent Elevation EntriesSilent Elevation Entries (RunDLL32)Silent Launch at Low IL (1)Silent Launch at Medium IL (3)SizeStarted By DefaultStartup ModeStateStatusSvcHost DLL writable by: SvcHost DLL: System DetailsSystem Environment, Users, GroupsSystem InformationTCPThe ACL must be tightened.The ACL should be tightened.The NX security setting must be enabled.The advanced firewall settings are not available on this system.The advanced firewall settings are not available, and could not be analyzed for changes.The firewall should not be disabled.The following processes were found to have an open handle to this section: The relevant ACL(s) must be tightened.The relevant ACL(s) should be investigated to ensure access to DCOM objects is set correctly.The restart settings are too aggressive. Limit your settings to restart only twice in a 24-hour period. The terminate on heap corruption security setting must be enabled.The thread ACL must be tightened.There is no firewall installed on the system.TimeTitleTitle: Token AccountToken: Tokens: TotalTotal InstalledTrustworthyValue TypeValue NameTypeUDPURLUnknownUser NameDataValueVersionVulnerable Windows: Window ClassWindow StationsWindowsWritable by: ZoneServicesExplain...{0} ({1} new or changed)Drivers{0} (was {1})Image Path: {0}Company: {0}Description: {0}PortsNew (Total){0} ({1})%PROGRAMFILES% ({0})%PROGRAMFILES(x86)% ({0})%PROGRAMFILES ({0}) and %PROGRAMFILES(x86)% ({1})SQL Injection: {0}VARCHAR Columns: {0}Auto Execute: {0}Folder: {0} Contents with bad ACLs: Pipe: {0} The following processes were found to have an open handle on this named pipe: Service: {0} Reset period: {0} seconds Failure actions:Action: {0} Delay: {0} Report SummarySecurity IssuesAttack SurfaceTable Of ContentsAttack Surface ReportAttack Surface ReportYou must enable JavaScript to view the report.ActiveX, DCOM, COM, File Extensions, AutorunsActiveX, DCOM, COM, File ExtensionsIdentifierDescriptionHeap terminate on corrupt settings were not detected on this system.Heap terminate on corrupt settings were not detected on this system. Consequently, per-process heap terminate on corrupt settings could not be analyzed.The file {0} allows access from multiple AppContainer accountsThe file {0} allows access from the AppContainer account {1}The file {0} allows access from multiple AppContainer accounts.The file {0} allows access from the AppContainer account {1}.Don't allow AppContainer access to unnecessary files.