Showing results for 
Search instead for 
Did you mean: 
Level 7

Creating a custom vulnerability set

I was trying to create a custom adhoc vulnerability set to detect the Openssl vulnerability using FASL's 16680 &16681. I enabled just those two and disabled all others. The scan fails to detect vulnerable systems, but my normal monthly scan set is able to. Am I missing required FASL's??  Using MVM 7.5.6

0 Kudos
1 Reply
Level 7

Re: Creating a custom vulnerability set

rwitkowski, are you still having this problem?  One item you might want to look at are associated ports being flagged in your full scan.  If those ports aren't included in the 16680 or 16681 check then they won't flag when you run a scan just based on those two checks.

A potential workaround to this is to setup your services detection to detect HTTPS running on non-standard ports.  This will allow your HTTPS related checks to run against any port identified as running HTTPS

0 Kudos