How do I go about troubleshooting Windows server False positives?
Call support or put a ticket in online.
False Positives are quite uncommon, however if you do suspect a false positive your first port of call should be the Results section in the scan report or (assuming it is enabled in the report template) technical report. This section of the report shows the test which was carried out to determine that the vulnerability exists. In some cases this is simply file or software versions, in other cases it shows registry keys or other techniques used. In (almost) every case it will show the results of those tests. You can then confirm this with the infrastructure team responsible for the server.
One final thing of note - for Windows servers it is quite common for a host to be patched but not rebooted afterwards. In a lot of cases the patches do require a reboot and a patched vulnerability may still be detected until the reboot takes place. QID 90126 will show where a reboot is pending for a particular host.
One way is if you have Remediation tickets setup in the VM module, you can go to the Remediation Ticket and look at the ticket history. You may have a QID that flaps open and close depending on the scan type (agent/network scan). We have had a lot of these where the agent will close it and the network scan will reopen it and vice versa.
Retrieving data ...