VM scans on RHEL systems tend to generate false positives because Qualys does not seem to take into account the backporting technique used by Red Hat (https://access.redhat.com/security/updates/backporting).
I'm interested to know how other users are approaching this challenge.
Hello Herbon,
Are you seeing a specific issue? If yes, please open a support ticket so we can investigate. Qualys signatures support backported patches for RHEL systems, so we're interested to understand if there is an issue.
Thanks, Robert