cancel
Showing results for 
Search instead for 
Did you mean: 
hirakpatel
Level 7

Vulnerabiltiy Identification and Recommendation Mechanism

Hello All,

How does McAfee MVM identify a vulnerability and provide a recommendation ?

If I am to make a guess, then through it would check for certain file version and/or registries lookup, etc.

Does it look into what OS and SP level are there and based upon provide it's recommendation ?

For Example: Vuln id: 9612 for MS10-046 identifies the vulnerability on Windows 2000, XP, Server 2003, Win 7. All in same fashion.

It states the same recommendation for all machines (irespective of any OS version or SP level) stating that there is a patch available.

But the truth is there is no patch available for this vulnerability for Window 2000 or Windows XP SP2. As these have reached are EOL.

Can McAfee please upgrade there Vulnerability Identification & Recommendation Mechanism where it should look at whether OS is supported by the vendor or not ?

And on that bases provide recomendation whether a patch is available or not.

Please let me know if I have stated anything incorrectly.

Best Regards,

Hirak

5 Replies
john.m.sopp
Level 11

Re: Vulnerabiltiy Identification and Recommendation Mechanism

Hirak has a GREAT point.
I just came out the end of a discussion as to why some vulns from 5-10 years ago were still showing up on hosts when manual investigation and automated patching solutions showed the patch as not applicable(reason being- the software is no longer being patched by the vendor/unsupported)

Failing to state that a vuln shows up because the current software version is unsupported is VERY painful and is a resource drain !

on 6/1/12 9:12:14 AM EDT
cgrim
Level 13

Re: Vulnerabiltiy Identification and Recommendation Mechanism

Hi Hirak and John,

Just because MS doesn't publicly patch the OS anymore doesn't mean you aren't vulnerable.  

If you're going to continue with these vulnerable targets on your network, you might want to pursue a Custom Support Agreement (CSA) with Microsoft so you can get patches, and/or spend the time to upgrade to a version that is publicly patched...  In a perfect world 'eh?

There's a very general KB article out there:

https://kc.mcafee.com/corporate/index?page=content&id=KB69646

I think in a nutshell it's saying we don't test or certify the scripts against EOL products.

It's unlikely McAfee is going to put any development effort into this, since by definition the products are EOL, and customers are (hopefully) moving away from it.   Their efforts are going to be spent creating new content.  You know?

You can always submit a Product Enhancement Request if you really feel this is a huge pain point for you.

I hope that helps!

-Cathy

0 Kudos
hirakpatel
Level 7

Re: Vulnerabiltiy Identification and Recommendation Mechanism

John,

Thanks for the support.

Cathy,

I understand that even if patch is not available, the system is vulnerable.

What I was trying to suggest was; can we get recommendation based on OS?

Currently the recommendation is static, whether it's Win 2000 or Win 7.

Hirak

0 Kudos
john.m.sopp
Level 11

Re: Vulnerabiltiy Identification and Recommendation Mechanism

I agree that these items are vulnerable. I think the recommendations should be modified to say something like, using Hirak's example, "If currently on windows 2000, please upgrade to a newer OS and apply the patch" along with the standard recommendation

0 Kudos
cgrim
Level 13

Re: Vulnerabiltiy Identification and Recommendation Mechanism

Hi John and Hirak,


i understand what you're asking for... That will be a pretty good size effort by the R&D team I would expect.  To get this request into their *plan* you should consider submitting a Product Enhancement Request.  Go to:

https://community.mcafee.com/groups/mvm-news click on the Submit Feature Request button

Or directly at: https://mcafee.acceptondemand.com/index.jsp?path=/login-external.jsp

Or you can open a Service Request for individual script recommendations that you need updated in a more timely manner...

I hope that helps!
Cathy