Penetration tools may alert if IIS server is accepting requests with HTTP OPTIONS method. This is because the response to these requests may reveal what other methods are supported by the web server.
Read More
Vulnerability “Remove the default page or stop/disable the IIS server”
Penetration tools may raise an alarm if the default IIS page is still available in your server. This page comes by default when you install Web Server role.
Read More
w3wp service is missing for counters in Performance Monitor
Performance Monitor is an easy-to-use tool to record and monitor performance metrics. If you would like to measure IIS performance, you will need to add w3wp as an instance to your counter. What if there is no w3wp instance in the list?
Read More