Well technically support was correct but it could have been explained better.
- If the appliance doesn't have access to download sus updates to patch the OS from the Internet then yes any new vulnerabilities that are discovered since the release of the appliance will not be patched.
- When support said you shouldn't scan the MVM Appliance what they meant is that you shouldn't scan a scan engine with itself. Example: If the IP Address of your scan engine was 300.1.3.5 you would not want to scan IP Address 300.1.3.5 from that engine. You can scan IP 300.1.3.5 from any other engine though.
If we have MVM appliances do we need to run Windows Update on them each month or do the appropriate OS patches get pushed to the appliances through FSUpdate?
Just had a case open for this. Appliances get SUS updates from McAfee (KB search helps for the URL), software installations on W2K3x and W2K8x will get them from Microsoft. Same for SQL. Appliance = McAfee, software installation from Microsoft.