Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
874 Views 6 Replies Latest reply: Nov 16, 2012 10:49 AM by vfguy11 RSS
vfguy11 Newcomer 25 posts since
Oct 17, 2012
Currently Being Moderated

Nov 9, 2012 11:35 AM

supressing vuln checks

Is it possible to supress reporting of vulns for which there are no known patches?

 

I'd like to clean up the report that is generated to not show 20+ vulns for which there are no fixes.

 

Also, I'd like to know if there is the possibility to create an "exclusion list" for vulns for which we have granted exemptions.  I still want to scan for them, just not report them.

 

Thanks.

  • subhani Newcomer 28 posts since
    Dec 14, 2009
    Currently Being Moderated
    1. Nov 10, 2012 6:26 AM (in response to vfguy11)
    Re: supressing vuln checks

    HI , there are multiple ways . First ,you can go and uncheck the check itself  from Scan Configuration .This is the best Option .Secondly ,use the ticket generation option and than close the tickets by setting their status to Ignored .In that case ,no tickets will be generated  for future scans.

  • devilson911 Newcomer 78 posts since
    May 28, 2007
    Currently Being Moderated
    3. Nov 12, 2012 11:31 AM (in response to vfguy11)
    Re: supressing vuln checks

    Hi,

     

    fromy my exprince you will never end by removing the signature that dosent have fix information also you nedd time to time review the removed signature to see if any updates on the recomendation.

     

    i have log a support request and they ask to raise FMR for this feature and hope to see it in future release.

  • jldunn Apprentice 44 posts since
    Jan 6, 2011
    Currently Being Moderated
    5. Nov 14, 2012 2:31 PM (in response to vfguy11)
    Re: supressing vuln checks

    If you're new to MVM and the 'fix available or not' issue, you'll want to see John's post from January on

    'How do you do it: Reporting Vuls with Patches available vs vulns without patches available.'

    You may see the link over on the right under 'More Like This.'

     

    With regards to the ticketing system:

    'Ignoring' a ticket will cause a vulnerability to no longer show up in a scan report, at least until the ticket ages out. (That is my understanding; someone can correct me if I'm wrong.)

    However, the vulnerability will still show up in an asset report.  In other words the ticketing system can help you to adjust the results of scan reports, but not asset reports.  That gives you one report that shows the 'ignored' vulnerability, and one that doesn't, which is sort of what you were saying you want.

     

    Another feature you might be interested in is/are the McAfee non-superceded patch vulnerability sets.  See John's thread (the one I mentioned above) for more discussion of that.

     

    J. Dunn

     

    Message was edited by: jldunn on 11/14/12 2:22:16 PM CST to add mention of the other discussion and for clarity.

     

    on 11/14/12 2:31:14 PM CST

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points