We have a similar issue on our internal bug tracker and are looking for a solution.
Most likely the host counter is wrong here, and the operating system is actually still in use. If you still want to delete the operating system, you would need to check the details of each host. Note that you should click “Show all Identifiers” on the host detail page, else not all identifiers will be shown.
Due to the bug in the host counter, I believe one needs to research manually which host still uses this OS asset as following:
To find the host assets that are using the OS assets despite the wrong count, open the host asset view
Web GUI > Assets > Hosts
and enter the powerfilter
replacing cpe:/… with the correct cpe of the os. It will look like the following example
this will list all host assets that feature said cpe as primary or secondary OS-Identifier.
You can delete the OS identifiers from the hosts, or the hosts altogether. When no host is using the OS-asset anymore, the os-asset it self can be deleted as well.
Apparently one software I have running on Ubuntu makes the host look like its Debian “cpe:/o:debian:debian_linux”
And Debian is identified as “cpe:/o:debian:debian_linux:10” but also as “cpe:/o:linux:kernel”.
So I have “cpe:/o:debian:debian_linux” and “cpe:/o:linux:kernel” showing 0 hosts and they are not deletable…
Could you please create a new topic in https://community.greenbone.net/c/vulnerability-tests/7 and provide the output of the following two VTs (the second might not be included in your report if there are no unknown OS identifiers found) so that the feed team could have a look if the detection can be improved?
Name: OS Detection Consolidation and Reporting
Name: Unknown OS and Service Banner Reporting
AFAIK this is expected / by design. GVM is using all found OS identifiers during a scan on purpose to give the user the choice to search for e.g. “All Debian systems” but also for “All Linux systems” (which includes all Debian systems).