Hey, On 18.07.2017 22:18, Matt Koivisto wrote: > Thanks Christian, > > Here's the output of that nvt. It seems to report the expected value for best > matching OS:
thanks for passing this info. Unfortunately its technically not possible that: OS End of Life Detection (http://plugins.openvas.org/nasl.php?oid=103674) is reporting Windows 8 as EOL with an output of Detection Consolidation and Reporting (OID: 1.3.6.1.4.1.25623.1.0.105937) you have passed to me below. All detected and registered OS types which are evaluated by the "OS End of Life Detection" are showing up there. Could you make sure that this is an output of a report / host you have seen this issue? Regards, Christian >> Best matching OS: >> >> OS: Windows 7 Enterprise 7601 Service Pack 1 >> CPE: cpe:/o:microsoft:windows_7:-:sp1 >> Found by NVT: 1.3.6.1.4.1.25623.1.0.102011 (SMB NativeLanMan) >> Concluded from SMB/Samba banner on port 445/tcp: OS String: Windows 7 >> Enterprise 7601 Service Pack 1; SMB String: Windows 7 Enterprise 6.1 >> Setting key Host/runs_windows based on this information >> >> Other OS detections (in order of reliability): >> >> OS: Microsoft Windows Server 2008 SP2 >> CPE: cpe:/o:microsoft:windows_server_2008::sp2 >> Found by NVT: 1.3.6.1.4.1.25623.1.0.108021 (Nmap OS Identification (NASL >> wrapper)) >> Concluded from Nmap TCP/IP fingerprinting: >> OS details: Microsoft Windows Server 2008 SP2 >> OS CPE: cpe:/o:microsoft:windows_server_2008::sp2 >> >> OS: Microsoft Windows >> CPE: cpe:/o:microsoft:windows >> Found by NVT: 1.3.6.1.4.1.25623.1.0.102002 (ICMP based OS Fingerprinting) >> Concluded from ICMP based OS fingerprint: >> (95% confidence) >> >> Microsoft Windows Regards, > > -----Original Message----- > From: Openvas-discuss [mailto:[email protected]] On > Behalf Of Christian Fischer > Sent: Tuesday, July 18, 2017 4:04 PM > To: [email protected] > Subject: Re: [Openvas-discuss] Windows 8 EOL false positive > > Hi, > > On 18.07.2017 21:16, Matt Koivisto wrote: >> Hi, >> >> I am running openvas-9 on centos 7, all the feeds up to date. I have >> seen some windows 7 hosts with SP1 installed and fully patched that >> are being detected as windows 8 machines and thus get flagged as "OS >> End of Life Detection" (http://plugins.openvas.org/nasl.php?oid=103674). >> >> Specifically, for verified windows 7 machines I get the false positive: >> >>> The "Windows 8" Operating System on the remote host has reached the >> end of life. >> >>> CPE: cpe:/o:microsoft:windows_8 >> >>> Installed version: >> >>> EOL date: 2016-01-12 >> >>> EOL info: >> https://support.microsoft.com/en-us/lifecycle/search?sort=PN&alpha=Win >> dows%208&Filter=FilterNO >> >> Is anyone else seeing this on their network as well? Any suggestions? >> >> I tried to trace through a bit to verify what's coming back from the >> remote registry using openvas-nasl directly, but without any success. > > thanks for your report. Could you post the output of the following NVT: > > OS Detection Consolidation and Reporting (OID: 1.3.6.1.4.1.25623.1.0.105937) > > This might give more info where the Windows 8 detection is coming from. > > Regards, > > -- > > Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | > http://greenbone.net Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR > B 202460 > Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner > > _______________________________________________ > Openvas-discuss mailing list > [email protected] > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > This e-mail may contain information that is privileged or confidential. If > you are not the intended recipient, please delete the e-mail and any > attachments and notify us immediately. > -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | http://greenbone.net Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
