|mattw2||McAfee Virusscan Vulnerability - in accurate reporting|
|27th May, 2016 10:08|
User Since: 10th May, 2016
System Score: N/A
I am seeing some inaccurate reporting of a McAfee Virusscan 8.8 vulnerability.
The issue applies to VirusScan Enterprise on any version up to 18.104.22.1688 (i.e. up to and including Patch 7).
McAfee have released Hotfix, but CSI doesn't appear to pick up that it is installed.
CSI is reporting the "patched" version is 22.214.171.1246, which is the new version of a DLL updated within the McAfee Hotfix. The problem is, though, that it seems CSI is using a different file, scan32.exe, to determine compliance, this file is not updated by the hotfix.
So, we are now having systems which have been patched still showing as insecure, distorting our results.