How does IVM search for dlls to identify vulnerabilities? How can we add to these search paths?
1 Like
@scott_scott In some cases, DLLs are found by looking in the registry to determine where they exist on the filesystem. In other cases specific filepaths are defined in vulnerability check logic based on Microsoft’s security advisories.
Registry keys and DLL paths are constantly being updated as we refine existing checks and add new coverage. Looking at DLLs is only one technique InsightVM uses to determine vulnerable status of software. If there are vulnerability findings you expect to see but aren’t, please communicate with your CSM so we can get the feedback to the content team; however, if you need a custom check for something in particular we do have some documentation to get you started: https://kb.help.rapid7.com/docs/writing-vulnerability-checks-for-nexpose.
1 Like