Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1227 Views 3 Replies Latest reply: Dec 6, 2012 12:54 PM by craig.carrigan RSS
craig.carrigan Newcomer 11 posts since
Jan 10, 2011
Currently Being Moderated

Dec 4, 2012 1:14 PM

MVM 7.5 Scan Summary report inaccurate

I have have Installed MVM 7.5 and have it running on new servers next to my MVM 7.0. I was very unhappy to see the Scan Summary from MVM 7.0 go away, But, I have learned to like the new summary as pictured below

MVM1.PNG

 

My Managment logs into the MVM and looks around at scan summaries now and then, and I use this as part of a summary report I make for distribution to Admins.

 

There seems to be an issue with the reporting in this summary.

 

This summary is of a weekly scan I have been running for a couple months. As you can see if shows 7 High Vulnerabilities found when it ran this morning.

 

The full HTML report Shows 1 High Vulnerability from the last scan

 

MVM2.PNG

 

The only place that there are 7 High Vulnerabilities in this scan is in the Ticketing Database

, But they are all Either Accepted Flase Positives or Closed, except for the new one discovered and assigned a ticket this morning.

 

MVM3.PNG

 

MVM 7.0 would not report vulnerabilities if they were false positive acknowledged in the old Summary.

 

Is there a way this can be fixed. This summary has become very useful, but it does not seem to be reporting accurate data, or I am broken.. I am hoping it is not me :-)

  • John M Sopp The Place at McAfee Member 88 posts since
    Nov 17, 2009
    Currently Being Moderated
    1. Dec 5, 2012 8:43 AM (in response to craig.carrigan)
    Re: MVM 7.5 Scan Summary report inaccurate

    We have seen a simliar issue, but the root cause of ours is that IP addresses from other hosts are being associated with one asset. None of these hosts are related, and it appears to be a major bug. We have an SR open to get some insight, determine root cause, and lobby for a fix.

  • Community Leader 479 posts since
    Nov 3, 2009
    Currently Being Moderated
    2. Dec 5, 2012 2:59 PM (in response to craig.carrigan)
    Re: MVM 7.5 Scan Summary report inaccurate

    Hi Craig,

     

    I want to be sure I understand your issue...

     

    You're concerned because the Scan Status Summary (pictured above) shows 7 High Risk Vulns.

    After the scan completes and goes thru all the post processing, MVM determines 6 of those Vulns were Remediated somehow (False Positive Ack and/or Closed), and the HTML Report displays the *Correct* info.

    So, everything other than the Scan Status is as you would expect/want?

     

    If my understanding above is correct, then this is by design, and I don't anticipate the behavior can or will be changed without a major product redesign.  The Scan Status displays the information as it's received by the Engine, and before we do any reconciliation of IPs/Assets/etc. (in your case False Positive Ack).

     

    So, it's not broken... just not as you'd expect.

     

    Have you ever submitted a Product Enhancement Request?  Now might be a good time to do it.  You can submit it for both issues:

    1.  Want/need to get the Scan Summary option back into the GUI

    2.  Want the Scan Status to get updated after end of job processing

     

    You can get to the PER site from either of these links:


    Or: https://community.mcafee.com/groups/mvm-news click on the Submit Feature Request button

    Or directly at: https://mcafee.acceptondemand.com/index.jsp?path=/login-external.jsp

     

    I hope that helps!
    Cathy

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points