Answer
When scanning for some alerts, GFI LanGuard does execute code to check if the exploit exists on the scanned machine.
E.g. One of the alerts is the Escape Characters Decoding bug. It does execute the following GET command on the scanned machine:
..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
It then checks for the following reply from the web server: DIRECTORY OF
Note: This may trigger some Intrusion Detection System (IDS) software. In the example mentioned above, the IDS software may identify the scan as coming from a virus.