I noticed that a couple of endpoints had 62 new vulnerabilities this morning. One of them had Edge 147.0.3912.60 already installed, the other did in fact need an update. After verifying both were up to date, a full scan did not remove these vulnerabilities. Just giving others a heads up. Clearly something needs to be adjusted with the detection.
This one has confused me a bit as well as the vuln is directly relating to Edge within IVM, but the version mentioned in the description only related to google chrome version #’s, which already have their set of 62 vulnerabilities that were introduced late last week.
1 Like
They have had that issue in the past. Where they mix up Chrome and Edge version numbers.
I just noticed that the vulnerabilities are no longer showing. That was quick.
Really? Mine still show as present… interested in what changed.
I have now over a Million Edge and Chrome vulnerabilities combined. Everytime I am in holiday, this kind of BS happens. Will check the Microsoft Defender findings zu compare the results with Rapid7.
Touching on your point of running a full scan and the findings still appearing, was this the button located under the asset or remediation project to scan now? If so, I believe that functionality tells a compatible scan engine to rescan the host, however, a scan engine would enumerate things such as open ports, banner grabbing for vulnerable versions, etc.
The browser vulnerability finding originates from the Rapid7 agent. There is currently no functionality to tell the agent to immediately rescan a host for validation purposes. However, I believe from a recent post, Rapid7 might be introducing this functionality.
Link to that post: InsightVM On Demand Agent Assessment
1 Like
You’re absolutely correct. I could’ve sworn a “full audit” scan in the past cleared vulnerabilities but it may have been the agent scanning the endpoint on its own as scheduled. Looking forward to the feature. It’s nice to remediate something and see it resolved with a scan.
I agree 100%. It is definitely a needed feature because currently, I am waiting for the agent to rescan findings which can take up to 24 hours sometimes. If I get access or hear anything new I’ll be sure to post or update everyone.
Just an FYI and I am sure you probably know this - but may be worth mentioning for others!
Running a scan with the “Agent OFF'“ scan template will resolve vulnerabilities, basically it removes the checkbox from other scan templates that use the “Dont run checks that are covered by the Rapid7 Insight Agent”, and will force the scan engine to check for every single thing. This is what we use for all remediation-style scanning to scan after a supposed fix/patch has been implemented.
1 Like
We don’t have an “Agent OFF” template but I looked at the settings of the Full Audit template and “Skip checks performed by the VM Agent” was already unchecked.
1 Like
I encountered the same issue. I ran a vuln scan on the asset and it still showed the vulnerability. I then went to the asset and ran “Investigate” for the listed CVE and this verified the remediation took place and I was able to mark it as resolved.
Best case is whats already been discussed to clear these and others.
Create a Copy of your Standard template that you are using and unselect the options for Skip checks performed by the VM Agent
For instance:
100 - Full Audit - Agent Bypass
or whatever..