Windows Credential Requirements:
A combination of registry and file system access is required and is best accomplished with a local administrative account.. The reason is that once the scan engine has authenticated to a target two different connection are attempted to determine the level of access.
- The Scan engine attempts to access the targets registry via the Remote Registry Service.
- File system access is attempted by connecting to both C$ and Admin$.
Shell Credential Requirements:
Please read KB54752
This is a common question that takes a little digging into to understand. Most the time it comes down to that it only takes a few vulnerabilities to adversely affect your Foundscore. Once you drop down below a certain point it takes fixing quite a few vulnerabilities before you will see the Foundscore move. I've attached the 6.7 Enterprise Manager Admin Guide to this post. Please go to page 30 and read through the documentation and let me know if you have any questions and I'll try and help you out.
Thank you for the answers. Maybe hard to answer but will setting vulnerabilities to ignore or false-positive and then acknowledging them have any effect on the foundstone score?
On Page 25 of the 6.7 Enterprise Manager Guide it says this.
Note: Tickets marked as Ignore will affect future scan reports. Future scans
that find this vulnerability on this machine will not record this vulnerability for
this machine on future scan reports.
What that means that we will not change the existing Foundscore but since the vulnerability will be considered a false positive or ignored on the next scan the Foundscore will automatically correct itself.