1 Reply Latest reply on Jul 10, 2014 3:14 PM by user83

    Creating a custom vulnerability set

    rwitkowski

      I was trying to create a custom adhoc vulnerability set to detect the Openssl vulnerability using FASL's 16680 &16681. I enabled just those two and disabled all others. The scan fails to detect vulnerable systems, but my normal monthly scan set is able to. Am I missing required FASL's??  Using MVM 7.5.6

        • 1. Re: Creating a custom vulnerability set
          user83

          rwitkowski, are you still having this problem?  One item you might want to look at are associated ports being flagged in your full scan.  If those ports aren't included in the 16680 or 16681 check then they won't flag when you run a scan just based on those two checks.

           

          A potential workaround to this is to setup your services detection to detect HTTPS running on non-standard ports.  This will allow your HTTPS related checks to run against any port identified as running HTTPS