2 Replies Latest reply on Mar 8, 2017 11:31 AM by anthony.swanson

    MS15-124 not seen in scans

    tompetro Rookie

      Our security group identified a vulnerability using their Nessus tool. It was for MS15-124 and directed me to install an Easy Fix from Microsoft. This worked but management is questioning why our protect scan, which include IE and all levels of security patch, did not pick up the issue in our monthly run.

        • 1. Re: MS15-124 not seen in scans
          anthony.swanson SupportEmployee

          Hello,

           

          Looking at MS15-124, this patch has been superseded quite a few times over. I would check to see if any of the superseded patches have been installed onto the affected machines. Depending on the version of IE installed, it's likely that you've installed the Security Bundle updates for IE since this patch has been released and it's now being effectively installed due to the patch being superseded so many times. My recommendation to look at this patch would be to create a patch group and scan template to isolate a scan for this item.

           

          How To: Include or Exclude Specific Patches in Scan Results

           

          When creating your scan template, on the 'General' tab, make sure to check the box for 'Both missing and installed patches' as well as the box for 'Include effectively installed patches' to ensure you are capturing as much data as possible.

           

          Worst case scenario is that we may need to run a DPDTrace to get some enhanced scanning and see further what we are detecting on one of the affected machines.

           

          Thanks!

           

          Anthony    

          • 2. Re: MS15-124 not seen in scans
            anthony.swanson SupportEmployee

            Hello,

             

            I also wanted to point this document out that goes over some of the big differences we see between vulnerability scanners like Nessus and MBSA compared to our scanning detection.

             

            Discrepancies between Shavlik Protect and Vulnerability Scanners

             

            Thanks!

             

            Anthony