We have a very complex system of several windows 2008 R2 servers that have several open ports, protocols, services. On a few of these ports I get 38229 during a PCI scan. These vms are not IDSs. I have tried setting the performance settings to low and still get the QID. The systems are internal and the latest vm that I am investigating does not have AV but still gets the QID. I should say that the report says there were several good connections followed by 3 failures. (By successful connection, I believe Qualys means that there was a SYN SYNACK, but the scanner does not do an ACK to complete the connection)
It comes up as a PCI FAIL, but support says that it really means it was an incomplete test. So what is a complete test? X successful connections? Or does it keep trying to connect until the rest of the scan is done? Has anyone else encountered this? What is the fix? Thanks.