In our environment, QualysGuard is incorrectly identifying some operating systems via TCP/IP fingerprinting. I have a pretty good idea why it's happening - we have network devices (including firewalls) between the scanner and the target that are likely causing the issue. We can't do anything to change that. We also can't implement authenticated scans.
My question, though, is this - what is the impact on scan results for an asset with an incorrect OS? Specifically, I am curious about 2 things:
1. Will the incorrect OS affect the QIDs the scanner tests (in other words, does the scanner selectively choose which QIDs to test based on the OS detected)?
2. Will the incorrect OS affect the accuracy of the test results for any QIDs?