cancel
Showing results for 
Search instead for 
Did you mean: 
jazz.haria
Level 7

Full Vulnerability Scan not reporting "Hotfixes and Patches"

Using MVM 6.8

When running a Full Vulnerabilty scan (using default template) against a Windows Server A with administrator credentials do not get any "Hotfixes or Patches" reported

Under "Windows Assessment Module Vulnerabilities By Category Report" only get

Windows

Miscellaneous

Web

Network

However if I run the same Full Vulnerability scan (Server A) using the same credentials with only "Hotfixes and Patches" selected I get a list of missing "Hotfixes and Patches", which proves that the credentials are correct.

Running the same Full Vulnerability Scan (using default template) against another server B with the same administrator credentials get "Hotfixes and Patches" reported

Under the "Windows Assessment Module Vulnerabilities By Category Report" get

Patches and Hotfixes

Security Policy /Options

Services

Miscellaneous

Windows

Web

No Credentials Required

Miscellaneous

Anti-Virus Software

Is there any reason for this behaviour?

Is there    

Windows Assessment Module Vulnerabilities By Category ReportWindows

0 Kudos
3 Replies
jhaynes
Level 12

Re: Full Vulnerability Scan not reporting "Hotfixes and Patches"

If you are using the same credentials there isn't a reason for this. I'd open up a service request so we can take a look at your log files and see what type of access you received to that target.

Jeff Haynes

0 Kudos
jazz.haria
Level 7

Re: Full Vulnerability Scan not reporting "Hotfixes and Patches"

Hi Jeff,

Thanks for your response.

With regards to the log files, can you give a pointer so that I may investigate this

Many Thanks

Jazz

0 Kudos
jhaynes
Level 12

Re: Full Vulnerability Scan not reporting "Hotfixes and Patches"

Well what I would do is search for the word "credential" in the log file. You will be able to determine if the authentication was successful when you locate that section. There is more to it though than successful authentication. For instance someone with just user level access can authenticate but they would not have the file system or registry access that is needed. Once you locate the credential successful message if you have the proper access to the file system and registry you will not receive any more messages on the topic. If you don't have access though you will see a message.

Jeff Haynes

0 Kudos