Use this category only if you have build GVM from sources or if you use packages provided by a 3rdparty repository.
Please read About the Greenbone Source Edition (GSE) and About GVM Architecture before posting.
When posting you should provide information about your environment using the following template:
I performed a scan on a windows system and noticed an empty file that was created in c:\windows. Is this normal behavior?
gsad: (‘gsad --version’)
gvmd: (‘gvmd --version’)
openvas-scanner: (‘openvas --version’, in older GVM versions < 11: ‘openvassd --version’)
Kernel: (‘uname -a’)
Installation method / source:
Hi @lee_in_wv and welcome to the forum
from the documentation here 10 Scanning a System — Greenbone Security Manager (GSM) 21.04.11 documentation and here 10 Scanning a System — Greenbone Security Manager (GSM) 21.04.11 documentation ( 10.3.3.3 Restrictions) it looks like it used to be normal behavior on older versions. Which version of GVM are you using (and operating system) and which version of Windows are you scanning? You can use the template that was included with your first post to find version numbers. Thanks!
I am using gsm 21.4.4 on kali 5.15.0. The gsad version is 21.4.3. The openvas-scanner version is 21.4.3
The system is windows 2019.
Thanks for your help
Hi @lee_in_wv and thanks for the info. I checked with development and they told me that normally /windows should not be writable, and it looks like it could be a permissions issue.
Thanks for the follow up. I did use a credential with local administrator access for the smb login. Perhaps that is why.
I have used the same method scanning other windows systems and not noticed this.
Currently i’m missing the info in this topic which name this file has. It is only described as “an empty file” without mentioning the file name.
This could help to determine if the file was created during the scan (i’m not ware that any files are created during a scan) or if this was just by coincidence.
The file name is _1643225880.5179408.
Thanks for your help