This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

→ 🚀Are you a Lansweeper Champion?! Join our Contributor Program Sign up here!

Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

New Preview Capability - Security Vulnerabilities

IainCaldwell
Lansweeper Employee
Lansweeper Employee

‎07-08-2022 10:11 AM - last edited on ‎06-14-2023 08:04 PM by Community Manager

Lansweeper is delighted to announce new capabilities in the security vulnerabilities space. Building on the foundations of our world-class scanning technology Lansweeper has enhanced our software scanning to normalize and enrich with NIST standard naming and identification. This enables Lansweeper to offer value add capabilities matching clients' software against NIST vulnerabilities databases.

This is a preview feature and will be iterated frequently over the next few months before the official release. Please use this space to give suggestions +ve or -ve to help us improve the product.

78 REPLIES 78
Tyler
Engaged Sweeper

‎05-15-2023 11:52 PM

I'm noticing that a lot of vulnerabilities are being reported for servers that have the CVE patches installed.  Mostly with server 2012 r2.  Almost every 2012 server reports handfuls of vulnerabilities.  All servers are up to date, and I've even downloaded the specific KB update, installed it, waited a day or two, and that machine will still be reported as having that vulnerability, is there a step or issue im missing?

0 Kudos
IainCaldwell
Lansweeper Employee
Lansweeper Employee
In response to Tyler

‎05-18-2023 11:08 AM

Hi @Tyler 

Since we implemented our mapping to the NIST list we've realised that the version number in NIST isn't specific enough to recognise changes (patches).  A lot of the entries are at the major version level which then leads to a lot of false +ves.  As a result we have put focus on other sources we can use to augment that core list - the primary one being a Microsoft list (Microsoft isn't the only areas we see gaps but its the one most visible due to the higher usage).
We have this in testing just now and expect the improvements to be included in our D-Launch mid to end June.

Sorry, and thanks for your patience.

Cheers Iain

leescott83
Engaged Sweeper
In response to IainCaldwell

‎06-22-2023 10:35 AM

Any update on the this? The June update is out and we still have the issue of Lansweeper not detecting cumulative updates correctly and showing vulnerabilities that were patched years ago.

James12
Engaged Sweeper II
In response to leescott83

‎06-28-2023 11:41 AM

I agree its absolute disgrace, we will be reducing our licence on renewal, we upgraded our licence on the basis that feature  it was just leaving beta and was good to go,  6 months later it finally left beta and still can't handle basics like cumulative updates.

0 Kudos
Cole
Engaged Sweeper II
In response to James12

‎06-28-2023 02:32 PM

I also upgraded our license specifically for the vulnerability assessment. Very disappointed I can even use it or trust it to be correct. 

0 Kudos
Esben_D
Lansweeper Employee
Lansweeper Employee
In response to Cole

‎07-10-2023 12:09 PM

Hey Cole, we're aware of some issues, you can find more info here: https://community.lansweeper.com/t5/product-conversations/vulnerability-risk-assessment-performance-... 

However, if you have specifics about your problem you would like to share, I'd recommend contacting support so they can validate whether you're experiencing the same issue.

0 Kudos
DonMario73
Champion Sweeper
In response to Cole

‎06-28-2023 04:08 PM

I read about this new acquisition from Lansweeper.  Seems like it will help to improve the risk insights currently available in the Pro license.  

https://www.lansweeper.com/press/lansweeper-acquires-rankedrights-key-assets-to-accelerate-its-vulne...

@Esben_D  @IainCaldwell  can you please clarify on this?

Thanks!

IainCaldwell
Lansweeper Employee
Lansweeper Employee
In response to DonMario73

‎08-15-2023 10:07 AM

@DonMario73 yes the brains from rankedright will be helping map our future direction in this space, bringing their knowledge and experience and improving the lansweeper product.

 

Cheers Iain

0 Kudos
rom
Champion Sweeper III
In response to IainCaldwell

‎05-18-2023 07:08 PM

Thanks Iain - you might want to put this at the top of the chain as it will help clear a lot of things up - looking forward to the next iteration of security insights

0 Kudos

Product Discussions

Share feedback, exchange ideas and find answers to Lansweeper product questions.

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now