Exclude ports from scanning not working as expected, need help

Hello dear community,

I am having some problems excluding ports from scanning. I did required changes in “Do not scan fragile devices or ports” and specifically entered port 445 to not be scanned (script_add_preference(name:“Exclude specific port(s) from scan”, type:“entry”, value:“445:tcp:full”)), but anyways there are some tests that are still running against this port, for example “SMB Brute Force Logins With Default Credentials” . I noticed that inside this one, there is a function get_port_state(port) that is used, but i could not find anywhere how it is working.

Anyways, is there other way in Openvas to exclude specific ports from scanning other then from test “Do not scan fragile devices or ports” ?

Thank you!

The only solution i could come in the end of the day is to use Port Lists and customize it, basically removing the ones that i do not want to get detected

This is indeed the required way of excluding a specific port.

Note that the mentioned VT configuration option is just provided as a workaround for a current limitation within GVM where it is not possible to exclude specific ports (like e.g. 445) from a bigger port list like “All TCP”.

Even if there are many VTs evaluating and respecting the “Exclude specific port(s) from scan” option there are quite a lot currently not capable of, especially such where it is known that the port isn’t fragile (like e.g. 445).