Account credentials must have sufficient privileges, as defined by the service. When processing an authenticated scan, we determine whether the account provided has sufficient privileges for each target host. If sufficient privileges are found, the assessment phase occurs and the most accurate and complete information is collected from the scan. If insufficient privileges are found, the scan completes as follows, depending on the scan type.
If insufficient privileges are found, the assessment phase occurs using the credentials provided assuming the credentials allow login to the target host. Authenticated scanning with insufficient privileges does not return the most complete and comprehensive vulnerability results since not enough information is gathered from the host. In this scenario, it's very possible that the scan results identify false-negatives and it's also possible that scan results identify false-positives. If the credentials do not allow login to the target host, the service performs a non-authenticated scan.
If insufficient privileges are found, proper authentication to the host for compliance fails, the assessment phase does not occur, and the scan is finished. As a result, no compliance information is collected from the host. The Authentication Report helps you identify where authentication was successful and where it failed for compliance hosts. You'll see the status Passed* when there are insufficient privileges. This status applies only to PC.