Overview
The major version upgrades of third-party software are not assigned a severity level by GFI LanGuard in the list of missing patches.
Root Cause
By default, the GFI LanGuard ignores major version upgrades when computing the vulnerability level.
Process
- Create a backup of the XML file which by default is located in: <drive>\ProgramData\GFI\Languard <version>\ where <version> is the version number of GFI LanGuard and rename the backup copy to toolcfg_simple.xml.orig
- Manually add this category in the XML file:
<Category Name="MajorVersionUpgradeOfTypeSecurityAffectsVulnerabilityLevelTwist"><Items>
<Item Name="Affects"><![CDATA[1]]></Item></Items></Category>
- Save the file and close it.
- Open the XML file in a web browser and make sure that it displays correctly as a valid XML.
- Restart the GFI LanGuard Attendant service from the Services applet.