We are running an Intrusive, credentialed scan against a test Solaris system. The scan optimization is set to Normal. The scan completed in about 2.5 hours, however when we verified the logs, approximately 80-90% of the 7000 scripts have the error "...is taking too long!! Aborting...(state 4)"
We then re-ran the same scan, but only with the 6500 non-intrusive checks enabled. This resulted in the same (Approx 2.5 hours, most checks Aborted.)
Finally, we removed the credentials and ran only the non-intrusive checks, which totaled 456, and the scan completed in under 5 minutes, and there were no errors in the logs.
This is a concern to us as we need to ensure that we are receiving accurate results, and that all scans are being run and completed against a target.
Is this related to the Optimization settings? Could there be any other reason for us to receive so many of these "taking too long!! Aborting..." errors?
No this isn't related to the optimization settings. The optimization settings really only affect the discovery portion of the scan and not the assessment portion.
Normally when a script aborts because it takes too long to complete, 6 minutes, its because the target isn't responding in a timely manner. To narrow this down I'd go back to doing a full vulnerability scan but just on a single target. If you still are receiving those errors I'd scan that target with just 10 credentialed checks and look again for those errors.
What type of connection do you have to those targets?
This is probably going to require you to open up a Service Request so we can gather some data.
This scan was against a single Target. I will run only 10 credentialed checks only, as you suggested.
Our connection to this system is Gigabit.
I will open a Service Request.
Thanks for your help.