Windows 7 and Windows Server 2008 are covered by the Extended Security Updates (ESU) program of Microsoft and we currently can’t discern between systems covered by ESU and the ones which are not covered (especially remotely) which would mean that we would report a false positive for systems covered by ESU.
Thank you for your answer. The link you mention doens’t seem to exist or is private.
I understand the decision to not add this because it’s covered in ESU, but don’t you think more systems are running without ESU which are vulnerable but not visible?
There are two outcomes by don’t including 7.5 as EOL because of ESU:
1.Prevent false positives in case ESU is being used in networks.
2. Hide many vulnerable systems which are not enrolled in ESU
Maybe it is a better option to create a scan config option for ESU or where an user can enable/disable ESU in the Greenbone software itself.