Been struggling since started using tool (only this past summer) with some systems that scans results with partial cred success. Because of the # of systems and tasks this is not something we have been able to tackle yet but my windows scan account is a local admin and my linux account has elevate su permissions, and in the same IP range in systems that should be configured the same I get mixed results.
there are no internal fw between my scan engines and the assets they are scanning, I did have a ticket open in the past but was not able to get to the bottom…
That being said if I am scanning with a customized template for Log4j, will partial credentials success give me false results?
Ee introduced ‘Scanning Diagnostic Checks’ to help with this, as they’ll report back with credential status and guidance for resolution:
Please note - These are disabled by default as they are informational checks that will not increase your risk score, but will increase your vulnerabilities count.
Having a domain admin account helps a lot for scanning systems, especially servers. If you just want to use a local admin account for the scans, there’s some GPOs you would have to set up such as access to starting services and adding some registries.
VM also introduced credential-less scanning called Scan Assistant. I haven’t set this up yet, but it could be a good alternative. It’s still in early access, but you can contact your Success Manager to help get you set up with it.