OpenVAS/GVM not detecting missing Windows patches

NedSeagoon · November 28, 2018, 12:48am

Newbie OpenVAS user here…

OpenVAS installed on Kali Linux. Feeds are fully up-to-date and openvas-check-setup suggests everything working OK
Target host is a standalone (i.e. not domain-joined) Windows laptop which hasn’t been updated for months. Connectivity between these hosts is fine.
Local administrator on the target host account enabled and password set.
Running a credentialed Nessus scan of the laptop from my iMac finds dozens of missing patches as expected.
OpenVAS full & fast credentialed scan from Kali finds only three minor issues. No missing patches detected at all. Just to check, I installed OpenVAS on the iMac as well and the same result was obtained.
Remote registry service on the laptop is running and registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy has been set and laptop rebooted.

Any clues to what I’m missing here?

cheers

cfi · November 28, 2018, 6:36am

Hi, when choosing the category for a topic please try to have a look at the category description for each category first:

The current used category is/was Greenbone Professional Edition - Greenbone Community Forum (Description: About the Greenbone Professional Edition category - Greenbone Professional Edition - Greenbone Community Forum) which is about the downloadable ready-to use virtual machine.

Based on your posted issue you have an own installation either build from source or installed via the 3rdparty Kali repositories. For such installations the https://community.greenbone.net/c/gse (Description: About the Greenbone Community Edition category - Greenbone Community Edition - Greenbone Community Forum) needs to be chosen.

I have moved the topic to the correct category for now. It could be possible that the info above is made more prominent / easier to find in the future.

To solve your initial issue you might want to give the following hints (and the other threads linked within it) a try:

NedSeagoon · November 28, 2018, 11:45pm

Figured this out. Admin account on the target Windows host has to be an account other than the actual local administrator.

Created a new account, added to the local admin group and used this for the credentialed scan. All missing patches identified!

ankp · June 13, 2019, 9:28am

Can you please tell me the actual procedure or any related document for configuring openVAS for detecting missing Windows patches in a windows target machine ?

ankp · June 13, 2019, 9:30am

and what procedure is to be followed to run openVAS for Windows IIS server ?

cfi · June 16, 2019, 10:46am

The relevant documentation can be found at https://docs.greenbone.net/GSM-Manual/gos-4/en/vulnerabilitymanagement.html#authenticated-scan-using-local-security-checks

Could you please elaborate what you mean with “openVAS for Windows IIS server”?

shadowless · November 25, 2019, 5:43pm

Didn’t work for me. Remote registry running on a target Windows Server 2012R. A full and fast scan gets only enumeration of the ports. Using a local user other than the built in Administrator but with the same account type, Administrators.