I scanned two virtual machines, and our patching team remediated the critical vulnerabilities. When i rescan the machines and created the report I still see the remediated vulnerabilities. The machine has been restarted also. Thoughts?
These are both Confirmed Detections, and so you should be able to look at the "Results Section" of the scan report to see the vulnerable responses.
Perhaps the patches were not applied correctly, or the system/services have not been fully restarted. You may want to have them attempt the patch again, as it appears this would be a valid vulnerability.
You could also send a request to email@example.com with the scan IP & Results Section, and we should be able to provide a manual test for these.
What is the specific QID in question?
Depending on the specific vulnerability, and the access the scan has to verify, there may be times where a rescan does not have full access to verify the patch was applied. Such can be the case with Potential Vulnerabilties or scans running without Authentcation.
In those cases, once it has been confirmed that the issue was addressed, you can move to 'close/ignore' the specific QID on that host, and it will then no longer be included in your reporting moving forward.
QID 90916 and 90934. Windows authentication was successful for 2 (VMs) hosts. Its just strange that the other machines was refresh and the other VM we still see the two QIDs.
Retrieving data ...