cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 5

Static vuln sets

Jump to solution

I would like to create a static vuln set without having to

  1. Stop FSUpdate
  2. Check each vuln we want to use individually

Take the use case for creating a vuln set including ONLY high rated vulnerabilities and No Intrusive checks, where this check set remains static, as we will want to base future scans across a month on the same vulns set for like comparison.

MVM version 7.5.0

We have tried to use the search feature in mvm while creating a vuln set, but it did not work.(used the following steps)

  • create a new vuln set-tree based
  • display by category name-make sure everything is de-selected
  • search by risk level=high
  • check the non intrusive branch, de-select any categories not desired to scan
  • clear search just to verify nothing information,low, or medium was selected.

Result: Nothing at all appears to be checked, so we cant even move on to the next step to disable new checks(de-select "run new checks")

All help is appreciated!

-John

1 Solution

Accepted Solutions
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 5

Re: Static vuln sets

Jump to solution

Hi John,

I've been thinking about this in conjunction with the question I posted about this, and in my case, the only way I see to be able to do this is to have a scan engine that doesn't update fsl scripts.  In our case however, it's just not practical as the scan I want to do the validation with touches 45,000 machines and runs across 6 scan engines.

In playing with what Cathy suggested, and I think what you referred to in creating a new vuln set, I found if I create a new scan based on my vuln set, preview it, then "un-preview" it, the selected vulns will remained checked and I can click the advanced button to display the "run new checks" check-box.

The problem I see with that however is in the case of a check that has been updated, how does MVM determine how to do this?  Are the old fsl scripts kept and somewhere in the job the old fsl script is kept static?  Or is an updated script technically not a new script so it will run against the updated script which might include a patch/workaround that didn't exist before.  To explain better, if I create a scan today, and it includes 111111.fsl, and I run the same scan again in 30 days and 111111.fsl has been updated, will there be a new 111111a.fsl, and if so, does the original 111111.fsl remain on the system and is referenced somewhere in the scan job.  OR, is 111111.fsl overwritten with the updated check and keeps the same name.  Hope that's understandable!

Joe.

View solution in original post

4 Replies
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 5

Re: Static vuln sets

Jump to solution

Hi John,

I've been thinking about this in conjunction with the question I posted about this, and in my case, the only way I see to be able to do this is to have a scan engine that doesn't update fsl scripts.  In our case however, it's just not practical as the scan I want to do the validation with touches 45,000 machines and runs across 6 scan engines.

In playing with what Cathy suggested, and I think what you referred to in creating a new vuln set, I found if I create a new scan based on my vuln set, preview it, then "un-preview" it, the selected vulns will remained checked and I can click the advanced button to display the "run new checks" check-box.

The problem I see with that however is in the case of a check that has been updated, how does MVM determine how to do this?  Are the old fsl scripts kept and somewhere in the job the old fsl script is kept static?  Or is an updated script technically not a new script so it will run against the updated script which might include a patch/workaround that didn't exist before.  To explain better, if I create a scan today, and it includes 111111.fsl, and I run the same scan again in 30 days and 111111.fsl has been updated, will there be a new 111111a.fsl, and if so, does the original 111111.fsl remain on the system and is referenced somewhere in the scan job.  OR, is 111111.fsl overwritten with the updated check and keeps the same name.  Hope that's understandable!

Joe.

View solution in original post

Former Member
Not applicable
Report Inappropriate Content
Message 3 of 5

Re: Static vuln sets

Jump to solution

Thanks for the workaround via the preview/unpreview. It works!  I hope some time in development is spent on revamping the vuln selection though-not a big fan of leveraging workarounds for key tasks.

Former Member
Not applicable
Report Inappropriate Content
Message 4 of 5

Re: Static vuln sets

Jump to solution

Cool. glad it works!

I agree with you.  Not a big fan of chewing gum and duct tape either (but somehow always finding myself resorting to that!)

Former Member
Not applicable
Report Inappropriate Content
Message 5 of 5

Re: Static vuln sets

Jump to solution

I'm glad to see the collaboration.  Thanks Joe.  Sorry you feel that way about duct tape and gum...

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community