07-08-2022 10:11 AM - last edited on 06-14-2023 08:04 PM by Mercedes_O
Lansweeper is delighted to announce new capabilities in the security vulnerabilities space. Building on the foundations of our world-class scanning technology Lansweeper has enhanced our software scanning to normalize and enrich with NIST standard naming and identification. This enables Lansweeper to offer value add capabilities matching clients' software against NIST vulnerabilities databases.
This is a preview feature and will be iterated frequently over the next few months before the official release. Please use this space to give suggestions +ve or -ve to help us improve the product.
05-15-2023 11:52 PM
I'm noticing that a lot of vulnerabilities are being reported for servers that have the CVE patches installed. Mostly with server 2012 r2. Almost every 2012 server reports handfuls of vulnerabilities. All servers are up to date, and I've even downloaded the specific KB update, installed it, waited a day or two, and that machine will still be reported as having that vulnerability, is there a step or issue im missing?
05-18-2023 11:08 AM
Hi @Tyler
Since we implemented our mapping to the NIST list we've realised that the version number in NIST isn't specific enough to recognise changes (patches). A lot of the entries are at the major version level which then leads to a lot of false +ves. As a result we have put focus on other sources we can use to augment that core list - the primary one being a Microsoft list (Microsoft isn't the only areas we see gaps but its the one most visible due to the higher usage).
We have this in testing just now and expect the improvements to be included in our D-Launch mid to end June.
Sorry, and thanks for your patience.
Cheers Iain
06-22-2023 10:35 AM
Any update on the this? The June update is out and we still have the issue of Lansweeper not detecting cumulative updates correctly and showing vulnerabilities that were patched years ago.
06-28-2023 11:41 AM
I agree its absolute disgrace, we will be reducing our licence on renewal, we upgraded our licence on the basis that feature it was just leaving beta and was good to go, 6 months later it finally left beta and still can't handle basics like cumulative updates.
06-28-2023 02:32 PM
I also upgraded our license specifically for the vulnerability assessment. Very disappointed I can even use it or trust it to be correct.
07-10-2023 12:09 PM
Hey Cole, we're aware of some issues, you can find more info here: https://community.lansweeper.com/t5/product-conversations/vulnerability-risk-assessment-performance-...
However, if you have specifics about your problem you would like to share, I'd recommend contacting support so they can validate whether you're experiencing the same issue.
06-28-2023 04:08 PM
I read about this new acquisition from Lansweeper. Seems like it will help to improve the risk insights currently available in the Pro license.
@Esben_D @IainCaldwell can you please clarify on this?
Thanks!
08-15-2023 10:07 AM
@DonMario73 yes the brains from rankedright will be helping map our future direction in this space, bringing their knowledge and experience and improving the lansweeper product.
Cheers Iain
05-18-2023 07:08 PM
Thanks Iain - you might want to put this at the top of the chain as it will help clear a lot of things up - looking forward to the next iteration of security insights
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now