I've moved your post to our official MVM area for better visibility by other product experts.
What version of MVM are you using? I just attempted to reproduce this in Version 7.0.1 and I don't see the problem.
To confirm the *correct* behavior here were my steps:
1. Ensure Ticketing is enabled for the scan (reports Tab, Remediation Options, "create remediation tickets" is checked)
2. Run a scan against a target with known vulnerabilities
3. Search Tickets matching the scan name from step 2 above
4. Open one of the tickets, and click the radio button for "Change ticket status to..." and choose "Ignored" from the drop-down, click Submit.
5. Re-run the scan from step 2 above, view the report, and note the Ignored vulnerability from Step 4 above does NOT appear on the report.
6. Copied the scan to another Scan Configuration, ran it, and the ignored Vulnerability isn't showing up on that report either.
Please advise if you're running a different version or if your steps deviate from mine. if you're still having issues, you should get a support case opened to address it.
< 1/7/2011 at 4:03PM edited to add step 6 >
If you don't have Remediation in Foundstone v6.8, what is the way to exclude (ignore) vulnerabilities for future reports?
Do I need to follow another procedure?
I just had a similar support issue on this and they referred me to this KB:
You will also need to call support and ask them to send you the FSDBUtil tool. This will give you the ability to exclude specific vulnerability checks globally.
It's been months, so I expect you've figured this out by now.
Based on my testing and what I've read, 'ignored' tickets (vulnerability instantiations) are 'ignored' (i.e. don't appear on) scan reports.
Asset reports are not affected by ignored tickets. (Or so it seems.)
I'll edit or delete this message if I find out differently.