File created during scan on windows system

lee_in_wv · January 27, 2022, 12:43pm

Use this category only if you have build GVM from sources or if you use packages provided by a 3rdparty repository.

Please read About the Greenbone Source Edition (GSE) and About GVM Architecture before posting.

When posting you should provide information about your environment using the following template:

GVM versions

I performed a scan on a windows system and noticed an empty file that was created in c:\windows. Is this normal behavior?
gsad: (‘gsad --version’)
gvmd: (‘gvmd --version’)
openvas-scanner: (‘openvas --version’, in older GVM versions < 11: ‘openvassd --version’)
gvm-libs:

Environment

Operating system:
Kernel: (‘uname -a’)
Installation method / source:

DeeAnn · January 27, 2022, 1:34pm

Hi @lee_in_wv and welcome to the forum

from the documentation here 10 Scanning a System — Greenbone Security Manager (GSM) 21.04.11 documentation and here 10 Scanning a System — Greenbone Security Manager (GSM) 21.04.11 documentation ( 10.3.3.3 Restrictions) it looks like it used to be normal behavior on older versions. Which version of GVM are you using (and operating system) and which version of Windows are you scanning? You can use the template that was included with your first post to find version numbers. Thanks!

lee_in_wv · January 27, 2022, 2:53pm

Hello DeAnn,
I am using gsm 21.4.4 on kali 5.15.0. The gsad version is 21.4.3. The openvas-scanner version is 21.4.3
The system is windows 2019.

Thanks for your help

Lee

DeeAnn · January 28, 2022, 9:49am

Hi @lee_in_wv and thanks for the info. I checked with development and they told me that normally /windows should not be writable, and it looks like it could be a permissions issue.

lee_in_wv · January 28, 2022, 11:42am

Hello DeeAnn,

Thanks for the follow up. I did use a credential with local administrator access for the smb login. Perhaps that is why.
I have used the same method scanning other windows systems and not noticed this.
Lee

cfi · January 28, 2022, 3:54pm

Currently i’m missing the info in this topic which name this file has. It is only described as “an empty file” without mentioning the file name.

This could help to determine if the file was created during the scan (i’m not ware that any files are created during a scan) or if this was just by coincidence.

lee_in_wv · January 30, 2022, 7:15pm

The file name is _1643225880.5179408.

Thanks for your help