Tenable's research team recently added new functionality to Nessus which will detect known malware running on your Windows scan targets. Below is an overview of how this new feature works:

  1. Nessus authenticates to the Windows system.
  2. Nessus enumerates the list of running processes on the system.
  3. For each process, a cryptographic hash is generated and looked up against Tenable's cloud-based database
  4. If the process is found to be malicious, the plugin logs the results with information about the malware found.


Source:Tenable Network Security: Detecting Known Malware Processes Using Nessus