Forum Discussion

An_admin_123's avatar
An_admin_123
Copper Contributor
Oct 05, 2023

Finding software listed under Security Recommendations

A list of devices exposed to a weakness caused by out of date software is not useful if I can't determine where the software it's complaining about is installed.

 

I select a device on the inventory at https://security.microsoft.com/machines?category=endpoints, then go to Security Recommendations and I can see that it suggests I update Teams, for example.  I check the device in question and Windows says Teams isn't installed.

 

There are options to open a Software Page which just gets me a page about Teams with no useful information or to open Full Recommendation which shows among other things a list of Exposed Devices.

 

Great, I think - I can see why it thinks Teams is installed.  I select the device from the list and it takes me back to the device page I was on earlier.

 

How do I get this car crash of an interface to tell me why it thinks a piece of software is installed on a device, for example where it found the program file it's complaining about?

  • Hi An_admin_123,

    When you're on a device, and press 'Security Recommendations', and click 'Update Teams' for example, click this which opens the tab on the right hand side, this will tell you the CVE associated with the vulnerability as well as a 'Report Inaccuracy' button.

    It's also important to note that if a device doesn't have the application, it could be a vulnerable library or dependancy - before reporting inaccuracy's, I'd suggest just checking out the CVEs and seeing what the vulnerability is.

    Are you getting this with all vulnerabilities or just a handful?
  • exss's avatar
    exss
    Copper Contributor
    Hi An_admin_123,

    When you're on a device, and press 'Security Recommendations', and click 'Update Teams' for example, click this which opens the tab on the right hand side, this will tell you the CVE associated with the vulnerability as well as a 'Report Inaccuracy' button.

    It's also important to note that if a device doesn't have the application, it could be a vulnerable library or dependancy - before reporting inaccuracy's, I'd suggest just checking out the CVEs and seeing what the vulnerability is.

    Are you getting this with all vulnerabilities or just a handful?
    • An_admin_123's avatar
      An_admin_123
      Copper Contributor
      Thanks, I've seen the CVE pages. They don't really help with what I need to do, just obscure descriptions and links to other pages.

      I did however eventually find the Software Inventory where for certain items there's a file path for what they have listed and in the case of Teams at least it seems it's in AppData\Local despite my having uninstalled it. Just an uninstaller not cleaning up properly, sadly familiar.

      That's helping, there are others but they often just have a registry path for locating the problem software. It's not great but it gives me a start.

Resources