I'm using OpenSCAP 1.3.1 on Windows 10 Professional (64-bit) with the CISecurity OVAL vulnerability definitions, schema version 5.11.1. My definition files all pass validation.
I receive a lot of these warnings when evaluating my Windows 10 hosts:
W: C:\Program Files (x86)\OpenSCAP 1.3.1\oscap.exe: Obtrusive data from probe!
You can see the console output of one test evaluation below: https://pastebin.com/sZZcBjs3. There were 213 definitions and 82 obtrusive data warnings. Whenever these warnings are written to the console it seems to hang for a while, taking a significant time before moving on to the next evaluation. This evaluation of 213 definitions took 58 minutes:
PS C:\Windows\system32> measure-command {
$OpenSCAPLocation = [string](Get-ChildItem HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall | ForEach-Object { Get-ItemProperty $_.PsPath } | Select-Object DisplayName, InstallLocation | Where-Object{$_.DisplayName -eq "OpenSCAP"}).InstallLocation
Start-Process -NoNewWindow -Wait -WorkingDirectory $OpenSCAPLocation -FilePath "oscap" -ArgumentList "oval eval --results `"C:\Program Files (x86)\OpenSCAP 1.3.1\results-def3.xml`" `"C:\wamp64\www\definition_files\w10_definitions_1.xml`""
}
Days : 0
Hours : 0
Minutes : 58
Seconds : 52
Milliseconds : 187
Ticks : 35321878555
TotalDays : 0.0408818038831019
TotalHours : 0.981163293194444
TotalMinutes : 58.8697975916667
TotalSeconds : 3532.1878555
TotalMilliseconds : 3532187.8555
I've searched high and low for information on this warning but can't find anything useful. The best I could find was this issue: https://github.com/OpenSCAP/openscap/issues/1394
- What does this warning actually mean?
- Is there somewhere I can read up on the cause and resolution?
- Is it something I should even worry about, or just an expected warning (at this frequency)?
Loving OpenSCAP so far, excited to see how it progresses with Windows this year!
Thanks!
