InsightVM - suddenly more authentication failures, resulting in losing sight on quite a number of vulnerabilities

Hi there,
since mid March I can see that my risk score and the number of vulns is going down. Yes we are taking actions to bring risks down, but I was a bit suspicious that would be the only reason.
When looking a bit more into the details, I found out that since mid-march I gradually have more and more machines for which scan authentication fails.
Whereas those machines are in AD, we authenticate using a dedicated AD account, and that AD account did not change.
Did anyone face similar issues ?
In the scan log, for a specific machine, we get similar errors as “The WinRM credentials and services have failed verification.”, whereas previous logs shows the scan tries authenticating on that machine (which is in AD) with a dedicated user account (which is in AD as well, and which we did not change).
Thanks in advance.

I’ve had this issue as well with some assets. The local Windows firewall was blocking incoming access to port 135 and it failed to fingerprint the OS version. Make sure that port 445 and 135 can be accessed by your InsightVM scanner.

2021-04-08 10_28_43-Window

1 Like

Thanks for your input - we eventually figured out that this was due to authorisations granted to the user account used for authenticated scan: although that user account was not directly changed (which is the reason why we orginally discarded that possible root cause and looked for other ones), a GPO granting that account with local admin was deleted :frowning:

Pol: I am interested in what you used to identify assets that had successful authenticated scans at the asset level. I am looking to identify assets that have had successful authenticated scans in the past but are no longer authenticating. Thank you