4 Replies Latest reply on Oct 15, 2012 9:48 AM by drewgtr3

    Foundstone- Presence of AV Vulnerability Assessment

    drewgtr3

      Hey everyone,

       

      I presented this question to platinum support to no avail and was basically told I was out of luck on it.  I was hoping someone in the community might of ran into the same issue and found either the solution or a workaround.

       

      I am attempting to generate an asset report from a scan in foundstone to check for the presence of AV on quite a few servers.  I have found the vuln check sets that check for the version or version & hotfix but thats the reverse of what I need.  I need to get a report detailing what devices do NOT have AV installed.  In the case that say someone created a VM from a template that had no AV or something similar.  I can use thoe above mentioned assessment but that returns a huge list of devices with it making it near impossible to locate the ones that don't have anything installed.

       

      Has anyone else ran into this issue and found anything on it?

       

      Thanks!

      Andrew

        • 1. Re: Foundstone- Presence of AV Vulnerability Assessment

          Hi Andrew,

           

          What Anti-Virus are you referring to?  We're probably not going to have content that tells you if your *someothervender* AV is installed, but we do have some content around McAfee VirusScan.  Like what about the Real-Time Detection Enabled script?  If not enabled = vulnerable.

           

          And if we don't have the specific content you need,  MVM lets you create your own.  Writing a new FSL Script to look for a registry entry would probably do the trick, and if you need help with custom content I'm sure McAfee Professional Services can help.  If you have Policy Auditor,  you can create a quick script to check the registry or file system using the PAAC Tool.

           

          You have lots of options...

           

          -Cathy

          • 2. Re: Foundstone- Presence of AV Vulnerability Assessment
            drewgtr3

            Hey Cathy,

             

            Thanks for the quick reply.  I am attempting to execute a check to see if McAfee VSE resides on these servers.  I know there are other checks as in installation version, dat version, real-time detection enabled, etc but none fit my needs.  I basically am just trying to find out if some servers AV protection was overlooked when they were first setup. 

             

            Funny you mention those extra tools, Platinum support never gave me that info.  Do you happen to have any documentation or links to documentation that could help me get started on the FSL Scripts?

             

            Thanks!

            Andrew

            • 3. Re: Foundstone- Presence of AV Vulnerability Assessment

              Hi Andrew,

               

              Who's your Platinum contact?  I will let them know to get you all the relevent FSL scripting materials.  It's only avialable under NDA, so the process is to get an SR opened, NDA confirmed, info's provided.

               

              -Cathy

              • 4. Re: Foundstone- Presence of AV Vulnerability Assessment
                drewgtr3

                Hey,

                 

                 

                Nina_Khachatourian@McAfee.com is our account manager. 

                 

                Thanks!