cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Purging superceded detected vulnerabilities

The inability to purge "unremediated" vulnerabilities is causing previously detected vulnerabilities to not be cleared when a newer patch addressing that vulnerability is applied.  This is causing machines to report vulnerabilities that do not exist.  For example I use the non-superceded vuln sets for Adobe and Microsoft.  A machine is found to be missing an IE patch.  The next month a cumulative patch for IE is released that supersedes the previous patch.  The previous patch is removed from the vuln set, and even though the cumulative patch is applied the machine will still report the previous vulnerability until it is scanned for again, which won't happen if we're only scanning for non-superseded patches.  These just build and build over time and it's creating a lot of reporting issues for us, particular with trending.

MVM seems to be severly lacking overall in the patch supersedence area.  I shouldn't have to create special scans to go look for vulnerabilities that have been remediated by a newer patch.  Seems like the only resolution is to scan for every patch every time which would mean scans would be running 24/7/365.  Unless I'm missing something....and I really hope I am.  I would very much like to be wrong about this.  My boss is ready to fork lift MVM for a different product.

1 Reply
feeeds
Level 9
Report Inappropriate Content
Message 2 of 2

Re: Purging superceded detected vulnerabilities

I would agree, and I have not found a good solution either. I have opened a few tickets in the past, only to go down the rabbit hole. On the one had mcafee will tell you that MVM is not a patch scanner, it's a VA scanner that scans for missing patches. But MVM is full of false positives in how it scans for patches. If one .dll file does not have the correct date, MVM says the patch is not applied, when every other scanner will tell you it is. They really need to change how their engine looks for patches and supports patches being superseded.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community