Forum Discussion

wootts's avatar
wootts
Iron Contributor
Dec 22, 2021

TVM Refresh

Hi Team

 

is there a way to force a retest / review of vulnerbilities highlighted during the patching and updating of issues.  whilst i see there is a 4 hour window when the scans are repeated (this is helpful if something is online of course).  But with the data containing disconnected hosts and therefore old data it would be good to see what is current and WHAT came is the latest information.   this is probably covered elsewhere but could not find it.   Tks 

  • Hey Wootts,

    Something that helped my team was Microsoft's PowerBI TVM vulnerability report which can be found on their GitHub repo - https://github.com/microsoft/MicrosoftDefenderForEndpoint-PowerBI

    The above link has a Readme within the TVM / TVM report templates directory, and you can get a feel for the setup / output.

    This provided better dashboarding for devices last seen, vulnerabilities, missing Windows security updates, software inventory, etc. This helped with our patch management as it is nearly a one stop shop for devices in our environment, solely cloud native. The report has slicer views which can provide a more granular filter as well.

  • MitchA's avatar
    MitchA
    Copper Contributor

    Hey Wootts,

    Something that helped my team was Microsoft's PowerBI TVM vulnerability report which can be found on their GitHub repo - https://github.com/microsoft/MicrosoftDefenderForEndpoint-PowerBI

    The above link has a Readme within the TVM / TVM report templates directory, and you can get a feel for the setup / output.

    This provided better dashboarding for devices last seen, vulnerabilities, missing Windows security updates, software inventory, etc. This helped with our patch management as it is nearly a one stop shop for devices in our environment, solely cloud native. The report has slicer views which can provide a more granular filter as well.

  • Reza_Ameri's avatar
    Reza_Ameri
    Silver Contributor
    Are you referring to the Windows Update?
    In case you are using Windows 10, updates are cumulative meaning that update will cover all previous vulnerabilities . Instead of updating one by one, you may install one cumulative updates will all previous patches. Sometimes they are emergency patch which are standalone but they will be included in future updates too.
    In case you install any update , you will have they have code like KB<Number> and if you search for it in the Microsoft website, it will show article explaining what is the update and what include.
  • wootts's avatar
    wootts
    Iron Contributor
    thanks for the information - will make sure to use this, it is probably something I have missed but having assets that have not as yet updated since 16th december seems odd - so was more wondering on the refresh rate and also when MDE will allow rescanning of assets to see if vulnerabilities have been updated - such as most platforms do...
    • MitchA's avatar
      MitchA
      Copper Contributor
      I did some testing, and it looks like you can initiate a refresh using MsSense.exe found within C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe. MsSense is the EDR sensor component for Microsoft Defender for Endpoint.

      I share similar frustrations with the product, but it has been a boon for us with the current work environment being strictly remote. It's hard to get off the MS kool-aid once you start drinking it.
      • wootts's avatar
        wootts
        Iron Contributor
        very well worded and agree - its great when it works 🙂 - have a great new year

Resources