Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
613 Views 2 Replies Latest reply: May 29, 2013 2:25 PM by John M Sopp RSS
ed87 Newcomer 13 posts since
Nov 29, 2012
Currently Being Moderated

Apr 30, 2013 1:17 PM

MVM and MBSA Results Differ

Our security team uses MVM to scan servers.  Our server team uses MBSA to check for missing Microsoft patches.  These two reports never seem to be the same.  How are people dealing with this?

  • Community Leader 479 posts since
    Nov 3, 2009
    Currently Being Moderated
    1. Apr 30, 2013 2:50 PM (in response to ed87)
    Re: MVM and MBSA Results Differ

    Hi ed87,

     

    I'm not sure how *real-world* folks handle it for sure... I expect it's by using a combination of the results provided by MBSA + Vuln Scanners to remediate any vulnerabilities.  I will tell you what I DO know:  MBSA reports exactly what patches are needed for your specific OS+Patch Level.  MVM on the other hand scans the target for any known vulnerable files.  So, you may be fully patched in MS's mind, but still have a vulnerable and exploitable .dll or something on your system - which MVM will FLAG as Vulnerable.

     

    I hope that helps, and hopefully/maybe some of my real-world customers will chime in :-)

     

    have a great day!
    Cathy

  • John M Sopp The Place at McAfee Member 88 posts since
    Nov 17, 2009
    Currently Being Moderated
    2. May 29, 2013 2:29 PM (in response to cgrim)
    Re: MVM and MBSA Results Differ

    Cathy-Exactly right.

    No real good way to deal with this though as of yet except in the case of Unsupported software.

    There are many cases when the vendor stops producing patches for certain versions of their software.

    Microsoft tools will often show that the software is patched or patch is not applicable, while MVM identifies the software as being vulnerable-and it is!

     

    In this case we do a cross reference of the vulnerabilities with a known unsupported software list-and recommend that the version be upgraded to a fully patched and supported version.(Microsoft .Net framework is one glaring example of this..)..

     

    Mcafee has since added a new category of informational checks which help identify End Of Life and Obsolete software to help tie everything together-I don't have any good way of automating this...

     

    on 5/29/13 3:29:17 PM EDT

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points