Account credentials must have sufficient privileges, as defined by the service. When processing an authenticated scan, we determine whether the account provided has sufficient privileges for each target host. If sufficient privileges are found, the assessment phase occurs and the most accurate and complete information is collected from the scan. If insufficient privileges are found, the scan completes as follows, depending on the scan type.
If insufficient privileges are found, the assessment phase occurs using the credentials provided assuming the credentials allow login to the target host. Authenticated scanning with insufficient privileges does not return the most complete and comprehensive vulnerability results since not enough information is gathered from the host. In this scenario, it's very possible that the scan results identify false-negatives and it's also possible that scan results identify false-positives. If the credentials do not allow login to the target host, the service performs a non-authenticated scan.
Policy Compliance (PC) scans require authentication to collect data effectively. No data will be collected during the scan if the authentication process fails. Ensuring that the PC scan authentication always returns a PASS status to obtain trustworthy data is crucial. The Authentication Report provided by the scan helps you identify where authentication was successful and where it failed for compliance hosts. When reviewing the report, you might come across a PASS* status accompanied by an 'insufficient privileges' message. This message indicates that there are missing privileges to access the required data during the PC scan. To ensure reliable and trusted Policy Compliance scan data, resolving any insufficient privileges issues before generating the PC report is essential. This status applies specifically to Policy Compliance scans, as successful authentication is a prerequisite for accurate evaluation of compliance data.