Inconsistent results when scanning Windows


#1

Yesterday I was able to scan a machine and openvas showed me the windows vulnerabilities it found. It also had the severity level on the scan at a 10. I had purposefully removed all of the windows updates for testing. I then reapplied the updates and rescanned. This took me to a medium. Today I removed the updates again, and it still shows a medium and does not show any of the Windows vulnerabilities that it found yesterday. Has anyone experienced this or know what I can check to resolve?

I should point out that I’m using openvas9 on ubuntu 18.


#2

The simplest explanation could be that either something went wrong with the update removal and the updates are still applied or that the target isn’t ready for authenticated scans anymore (login failed, port not reachable anymore, remote registry service not running anymore).

For the latter you should be able to find some info within your report as described in the following thread:


#3

Thanks for the help. You pointed me in the right direction. It appears that at some point during the installing and uninstalling of updates, Windows decided to disable the remote registry again for me.

Once again, thank you. I appreciate it a lot.