Overview
This article provides the steps to add a missing patch or vulnerability to the ignored list in GFI LanGuard.
Solution
LanGuard enables you to ignore missing patches or vulnerabilities so that they will not be reported as issues in the future, and include reasons why such vulnerabilities are ignored. This can be done for a machine or group of machines by following the steps below:
- Launch the LanGuard console and navigate to Dashboard tab -> Patches.
- Select the target machine or group in the Computer Tree at the left, then under the Patch List select the patch that needs to be ignored.
- Click the Ignore option under Actions to launch the Rule-Ignore Patch dialog.
- Specify the scope - Current selection or Entire network - to apply the rule to, and the time span to ignore the issue.
- Click Ok.
Run one of the Vulnerability detection scans on the selected scope to update information for the target machines.
Please note that it is not possible to ignore vulnerabilities in bulk in this way. You can utilize one of the following workarounds for the same as per your requirement:
- Excluding specific vulnerabilities from scanning profiles themselves: Refer KBA Ignoring Specific Vulnerabilities in Scans
- Customizing the Vulnerability Status report to display selected Vulnerability levels only: Refer KBA Customizing and Modifying Default Reports
Testing
Once the scan finishes, verify that the ignored patch or vulnerability is no longer displayed.