im am currently deploying OpenVAS in an Windows 10 environment.
But i’m struggeling with the authenticated scans option, the option needs to activate two functions in Windows that normally are not active (for obvious reasons):
- remote registry service
- File and Printer Sharing
I think opening these two services in Windows creates new attack vectors on these machines.
It is possible to abtain good scan results without authenticated scans?
Or it is possible to do an agent-based scan without opening criticals ports on windows?
We do not support or deploy any agents, it´s more important to have a agent free setup.
You can use your system-center to deploy a security policy for the scan, so send an alert if a scan starts and exempt only your GVM installation.
After the scan you can disable this policy as well.
thank you for the quick response.
Unfortunately we do not have system-centre.
I there another way to use these functions securely?
I was thinking about opening the incoming port 445 only for the OpenVAS-Server
The solution was opening the port 445 only for the GVM via the integrated Firewall in Windows 10, the settings can be deployed with GPO.
Good afternoon. I’m a new member. I want to clarify something relating this previous topic. Does the non-support of deploying agents in OpenVAS apply to scans for servers as well as clients? Please advise.
GVM currently doesn’t support agent based scanning at all, independent on the target (e.g. servers or clients).