cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
vfguy11
Level 9
Report Inappropriate Content
Message 11 of 12

Re: "Fixable by patch" vs "fixable by other means"

Hi Darren,

Thanks for the follow-up and re-cap of the current handling of patch status.

We're filtering for things in the recommendation section as I outlined above, however there are a couple of typos that make it not completely reliable.

I look forward to hearing from you!

Thanks again.
Joe.

Re: "Fixable by patch" vs "fixable by other means"

Thanks for replying Darren. As you can probably understand, it's very messy for all of us to create a "fix type' field using the recommendation field and is tough to maintain at a reliable level due to lack of consistency in wording. I  also have the same challenge determining security impact type(remote code exec, info disclosure, etc) as we are required to produce metrics on that data as well.


Back to the "fix type" field. We determine this value in excel. I'm sharing with you and the rest of the community just in case anyone needs some more ideas on how to be decently accurate and to aslo clarifiy what we are looking for.

Our possible values for this field are:

Configuration  Change
No Fix/Unknown
Patch or Configuration Change
Patch

To determine this field we have two other fields..one to determine if there is a patch, and one to determine if there is a config change.

Where Cell AJ5 is the recommendation text

:Patch

=IF(COUNT(SEARCH({"not aware of a patch","patch is not applicable","patch is not yet available","unaware of any vendor-supplied patch","unaware of any fix ","unware of any vendor supplied patch","not aware of a vendor-supplied patch","not aware of a vendor supplied patch","unware of any vendor-supplied patch","not aware of any patches","not provide a patch"," unaware of a vendor-supplied patch"},AJ5)),"N",IF(COUNT(SEARCH({"a fix that can be applied","Security updates available","has provided a patch","has supplied a patch","driver update","has released an update","has issued patch","Fix Pack","Vendor updates are available","vendor has made an update available","Bulletin/MS","Download the patch","has provided patching","patch is available","has provided patch","released patches","has patched this flaw","resolves this issue"},AJ5)),"Y",IF(COUNT(SEARCH({"has released the update","oracle.com/technetwork","has released a patch","apache.org/dist/apr/","Updating to version","made updates available","vendor has made patches","issued a patch","install the latest patch","vulnerability is fixed","has released the updated version","ibm.com/aix/efixes","vmware.com/security/advisories","Download the latest version","upgrade","Update Apache","Update to","Update Sun","Download the lastest","Download version","recommends upgrading","Update OpenSSL","Update Wireshark","install the latest version","Update JBoss","wireshark.org/download","Patches for this issue can be downloaded"},AJ5)),"Y","N")))

:Config

=IF(COUNT(SEARCH({"no available workaround"},AJ5)),"N",IF(COUNT(SEARCH({"recommended to remove","workaround","steps","instructions","configuration","Disable","configuring","password","Registry edit"},AJ5)),"Y","N"))

Our fix type field uses the following logic:

If Config=No,Patch=No then No Fix/Unknown

if Config =No,Patch=Yes then Patch or Configuration Change

If Config=Yes,Patch=No then Configuration  Change

If Config=Yes,Patch=Yes then  Patch

Overall I believe that the mcafee scanning side of product works pretty well.

If you add some fields as recommended, you can save myself and your other customers alot of time paining through excel,access, or scripting to show the results we need appropriately.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community