Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

CVE detection mechanism

Copper Contributor

Hello everyone,

 

I have a question about the CVE's displayed in the risk assessment report.

 

According to the documentation the list of CVE's is generated based on the detected devices. Does the IoT Defender displays the CVE's based on patch or software version?  Or does it display CVE's associated with the detected device without further filtering? 

 

In other words: How to exclude false positives? COuld you give me more information or sources about this matter?

 

Thank you so much! Have a great day!

 

Kind regards,

Vanina

 

 

3 Replies

@VaninaYord 

CVEs are shown according to device and OS. In case you patch the vulnerability or its false positive it can be excluded via data mining.
1)Open CVEs report in data mining
2)Edit admin mode and
3)Select CVEs which needs to be excluded and exclude CVEs

You will find excluded CVEs in Exclude CVE report in data mining

@Haaris_Faizan ,

 

Thank you for your response! 

Could you elaborate on "CVEs are shown according to device and OS."? Will this mean that if I patch a vulnerability and run a scan again the software will detect the change and not show the CVE? 

 

Greetings,

Vanina

best response confirmed by VaninaYord (Copper Contributor)
Solution

@VaninaYord 
Device and OS means like if its Windows XP,Windowsn 10 ,Windows Server 2016 etc.
Sensor will not detect whether you patch or you don't because it doesn't scan. It just shows you CVEs with respect to each OS and device and then we have to exclude manually from the report.
If you apply a patch it will not detect those changes because it doesn't scan so only option is to exclude after patching

1 best response

Accepted Solutions
best response confirmed by VaninaYord (Copper Contributor)
Solution

@VaninaYord 
Device and OS means like if its Windows XP,Windowsn 10 ,Windows Server 2016 etc.
Sensor will not detect whether you patch or you don't because it doesn't scan. It just shows you CVEs with respect to each OS and device and then we have to exclude manually from the report.
If you apply a patch it will not detect those changes because it doesn't scan so only option is to exclude after patching

View solution in original post