K1000 OVAL Scan not excluding winsxs Folder
09/08/2017 848 views
recently we started using the OVAL Scan and were wondering why the Vulnerabilites wouldnt go down on our machines, eventhough the neccesary patches were installed on them.
We checked the requirements for some CVEs and found out (e.g. for SMB Wannacry Vulnerabilities) that the scan searches for the file "srv.sys" and whether it has the latest file version. It was in the correct location of %windir%\system32\drivers with the latest version in all 8 tested machines, however all of those were still marked as vulnerable
We found out that the same srv.sys file is still within the %windir%\WinSxS folders several times, just without any information on the file version. So our guess is, that this is the cause why the OVAL Scan results still mark these machines as vulnerable.
Is there a way to exclude the winsxs folder from the Oval Scan or is there something we are doing wrong?
Thanks for any input on this matter
Be the first to answer this question