When scanning for some alerts, GFI LanGuard does execute code to check if the exploit exists on the scanned machine.
E.g. One of the alerts is the Escape Characters Decoding bug. It does execute the following GET command on the scanned machine:
It then checks for the following reply from the web server:
Note: This may trigger some Intrusion Detection System (IDS) software. In the example mentioned above, the IDS software may identify the scan as coming from a virus.