Does GFI LanGuard execute the respective hack/vulnerability when scanning for alerts?

Answer

When scanning for some alerts, GFI LanGuard does execute code to check if the exploit exists on the scanned machine.

E.g. One of the alerts is the Escape Characters Decoding bug. It does execute the following GET command on the scanned machine:

..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir

It then checks for the following reply from the web server: DIRECTORY OF

So, GFI LanGuard does actually need to run exploit the vulnerability in some cases. However this is obviously done in a harmless way.

 

Note: This may trigger some Intrusion Detection System (IDS) software. In the example mentioned above, the IDS software may identify the scan as coming from a virus.