Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
2162 Views 3 Replies Latest reply: Jul 16, 2013 8:49 AM by rtegtmeyer RSS
rlourenco Newcomer 15 posts since
Dec 22, 2010
Currently Being Moderated

Dec 22, 2010 5:34 AM

Foundscore does not match between MVM 7 SP1 and ePO 4.5 SP3

Hi Guys

 

I have an issue at a large customer of mine.  They have MVM 7 with SP1 and ePO 4.5 with SP3 and it seems that the FoundScores do not match between the products.  If you draw reports and check the foundscore in MVM for a particular machines, and then check the FoundScore in ePO they are not the same.

 

I believe as well as the customer that they should match as it gathers this data from Foundstone.

I have done MVM imports continuously.  the MVM server is registered, the extension is installed, the FC agents are connected, etc.

 

Any ideas why this may happen?

  • jhaynes Community Leader 224 posts since
    Nov 3, 2009

    Ok here is the scoop.

     

    ePO is asset based and reports the average Foundscore of each asset. When the Founstone import into ePO pulls the asset information it calculates the Foundscore of each asset based on the vulnerabilities known at that time. The ePO data is only as accurate as your latest import.

     

    Foundstone calculates the Foundscore based on the entire environment scanned.

     

    So let me try and makes sense of this.

    On a specific scan there is a limit on to how much you are going to get dinged on your Foundscore in MVM. For instance if you scanned 10,000 targets and we found 6 high vulns on each target we will deduct the max and no more.

     

    In ePO there no limit on how  much your Foundscore will get dinged so generally the ePO score is lower that the one in MVM.

     

    This has lead to some confusion in the past and we are working on a solution for that. I don't have an eta on the solution or any idea as to what the solution is going to be. I can say that this isn't a bug, but sometimes when things are working as designed they may not be working as desired. This is one of those times.

     

    The bottom line is that those scores currently are not supposed to match.

     

    Jeff Haynes

  • rtegtmeyer Newcomer 12 posts since
    Aug 12, 2011

    Hi gents, same here, created 3-3173731913, in which I will refer to this bulletin. We aim to utilize ePO5 as the only dashboard for enterprise risk reporting (of the whole thing basically), meaning we do need to have a match that is solid. I can create all the individual delat reports with like 4 months back including all the respective moves and changes in MVM - but not in ePO, as the scores are not matching (hence we cannot use ePO).

     

    I read above a post date of 2010, which is 2,5 years ago. So allow me to ask if anything happened yet?

     

    Brgds, and have a great day!

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points