When I try to scan Windows 10 and Windows 11 users get notifications (three times in total per machine) about a blocked VirTool, and when I checked the logs I noticed that there is an issue WMI query. is there a way to understand how Greenbone performs a scan on a Windows machine:
I have the latest version of each component installed on Ubuntu 22.04
I want to understand how Greenbone initiates a scan, I understand it’s via SMB and it seems to try to execute a WMI query on a remote machine after trying to connect to it, yet what I don’t understand is if Greenbone gained access to the remote machine then what is trying to achieve by simulating VirTool (assuming the report from Windows defender APT is accurate) and if there is any recommendation enhance Windows scan without having this kind of warning.