gsad: Greenbone Security Assistant 9.0.1
gvmd: Greenbone Vulnerability Manager 9.0.1 Manager DB revision 221
openvas-scanner: OpenVAS 7.0.1
gvm-libs: gvm-libs 11.0.1
Operating system: Kali Linux
Kernel: 5.4.0-kali4-amd64 #1 SMP Debian 5.4.19-1kali1 (2020-02-17) x86_64 GNU/Linux
Installation method / source: Installed from kali packages
my goal is to be able to perform scans avoiding false positives derived to backports without missing any real vulnerability.
To do so, I performed an authenticated scan (with QoD 30%) on a server that was showing backports false positives.
The authenticated scan (via SSH) seems fine but I cannot filter the report correctly.
If I set QoD of 30% and set the Auto-FP (with Trust vendor security updates and Partial CVE match selected) the vulnerabilities are still present.
Obviously if I set QoD to 70% the vulnerabilites are not shown because of the unreliable banner, but i really fear that i could miss real vulnerabilities.
Am I missing something, do you have any suggestions?
Thanks in advance