Forum Discussion

VaninaYord's avatar
VaninaYord
Copper Contributor
Mar 15, 2022
Solved

CVE detection mechanism

Hello everyone,   I have a question about the CVE's displayed in the risk assessment report.   According to the documentation the list of CVE's is generated based on the detected devices. Does th...
  • Haaris_Faizan's avatar
    Haaris_Faizan
    Mar 15, 2022

    VaninaYord 
    Device and OS means like if its Windows XP,Windowsn 10 ,Windows Server 2016 etc.
    Sensor will not detect whether you patch or you don't because it doesn't scan. It just shows you CVEs with respect to each OS and device and then we have to exclude manually from the report.
    If you apply a patch it will not detect those changes because it doesn't scan so only option is to exclude after patching

VaninaYord's avatar
VaninaYord
Copper Contributor
Mar 15, 2022

Haaris_Faizan ,

 

Thank you for your response! 

Could you elaborate on "CVEs are shown according to device and OS."? Will this mean that if I patch a vulnerability and run a scan again the software will detect the change and not show the CVE? 

 

Greetings,

Vanina

Haaris_Faizan's avatar
Haaris_Faizan
Brass Contributor
Mar 15, 2022

VaninaYord 
Device and OS means like if its Windows XP,Windowsn 10 ,Windows Server 2016 etc.
Sensor will not detect whether you patch or you don't because it doesn't scan. It just shows you CVEs with respect to each OS and device and then we have to exclude manually from the report.
If you apply a patch it will not detect those changes because it doesn't scan so only option is to exclude after patching

Resources