cancel
Showing results for 
Search instead for 
Did you mean: 
ed87
Level 7
Report Inappropriate Content
Message 1 of 6

Vulnerability report excluding

I'm tired of getting reports back with vulnerabilities with recommendations like this:

McAfee is currently unaware of a vendor-supplied patch or update

McAfee Avert Labs is not aware of a vendor-supplied patch/upgrade at this time

I would like to filter these items out of the report.  I assume I can do this using "Patch Availability" rule in a vulnerability set.  I don't want to exclude vulnerabilities that are configuration issues and therefore have no patch available.

Would I include:

"Patch Availability: Patch Available"

"Patch Availability: Undetermined"

"Patch Availability: NA"

and then exclude

"Patch Availability: No Patch Available"

I'm not sure what the difference between "Undetermined and N/A" would be.  Again, I just want to exclude vulnerablities that I can't do anything about in these reports.  I want to make sure that non-patch related issues, like configuration settings stay in the report.

5 Replies
Highlighted
cgrim
Level 13
Report Inappropriate Content
Message 2 of 6

Re: Vulnerability report excluding

Hi Ed,

Our R&D team is continually going thru the content and trying to update any of the scripts that didn't have a patch when released (why they put that text), that does now.  it's on ongoing effort.  In any case that you know a patch is available you can let us know and we can get them updated as a one (or 2 or 3) off.

In the meantime using the Vulnerability Set should be an option, but I'm currently working an issue that the "Is not Equal to" is not working.  I'm not sure of the cause yet, so of course there isn't any solution (yet). 

If you run into specific problems let me know, and I can update you on the progress of the other issue.

-Cathy

ed87
Level 7
Report Inappropriate Content
Message 3 of 6

Re: Vulnerability report excluding

I'm using 7.0.  I've run 4 test reports that contain the following logic:

1. equals Patch Available

2. equals No Patch Available

3. equals Patch NA

4. equals Patch Undetermined

Despite the fact that I'm running against a machine that has several vulnerabilities where patches are not available, the "equals No Patch available" logic yields zero results.  Most of the vulnerabilities fall under "Patch Undetermined", which clearly state "McAfee is currently unaware of a vendor-supplied patch or update"...would that be "No patch available"?  That seems like something is broken.

Can you explain the logic of how something without a patch becomes patch undetermined?

How reliable is the patch available/not available field?

cgrim
Level 13
Report Inappropriate Content
Message 4 of 6

Re: Vulnerability report excluding

Hi Ed,

Sorry, I think you missed my comment above:

"but I'm currently working an issue that the "Is not Equal to" is not working.  I'm not sure of the cause yet, so of course there isn't any solution (yet)."

I see you confirmed that anyway.

When I get more details and/or a fix for it, I will post the solution here.

-Cathy

ed87
Level 7
Report Inappropriate Content
Message 5 of 6

Re: Vulnerability report excluding

I can work around the "is not equal to" issue, assuming that the patch availability field is accurate.

For example, instead of writing the logic as "is not equal to: No Patch Available",  I could just write"

is equal to Patch Available

OR

is equal to Patch Not Determined

OR

is equal to Patch Undetermined

...that should yield the same logic.

feeeds
Level 9
Report Inappropriate Content
Message 6 of 6

Re: Vulnerability report excluding

Is there an update on this issue.  I have submitted a PER on this issues as well. I would love a second dashboard that only shows vulerabilites that I can actually remiadiate (fix). I also asked for the ability create my own dashboard.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community