1 Reply Latest reply on Jul 25, 2014 1:33 PM by user83

    Scanning a server with only selected vulnerabilities

    fansari_99

      Hi All,

       

      I have couple of questions regarding MVM 7.5

       

      1. Is it possible to automatically trigger a scan whenever the vulnerability database is updated and it has checks or signatures for High Vulnerabilities?

       

      2. Is it possible to scan a server only for "High Severity Vulnerabilities"

       

       

      Thanks,

       

      Farhan

        • 1. Re: Scanning a server with only selected vulnerabilities
          user83

          Not sure I fully understand what you are trying to do with item 1, are you tryingto have a scan automatically start whenever a check is updated or added tothe MVM?

           

          As for item 2, there are a couple of ways you can do that.  If you want tohave multiple scans use this policy, I would recommend creatinga custom scan template.  However, if it is just for one scan, you can justmodify the Vulnerability section to just leverage all the High checks.  Each solution follows the same steps just indifferent areas.  A custom scan templateis created through the global admin interface, while you can just create new ormodify an existing scan for the other method.

           

          To do this navigate to the "Vuln Section" under the "Settings"tab.  There make sure "Do not use a Vuln Set" is selected at thetop.  To be safe, I would deselect all checks, you can do this by justunchecking the top level tree (IE - Non-Intrusive).  Then at the bottomyou can use the "Search By" function to filter all checks by RiskLevel -- High.  Once that filter is in place, check the top level tree (IE- Non-Intrusive).  This should just select those Vulnerabilities beingdisplayed, which are all the highs.

           

          Remember, this only works for a single point in time.  As MVM gets new checks, thosewould not be part of the scan template.  If you want to automate this, youwould have to write an SQL Agent that runs after an update, or at specific timeintervals.  However, be careful as modifyingthe database may have an impact on your support with McAfee.  I would always recommend talking to yoursupport POC before making such changes.