Since I'm still playing with the Qualys VM, my security engineer recommended to run dissolvable agent for a more detailed scan and it will need the remote registry on Windows. Does this raise a security concern?
Please see Understanding the Windows Dissolvable Agent, which may give you the information you need. Or if you still have questions, please feel free to ask.
Good information but it does not answer my question about security. Does it or doesn't it poses security? It also states "Eliminates the dependency on the remote registry service" but it still uses the remote registry services. Yes?
Remote registry access in the wrong hands can be very hazardous to your asset and potentially your entire environment. Turning off remote registry access is a mechanism to remediate the vulnerability. Alternatively, limiting remote registry access to administrators only can limit the access and provide a degree of security; however, if an administrator's account is compromised all bets are off.
Retrieving data ...