cancel
Showing results for 
Search instead for 
Did you mean: 
drewgtr3
Level 7

Foundstone- Presence of AV Vulnerability Assessment

Jump to solution

Hey everyone,

I presented this question to platinum support to no avail and was basically told I was out of luck on it.  I was hoping someone in the community might of ran into the same issue and found either the solution or a workaround.

I am attempting to generate an asset report from a scan in foundstone to check for the presence of AV on quite a few servers.  I have found the vuln check sets that check for the version or version & hotfix but thats the reverse of what I need.  I need to get a report detailing what devices do NOT have AV installed.  In the case that say someone created a VM from a template that had no AV or something similar.  I can use thoe above mentioned assessment but that returns a huge list of devices with it making it near impossible to locate the ones that don't have anything installed.

Has anyone else ran into this issue and found anything on it?

Thanks!

Andrew

0 Kudos
1 Solution

Accepted Solutions
cgrim
Level 13

Re: Foundstone- Presence of AV Vulnerability Assessment

Jump to solution

Hi Andrew,

What Anti-Virus are you referring to?  We're probably not going to have content that tells you if your *someothervender* AV is installed, but we do have some content around McAfee VirusScan.  Like what about the Real-Time Detection Enabled script?  If not enabled = vulnerable.

And if we don't have the specific content you need,  MVM lets you create your own.  Writing a new FSL Script to look for a registry entry would probably do the trick, and if you need help with custom content I'm sure McAfee Professional Services can help.  If you have Policy Auditor,  you can create a quick script to check the registry or file system using the PAAC Tool.

You have lots of options...

-Cathy

0 Kudos
4 Replies
cgrim
Level 13

Re: Foundstone- Presence of AV Vulnerability Assessment

Jump to solution

Hi Andrew,

What Anti-Virus are you referring to?  We're probably not going to have content that tells you if your *someothervender* AV is installed, but we do have some content around McAfee VirusScan.  Like what about the Real-Time Detection Enabled script?  If not enabled = vulnerable.

And if we don't have the specific content you need,  MVM lets you create your own.  Writing a new FSL Script to look for a registry entry would probably do the trick, and if you need help with custom content I'm sure McAfee Professional Services can help.  If you have Policy Auditor,  you can create a quick script to check the registry or file system using the PAAC Tool.

You have lots of options...

-Cathy

0 Kudos
drewgtr3
Level 7

Re: Foundstone- Presence of AV Vulnerability Assessment

Jump to solution

Hey Cathy,

Thanks for the quick reply.  I am attempting to execute a check to see if McAfee VSE resides on these servers.  I know there are other checks as in installation version, dat version, real-time detection enabled, etc but none fit my needs.  I basically am just trying to find out if some servers AV protection was overlooked when they were first setup. 

Funny you mention those extra tools, Platinum support never gave me that info.  Do you happen to have any documentation or links to documentation that could help me get started on the FSL Scripts?

Thanks!

Andrew

0 Kudos
cgrim
Level 13

Re: Foundstone- Presence of AV Vulnerability Assessment

Jump to solution

Hi Andrew,

Who's your Platinum contact?  I will let them know to get you all the relevent FSL scripting materials.  It's only avialable under NDA, so the process is to get an SR opened, NDA confirmed, info's provided.

-Cathy

0 Kudos
drewgtr3
Level 7

Re: Foundstone- Presence of AV Vulnerability Assessment

Jump to solution

Hey,

Nina_Khachatourian@McAfee.com is our account manager. 

Thanks!

0 Kudos