File created during scan on windows system

Use this category only if you have build GVM from sources or if you use packages provided by a 3rdparty repository.

Please read About the Greenbone Source Edition (GSE) and About GVM Architecture before posting.

When posting you should provide information about your environment using the following template:

GVM versions

I performed a scan on a windows system and noticed an empty file that was created in c:\windows. Is this normal behavior?
gsad: (‘gsad --version’)
gvmd: (‘gvmd --version’)
openvas-scanner: (‘openvas --version’, in older GVM versions < 11: ‘openvassd --version’)


Operating system:
Kernel: (‘uname -a’)
Installation method / source:

Hi @lee_in_wv and welcome to the forum :slight_smile:

from the documentation here 10 Scanning a System — Greenbone Security Manager (GSM) 21.04.11 documentation and here 10 Scanning a System — Greenbone Security Manager (GSM) 21.04.11 documentation ( Restrictions) it looks like it used to be normal behavior on older versions. Which version of GVM are you using (and operating system) and which version of Windows are you scanning? You can use the template that was included with your first post to find version numbers. Thanks!

Hello DeAnn,
I am using gsm 21.4.4 on kali 5.15.0. The gsad version is 21.4.3. The openvas-scanner version is 21.4.3
The system is windows 2019.

Thanks for your help


Hi @lee_in_wv and thanks for the info. I checked with development and they told me that normally /windows should not be writable, and it looks like it could be a permissions issue.

Hello DeeAnn,

Thanks for the follow up. I did use a credential with local administrator access for the smb login. Perhaps that is why.
I have used the same method scanning other windows systems and not noticed this.

1 Like

Currently i’m missing the info in this topic which name this file has. It is only described as “an empty file” without mentioning the file name.

This could help to determine if the file was created during the scan (i’m not ware that any files are created during a scan) or if this was just by coincidence.

1 Like

The file name is _1643225880.5179408.

Thanks for your help