9 Replies Latest reply on Sep 13, 2011 5:15 PM by cgrim

    Foundscore issues

      Hello,

       

       

      I am experiencing problems with Foundscore on my scan reports. It's stuck to 30 no matter the number and grade of the vulmnerabilities detected... Even when a single vulnerability is detected, Foundscore ends up again in 30!?

       

      In another case, I had the same number and type of vulnerabilities detected on the same host by 2 different reports. The one report had a score around 80 and the last one had it at 30... This started to happen after I manually updated the products from the server box.

       

      How can I check whether something was misconfigured by accident regarding to my issue? And of course, how can I fix it so that Foundscore is closer to reality?

       

       

      Thank you

        • 1. Foundscore issues
          jhaynes

          Oh a Foundscore question.....those are complicated. Please open a service request on this one and I'll make sure it gets looked at right away.

           

          Jeff Haynes

          • 2. Foundscore issues

            I did it Jeff. But I filled "other" in OS field and I am not sure if I filled all of the fields correctly.

             

            Anyway, my service request is 3-1424834711

             

             

            I would appreciate all the assistance in this I can get.

             

             

            Thank you very much!

            • 3. Re: Foundscore issues
              beatles13cfpb

              Hi argyris,

               

              I have the same error. Did you receive some answer to this problem ?. I would be very thankful if you could give me some suggestions to fix it.

               

              Regards

               

              Message was edited by: beatles13cfpb on 3/9/11 2:00:14 PM CST
              • 4. Re: Foundscore issues

                Hi,

                 

                I am not ended up with a solution from the support team yet but they told me that their backend support will investigate on this. I had to send them my foundstone box logs and then, a doc file showing with some screenshots or reports' parts the issue I am dealing with.

                 

                I hope they find the cause soon

                 

                But I agree with Jeff. It's better if you open a service request in their support page. It seems to be a complicated matter to resolve on your own.

                 

                 

                Regards

                • 5. Re: Foundscore issues
                  beatles13cfpb

                  Hi argyris,

                   

                  I opened a service request, and I had the same answer that their backend suppot team is lookink for a solution, but they I have no answer from them. I hope they find the cause and fix this problem soon.

                   

                  Thanks anyway.

                   

                  Regards

                  • 6. Re: Foundscore issues

                    Hi,

                     

                     

                    Did you have any update on this? What I received from their support team was that I had possibly misunderstood the way FoundScore is calculated and interpreted...After providing them with anything they requested (reports, screenshots, logs), they replied back with that... It was a bit frustrating but I tried to keep it in  professional context

                     

                    I just explained them that there is no correct calculation ever when all of my reports show the same score no matter the number of High (for example) vulnerabilities they have! I gave them 2 very clear examples. One report had around 120 High vulns and the other had around 10 but they both had the same score!!??

                     

                    We will see how it ends...

                     

                    Could you please tell me if you have also problems with the description of the vulnerabilities on the reports?? My reports, even after a manual update on Foundstone, show me "No translation available"  in the Vulnerabilty section.... So, I know I have a specific numbher of High or Medium vulns but I have to use the Reports > Alert on the web-interface of Foundstone to be able to check the details of them so I can fix them...

                     

                     

                    Regards

                    • 7. Re: Foundscore issues
                      beatles13cfpb

                      Hi,

                       

                      I have the same answer about not understanding the Foundscore calculation. After that answer I send a very descriptive mail with the reports showing the same problem as yours, and I am still waiting a real answer to fix this problem from the McAfee Support.

                       

                      I have no other problems with reports. I hope you can fix the problem with description of vulnerabilities.

                       

                      Please let me know if you receive some answer to this problem.

                       

                      Regards

                      • 8. Re: Foundscore issues

                        You guys getting any answers? 

                        • 9. Re: Foundscore issues

                          Apparently multiple foundscore descrepencies were found as a result of the Service Request opened by "argyris".

                           

                          there were some issues about when MyFoundscore was displayed/used, along with when the deductions are applied.

                           

                          These issues will be resolved in the next patch, which is due to come out early next quarter.

                           

                          if you have a specific question/problem, please open a Service Request to have it addressed.

                           

                          Thanks!
                          Cathy