Missing Patches Vulnerabilities

There are several patches vulnerabilities missing on the last scan test. Once I had use three different servers with GSF installed and all had the same behavior, should be something changed in how to capture those vulnerabilities. Are you aware of any change about it for feed services or something between July and August?

Without sharing some more details about what is missing there is not much we can help you with.

Do you have the latest feed version? Was it detected before but not after? Which vulnerabilities? etc…

The feed status is version 201808210705. Look further into the vulnerabilities list, it’s seems all Vendor Fixes for Windows and Oracle patches are missing into my scan stats. One example is above, detected on my last routine:

[https://support.microsoft.com/en-us/help/4338814]

The link you refer to is about KB4338814 which was published in the GSF pretty timely:

https://secinfo.greenbone.net/omp?token=guest&cmd=get_info&info_type=nvt&filter=KB4338814

The coverage of GCF is not the same as the one of GSF. See also this topic:

About the Feed Services (GCF & GSF) category

However, this particular NVT is published to the GCF and you should find it in your SecInfo NVT section.
Oracle vulnerability tests are usually published to GSF only.

If you like to discuss about single Vulnerabilities / NVTs, please open a topic in the category “Vulnerability Tests”.

This is strange behavior that I assume isn’t correct and I want to verify. The KB posted it’s only a example, but a see a few in the same situation during a determined period of time.

Basically, a scan ran into last July was able to identify a KB missing pending for this vendor fix meanwhile currently scan wasn’t able to. Even with feed status up to date recently. Also, I just checked Log Status for this particular hosted without this KB and could see Log Test for many different Vulnerabilities.

Not sure if I’m posting correct questions in the right forum. Please advise if this is still the correct one.

Could be possible that this is just a side-effect of the scanner scheduler issue currently discussed in the following topic:

Where can I get CGE version currently used. I only notice the version of openvas manager (7.02)

I just added a new category about the GCE. See the About topic there.