Discrepancies between Shavlik Protect and Vulnerability Scanners

Version 8

    Purpose

     

    This document will discuss how to resolve discrepancies between the Shavlik Protect patch scan results and the scan results from popular vulnerability scanners.

     

    Description

     

    After scanning, your vulnerability scanner shows several KBs missing, but Shavlik Protect scan results show no missing patches.

     

    Cause

     

    1. Vulnerability scanners can detect security advisories which are not actually patches and therefore cannot be installed. For instance, your vulnerability scanner might detect KB3119884 as needed for your environment, but you will not be able to find this KB when searching View > Patches as it is not an actual patch and therefore will not be supported by Shavlik Protect.

     

    Unable to find KB in Shavlik.PNG

     

     

    2. Vulnerability scanners can detect Security Tools which are filtered out when scanning with the default Security Patch Scan and WUScan Templates.

    3. Vulnerability scanners will sometimes detect patches replaced by newer patches (superseded patches) already installed on the target system or are being detected as needed by Shavlik Protect.

    4. If the KBs detected by the vulnerability scanners are not security advisories, Security Tools or superseded then they many not be supported by Shavlik Protect or there may be a problem with the Shavlik detection.

     

    Resolution

     

    1. If the KB detected by your vulnerability scanner is a security advisory, you will need to go to the security advisory KB article and follow the instructions in the article to eliminate the vulnerability. For example, the KB article for KB3119884  Microsoft Security Advisory 3119884 gives a list of suggested action such as updating your CTL.

    2. If the KB detected by your vulnerability scanner is a Security Tool and you would like to scan and install security tools through Shavlik, open up your Patch Scan Template (or create a new template) and select to scan for Security Tools under the Patch Properties section then save the template.

     

    Scan for security tools - modified.png

     

    3. If the patch being detected by your vulnerability scanner is superseded, you can check if its replacement patch is installed or being detected on your systems by doing the following:

    a) Go to View > Patches.

    b) Make sure that you are viewing all available patches as is mentioned in this document How To: View All Patches, Software Distributions, Security Tools and Service Packs in Protect 9.2 .

    c) Type in the missing bulletin or KB number (type in KB numbers without a KB or Q) into the search field.

    d)  Click the Patch Information tab in the lower window pane of View > Patches then look at the Bulletin ID that replaces the missing patch in the Replaced by section.

     

    Search for missing patch modified.png

     

    e) Once you have the replacement bulletin, you can search for the replacement bulletin in View > Patches to make sure that it is not superseded by following steps a) through d). If the replacement bulletin is current, you can check your scan results to see if patches from that bulletin are installed on your machines or is being detected as missing by Shavlik.

     

    4. If the KBs detected by the vulnerability scanners are not security advisories, security tools, or superseded please submit a case with Shavlik Support.

     

    Affected Product(s)

     

    Shavlik Protect 9.2