How is the vulnerability scan result detected?

Determine whether the vulnerability scan result is generated from an authenticated scan or from an anonymous reading of a banner. Scan results that are generated form an anonymous reading of a banner are more likely to be false positives.

Hover in the Details column of the vulnerability scan result for the asset to see how the vulnerability is detected.

  1. Click the Vulnerabilities tab.
  2. From the navigation menu, click Scan Results.
  3. Double-click a scan profile in the Name column.
  4. Click any row in the Vulnerability Instances column.
  5. Hover over a result in the Details column to see more details.
    For example, the following details might be generated when the scanner reads a banner:
    SERVER: Apache/2.2.15(Red Hat)

Patch scans and false positives

Vulnerabilities that are detected from patch scans are unlikely to be false positives, except for Windows KB updates. Windows updates, which are prefixed by a knowledge base number (KB) can be false positives when the WMI (Windows Management Instrumentation) phase of the Windows authenticated scan fails.

Windows updates are superseded over time. For example, a current Windows KB supersedes the initial KB that addressed an original vulnerability fix. Superseding isn't an issue for recent Windows updates or when WMI or OVAL scanning is successful because the scan accounts for any newer updates.