Quick question. What causes this.
A scan is run on an asset, vulnerabilities are detected (say, Disable TCP or ICMP timestamp), these vulnerabilities are then remediated (with visible evidence that remediation has been done). However, after a scan is done on that same asset, the vulnerability report shows the same vulnerability present on the asset.
I would check the proof of the vulnerability to see why it believes that vulnerability is still present.
yes but in this case the proof has been checked and indeed the vulnerability has been remediated. For instance, disabling ICMP timestamp. Its easy to verify that from the server but even after that the scan still picks it up as a vulnerability.
It may be best to open a support ticket then and re-scan in enhanced logging mode to see what the scan engine is seeing and why it is reporting as still vulnerable. The proof for the vulnerability is simply “Able to determine remote system time.” which isn’t very helpful. The scan logs however may provide some more insight as to what the scan engine is seeing.
Alright John. Will do. Thanks.
I have that issue when we have the agent also installed on the asset. Creating a scan template that doesn’t " Skip checks performed by the Insight Agent" might remove the remediated findings.
Hi, how did you get on with this route?