on our scans some hosts are incorrectly recognized as Windows by the VT
OS Detection Consolidation and Reporting
which seems to consider only the ICMP based OS Fingerprinting result:
Best matching OS: OS: Microsoft Windows CPE: cpe:/o:microsoft:windows Found by NVT: 220.127.116.11.4.1.25618.104.22.168002 (ICMP based OS Fingerprinting) Concluded from ICMP based OS fingerprint Setting key "Host/runs_windows" based on this information
While the VT Unknown OS and Service Banner Reporting (OID: 22.214.171.124.4.1.256126.96.36.199441) correctly identifies the hosts as Linux. Why are no other results considered by the “OS Detection Consolidation” VT? Is there anything we can do to improve the detection?
I tried to disable the ICMP based VT within the scan configuration - however the VT will be executed anyways. Is there a way to disable a VT completely?