Microsoft Store Apps not detected by Defender TVM

Brass Contributor

Hi,

 

Anyone know why Microsoft Store Apps are not detected by Defender TVM? We recently undertook an external pen-test of some clients and we multiple CVEs in the Microsoft Store Apps.

 

Turns out that Defender TVM doesn't inventory those applications or detected the CVEs which surprised me. The Nessus agent provided greater depth of vulnerability information on the devices under assessment than the data being reported in Microsoft.

 

Makes me wonder what else is being missed.

2 Replies

Hi @MikeP751860,

Why Microsoft Store Apps are not detected by Defender TVM

There are a few reasons why Defender TVM may not be detecting Microsoft Store Apps:

  • Microsoft Store Apps are packaged differently than traditional Win32 applications. Microsoft Store Apps are packaged as AppX packages, which are a bundle of files that includes the application's code, resources, and manifest file. Defender TVM may not be able to scan AppX packages for vulnerabilities in the same way that it scans traditional Win32 applications.
  • Microsoft Store Apps are subject to different security restrictions than traditional Win32 applications. For example, Microsoft Store Apps are sandboxed and cannot access certain parts of the operating system. This may make it more difficult for Defender TVM to scan Microsoft Store Apps for vulnerabilities.
  • Microsoft Store Apps are updated regularly. Microsoft releases new updates for Microsoft Store Apps on a regular basis. These updates may include security patches to address known vulnerabilities. Defender TVM may not be able to keep up with the latest updates to Microsoft Store Apps, which could lead to vulnerabilities not being detected.

How to improve Defender TVM detection of Microsoft Store Apps

There are a few things that you can do to improve Defender TVM detection of Microsoft Store Apps:

  • Make sure that Defender TVM is up to date. Microsoft releases new updates for Defender TVM on a regular basis. These updates may include improvements to the detection of Microsoft Store Apps.
  • Enable Microsoft Defender Application Guard. Microsoft Defender Application Guard is a security feature that isolates Microsoft Edge from the rest of the operating system. This can help to protect users from malicious websites and applications. Microsoft Defender Application Guard also includes support for scanning Microsoft Store Apps for vulnerabilities.
  • Use a third-party vulnerability scanner. If Defender TVM is not detecting all of the vulnerabilities in your Microsoft Store Apps, you may want to consider using a third-party vulnerability scanner. There are a number of third-party vulnerability scanners available, both commercial and free.


Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.


If the post was useful in other ways, please consider giving it Like.


Kindest regards,


Leon Pavesic
(LinkedIn)

@MikeP751860 

technonath_0-1708766183461.png

 

I found the same when testing the product, it wasn't just store apps that it didn't detect, but also 10 year old vulnerabilities like the win padding CVE . I opened a support ticket and after 3 months I got nowhere, they just said that there were things that it did not detect. I asked for a list of limitations and never got anywhere and they have tried to hide the issue by deleting the github page where i raised the lack of this information in the documentation too. Here is my list of some of the ones that tenable finds that MDVM does not find.

 

Did you ever get any further or did you give up on MDVM ?