I’m new to InsightVM and I’m trying to learn my way by creating a remediation project for my device and then remediating all of the vulnerabilities identified.
It shows 67 vulnerabilities related to zoom with the solution being to update to the latest version of zoom. I’ve updated zoom, uninstalled the zoom outlook helper, rebooted, rescanned but InsightVM still says 67 zoom related vulnerabilities.
Any suggestions on what I can do to get InsightVM to see Zoom as being updated, or better understand why it thinks it’s not?
Hi,
I propose to go to vulnerabilities section and look for proofs - why VM is seeing those issues and where.
You are using agents or You are performing scans with credentials?
Maybe check to see if it is still detecting an old .exe in the installer filepath. Also check registry keys. I’ve had some issues when uninstalling programs where these don’t get removed and InsightVM still sees them. If you click on the vulnerability to display the details there is a “proof” section that shows you where it is finding the issue and the “key” section to show you what registry keys it sees.
Edited: On the vulnerability detail screen, look under “Assets” to see the sections I mentioned above.
Thank you both, this was helpful advice. If it helps anyone else I found that the vulnerable version of zoom was installed under a default administrative account and didn’t get updated when Zoom updates in a non administrative user profile. For whatever reason, when logged in as a non administrative user the vulnerable version was not visible, running the uninstall command identified in the registry even from an elevated command prompt resulted in a message that this command can only be run on installed applications. I had to actually log in a sthe local admin account to see the vulnerable version installed and then could see 2 versions of zoom in programs and features, the vulnerable old version and the current up to date version. uninstalling the vulnreable version from programs and feature under the administrative user profile resolved the vulnerability.
Still not truly satisfied with the Rapid7 InsightVM product. I’ve tried using remediation projects before, and they don’t seem to work as described in their documentation. Updates take an exceptionally long time to reflect in remediation projects, and even after multiple scans and re-scans, progress can still be very slow to show. Therefore, I wouldn’t recommend relying 100% on remediation projects. This has been my experience so far.
That is because scans do not directly feed remediation projects. The console integration with the exposure cloud does.
“After a scan is completed, the asset page on the console typically updates within an hour. However, it can take 24 to 48 hours for scan data to be reflected in a remediation project as well as in the asset page on the cloud side. This delay is considered normal and is due to the time required for the data to sync from the on-prem console to the S3 bucket, to the remediation project in the Exposure Analytics cloud.”
Thanks for the response.
It’s clear that remediation projects aren’t something we can truly depend on right now, and that’s a problem. Teams need to see changes in real-time as they fix things so they can report and close out their remediation projects. If it takes forever for the data and progress to update in these projects, what’s the point? For example, just flagging high CVEs as a rejection doesn’t actually help the patching team get the work done, again this is my own experience with Rapid7IVM, maybe some other folks find this remediation projects useful, but for me managing thousands of assets, it has not been useful at all.
For this reason, unfortunately, I find asset groups to be much more reliable for things I need quick updates on. If it is a project stretched over weeks or even months that is when i tend to lean towards the remediation projects.
Exactly what I do. Whenever possible I’ll just create an asset group relating to the CVE and provide role based access to the group for the patching team. All assets have the agent installed so it’s never more than a six hour wait for progress updates.