Been struggling since started using tool (only this past summer) with some systems that scans results with partial cred success. Because of the # of systems and tasks this is not something we have been able to tackle yet but my windows scan account is a local admin and my linux account has elevate su permissions, and in the same IP range in systems that should be configured the same I get mixed results.
there are no internal fw between my scan engines and the assets they are scanning, I did have a ticket open in the past but was not able to get to the bottom…
That being said if I am scanning with a customized template for Log4j, will partial credentials success give me false results?
You do need root access for the authenticated *nix checks to run, so you’ll want to investigate out any authentication issues and use appropriate accounts/elevation.
Ee introduced ‘Scanning Diagnostic Checks’ to help with this, as they’ll report back with credential status and guidance for resolution:
Please note - These are disabled by default as they are informational checks that will not increase your risk score, but will increase your vulnerabilities count.
Having a domain admin account helps a lot for scanning systems, especially servers. If you just want to use a local admin account for the scans, there’s some GPOs you would have to set up such as access to starting services and adding some registries.
VM also introduced credential-less scanning called Scan Assistant. I haven’t set this up yet, but it could be a good alternative. It’s still in early access, but you can contact your Success Manager to help get you set up with it.