/build/static/layout/Breadcrumb_cap_w.png

Security Question


K1000 OVAL Scan not excluding winsxs Folder

09/08/2017 848 views
Hi guys,

recently we started using the OVAL Scan and were wondering why the Vulnerabilites wouldnt go down on our machines, eventhough the neccesary patches were installed on them.
We checked the requirements for some CVEs and found out (e.g. for SMB Wannacry Vulnerabilities) that the scan searches for the file "srv.sys" and whether it has the latest file version. It was in the correct location of %windir%\system32\drivers with the latest version in all 8 tested machines, however all of those were still marked as vulnerable

We found out that the same srv.sys file is still within the %windir%\WinSxS folders several times, just without any information on the file version. So our guess is, that this is the cause why the OVAL Scan results still mark these machines as vulnerable.

Is there a way to exclude the winsxs folder from the Oval Scan or is there something we are doing wrong?

Thanks for any input on this matter
0 Comments   [ + ] Show comments

Comments


Be the first to answer this question

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more:

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ