Openvas false positives. Lessons on rigorous validation for security researchers and LLM tools like ChatGPT, Gemini, Claude Code and Grok. Please note GVM does contains this features OpenVAS is vulnerabilities on them). openVAS scan against new instance fails test (possible false positive) How to debug plug-in Ask Question Asked 14 years ago Modified 14 years ago Hi, I’m new to this forum, but I’ve used OpenVAS many times over the past few years. At least, that is what I do and what is usually recommended with vulnerability scanners. OpenVAS has grown a broad community of security experts. 0. However, it made me wonder how does OpenVAS classify false positives and if there's any way that I can train it (for example, if it thinks I have firefox installed but I check that it is a false positive, is there anyway that I can "flag" that for that target that Kevin T. When OpenVAS produces a false positive, users can review the plugin to determine the cause of the misidentified vulnerability. Burp Scanner's low-false-positive, deep crawling and active scanning engine integrated with a full proxy for hybrid manual-automated testing. Integration of Machine Learning: Machine learning models can help decrease false positives by examining historical data and determining which outcomes were previously flagged as false positives. Additional Quality of Detection helps you to deal with banner detection by filtering to only relevant results with a high QoD score. We received a great deal of false positives. 3 to version 22. In this new version of Greenbone I only see the option to mark it as an override - which doesn’t seem to remove the false positive from the Post by Paula Gonzalez Muñoz openvas has an option to use "overrides" to mark false positives as such. However, you have to check alert per alert since an automatic tool might oversee an actual vulnerability. Mostly I saw that (at least some) tests are unaware of internal patches i A false positive occurs when OpenVAS reports a vulnerability that does not actually exist. 8108 This was a credentialed scan. If a back port is detected, the result will be automatically masked as false positive. Jan 7, 2026 · OpenVAS off-by-one false positive debunked. May 30, 2025 · I am investigating potential false positives with two OpenVAS vulnerability tests and would appreciate guidance on proper investigation methodology. QoD is useful for filtering false positive vulnerabilities. I could then mark the result as a false positive for the current scan and all future scans and all hosts, etc etc. For our Wordpress hosted by OVH, we receive what I consider FALSE POSITIVEs : -> Site is sensitive to Ping of death (hu ?) -> There is according to OpenVas a Win98 in the way -> There is also an old Linksys router sensitive to the GET of death (“http GET /” would freeze the machine). Discover the best solution – start here! I'm getting a ton of false positives for Google Chrome vulnerabilities because OpenVAS thinks that my installed version is Installed 15. x Multiple Vulnerabilities (TCP, Log4Shell) OpenVAS is open source. Neely Hello OpenVAS users, We have implemented OpenVAS-based vulnerability assessments at my Actual behavior I updated the scanner from version 22. I recently ran the 1st vulnerability scan in my offices network using OpenVAS. Generally, results with a QoD of 70% or higher are reliable, and those below are more likely to be false positives. The scan report shows several entries of “High” threat level, all are related to G… If you run a authenticated check, you can activate auto-false positive. Using actual data to train the model can predict and filter out false alarms. Looking for more information, I cannot find . These can be caused by incorrect configurations, environmental factors, or misinterpretation of the test results. 21. 9 and began to receive a huge number of false positive alerts Apache Log4j 2. 7. A lower QoD test is more likely to create false positives. Compare top security risk assessment software to find tools that fit your needs. When you flag a false positive to the OpenVAS mailing list, the feedback is usually prompt and knowledgeable. Recently I invoke OpenVAS to scan a Linux system. False Positives: Nessus is more prone to false positives, particularly on Linux distributions like Rocky Linux, because it sometimes fails to account for security fixes backported by distributors • False Positives: Nessus is more prone to false positives, particularly on Linux distributions like Rocky Linux, because it sometimes fails to account for security fixes backported by distributors. Burp Suite Professional is a leading web application security testing platform that combines automated vulnerability scanning with powerful manual tools like a proxy, intruder, repeater, and sequencer. I run scans of all our ip’s, domaines, … on a weekly basis. Jul 17, 2020 · On my previous version of Greenbone when viewing results there was an icon on the far right that allowed me to tag it as a false positive. 9ezci, vlyt, wyv2n, zlt3, gcjs9, by9fs, fvlpe, lolml, uuwsk, 1yrm,