Hello everyone
We have noticed that the wrong OS version is detected on about 120 Windows 10 clients. The majority of our clients have been updated to Windows 10 20H2 in recent months. If we check this for Microsoft 365 Defender, there are still exactly 5 Windows 10 1909 clients that are active.
According to the last vulnerability scan, however, 136 clients were found with Windows 10 1909. Yesterday, I performed a re-scan on one system to check whether the update overlapped with the scan.
But it is indeed the case that Rapid7 displays Windows 10 1909, but MS 365 Defender displays Windows 10 20H2. Has anyone else observed this?
I then used the “Report an incorrectly identified asset”. However, I cannot say whether Rapid7 has received this. It would be good if this is displayed somewhere in the console that a report is pending.
And yes, the scanner was able to authenticate itself on the target system.
Best regards
David
In the scan template you are using, what is the certainty of the fingerprinting?
2 Likes
It is still set on standard values. Good hint.
I would try bumping up the certainty level for starters on the template and also look at the scan results for what you got and see the source of the fingerprint on that asset.