5 Replies Latest reply on Aug 23, 2011 6:36 PM by jldunn

    Ignoring vulnerabilities

      Is it just me or is anyone else not satisfied with the reports available in McAfee Vulnerability Manager?

       

      I'm using v7 and havespent alot of time reviewing vulnerabilities and "ignoring" them so they don't appear in reports.  I still find the vulnerabilities in the repoerts.  Grrrr.

        • 1. Re: Ignoring vulnerabilities

          Hi bog,

           

          I've moved your post to our official MVM area for better visibility by other product experts.

          • 2. Re: Ignoring vulnerabilities

            Hi Bog,

             

            What version of MVM are you using?  I just attempted to reproduce this in Version 7.0.1 and I don't see the problem.

             

            To confirm the *correct* behavior here were my steps:

            1.  Ensure Ticketing is enabled for the scan (reports Tab, Remediation Options, "create remediation tickets" is checked)

            2.  Run a scan against a target with known vulnerabilities

            3.  Search Tickets matching the scan name from step 2 above

            4.  Open one of the tickets, and click the radio button for "Change ticket status to..." and choose "Ignored" from the drop-down, click Submit.

            5.  Re-run the scan from step 2 above, view the report, and note the Ignored vulnerability from Step 4 above does NOT appear on the report.

            6.  Copied the scan to another Scan Configuration, ran it, and the ignored Vulnerability isn't showing up on that report either.

             

            Please advise if you're running a different version or if your steps deviate from mine.  if you're still having issues, you should get a support case opened to address it.

             

            -Cathy

             

            < 1/7/2011  at 4:03PM edited to add step 6 >

             

             

            Message was edited by: Cathy Grim on 1/7/11 6:00:58 PM CST
            • 3. Re: Ignoring vulnerabilities

              Hi Cathy,

               

              If you don't have Remediation in Foundstone v6.8, what is the way to exclude (ignore) vulnerabilities for future reports?

               

              Do I need to follow another procedure?

               

               

              Thank you

              • 4. Re: Ignoring vulnerabilities
                mmsmith

                argyris,

                 

                I just had a similar support issue on this and they referred me to this KB:

                https://kc.mcafee.com/corporate/index?page=content&id=KB57729

                 

                You will also need to call support and ask them to send you the FSDBUtil tool. This will give you the ability to exclude specific vulnerability checks globally.

                 

                Michael

                • 5. Re: Ignoring vulnerabilities

                  Hi Bog,

                  It's been months, so I expect you've figured this out by now.

                  Based on my testing and what I've read, 'ignored' tickets (vulnerability instantiations) are 'ignored' (i.e. don't appear on) scan reports.

                  Asset reports are not affected by ignored tickets.  (Or so it seems.)

                   

                  I'll edit or delete this message if I find out differently.

                   

                  J.