5 Replies Latest reply on Jun 8, 2012 5:49 PM by cgrim

    Vulnerabiltiy Identification and Recommendation Mechanism

      Hello All,

       

      How does McAfee MVM identify a vulnerability and provide a recommendation ?

       

      If I am to make a guess, then through it would check for certain file version and/or registries lookup, etc.

       

      Does it look into what OS and SP level are there and based upon provide it's recommendation ?

       

      For Example: Vuln id: 9612 for MS10-046 identifies the vulnerability on Windows 2000, XP, Server 2003, Win 7. All in same fashion.

       

      It states the same recommendation for all machines (irespective of any OS version or SP level) stating that there is a patch available.

      But the truth is there is no patch available for this vulnerability for Window 2000 or Windows XP SP2. As these have reached are EOL.

       

      Can McAfee please upgrade there Vulnerability Identification & Recommendation Mechanism where it should look at whether OS is supported by the vendor or not ?

      And on that bases provide recomendation whether a patch is available or not.

      Please let me know if I have stated anything incorrectly.

      Best Regards,

       

      Hirak