Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
760 Views 3 Replies Latest reply: Nov 21, 2012 3:38 AM by ritch RSS
ritch Newcomer 31 posts since
Feb 21, 2012
Currently Being Moderated

Nov 19, 2012 11:15 AM

Odd Behaviour from Asset Reports vs Scan Reports

Hi All.

 

Has anyone else come across this rather strange problem?

 

I have 2 scans, Scan 1 and Scan 2, both have been run a number of times (2nd October and 16th November).

 

When I look at each Scan report I can see that all the high vulnerabilities have gone but when I run an asset report to merge the two scans together I see vulnerabilities from the earlier scans showing up.

 

Cheers guys

 

Ritch

  • jldunn Apprentice 44 posts since
    Jan 6, 2011
    Currently Being Moderated
    1. Nov 20, 2012 2:05 PM (in response to ritch)
    Re: Odd Behaviour from Asset Reports vs Scan Reports

    This may not be your issue, but....

    I have had similar problems when the asset in question has undergone a major upgrade (or replacement) of hardware and/or software.

    The vulnerabilities were present in the old asset version, but are not present in the new asset version.  Another issue could be that MVM's access to the asset (via firewall, or authentication) has changed.  If MVM no longer has access that it used to have, the vulnerabilities will be retained because it 'can't tell' if the vulnerabilities are gone or not.  Looking at the actual vulnerabilities and at older scan reports might give you a clue.

  • jvalverd McAfee Employee 26 posts since
    Feb 19, 2010
    Currently Being Moderated
    2. Nov 20, 2012 2:40 PM (in response to ritch)
    Re: Odd Behaviour from Asset Reports vs Scan Reports

    A scan report will show vulnerabilities found during that specific run of the scan.  If credentials changed, the target was not accessible OR for any other reason the target could not be assessed the scripts would likely return as indeterminate.  When you generate an Asset report you will get an overview of the asset with all known vulnerabilities from all scans combined.   Were the vulnerabilities remediated in anyway?  

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points