Overview
The Scanning Profile Vulnerability Assessment Options tab Patches section allows you to specify the security updates checked during vulnerability scanning. For example, you can skip some patches from being detected by scanning with the customized Scanning Profile instead of acknowledging or ignoring them after the scan.
Solution
The patches checked are selected from the complete list of supported Microsoft and non-Microsoft software updates and patches contained in the LanGuard Patch Management Database. This list is updated automatically along with the Program Updates.
- Enabling and Disabling Missing Patch Detection Checks
- Customizing the List of Software Patches to Scan
- Searching for Bulletin Information
Enabling and Disabling Missing Patch Detection Checks
- Launch the LanGuard console and go to Configuration > Scanning Profile Editor. Alternatively, press CTRL + P to launch the Scanning Profiles Editor.
- Go to Vulnerability Assessment Options > Patches.
- Select the scanning profile that you wish to customize from the left pane under Profiles.
- In the right pane, select the Detect Installed and Missing Service Packs/Patches option.
Missing patch scanning parameters are configurable on a Scanning Profile level. Make sure to enable missing patch scanning in all profiles where missing patch scanning is required.
Customizing the List of Software Patches to Scan
To specify which missing security updates will be enumerated and processed by a scanning profile:
- Go to Vulnerability Assessment Options > Patches.
- Select the scanning profile to customize from the left pane under Profiles.
- In the right pane, select/unselect which missing patches this scanning profile enumerates.
For example, choose to group the selection by target software, right-click in the field displaying the available patches, choose "select all" and then subsequently "do not include in security patches update".
- (Optional) Click Advanced in the Patches tab to edit the advanced update scanning options.
Searching for Bulletin Information
- Go to Vulnerability Assessment Options > Patches > Find update.
- Specify the bulletin name or QNumber in the search tool entry box included at the right pane's bottom.
Example:
Bulleting Name: MS02–017
QNumber: Q311987 - Click Find to search for your entry.
Related Articles
- Creating and Personalizing a Scanning Profile
- Configuring Vulnerabilities with Scanning Profile Editor
- Configuring TCP/UDP Port Scanning Options with Scanning Profile Editor
- Configuring System Information Options with Scanning Profile Editor
- Configuring Device Scanning Options with Scanning Profile Editor
- Configuring Applications Scanning Options with Scanning Profile Editor