We’ve recently downloaded an evaluation of OpenVAS for our organization. While OpenVAS returns some vulnerability alerts, it is not picking up some known vulnerabilities on some systems. For example, I installed Adobe Acrobat Reader 11.0.0 without updates, yet I do not get any alerts about these vulnerabilities. Other vulnerability scanners we are testing were able to detect these vulnerabilities.
I would like to understand why these vulnerabilities are not getting detected. Is there a way that I can see the detailed results for a test against a single NVT?
Thanks bricks! I had the credentials configured, but I just discovered that Remote Registry was disabled on my test box. Scan in progress, and now I’m seeing the expected alerts.
As an additional note you should find various info about such authenticated scans and possible issues (if you have credentials configured) as an “Log” entry of the following two NVTs within your report: