Forum Thread: McAfee Virusscan Vulnerability - in accurate reporting

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
CSI

This thread has been marked as locked.
mattw2 McAfee Virusscan Vulnerability - in accurate reporting
Member 27th May, 2016 10:08
Ranking: 0
Posts: 1
User Since: 10th May, 2016
System Score: N/A
Location: UK
I am seeing some inaccurate reporting of a McAfee Virusscan 8.8 vulnerability.

The issue applies to VirusScan Enterprise on any version up to 8.8.0.1528 (i.e. up to and including Patch 7).

McAfee have released Hotfix, but CSI doesn't appear to pick up that it is installed.
CSI is reporting the "patched" version is 8.8.0.1546, which is the new version of a DLL updated within the McAfee Hotfix. The problem is, though, that it seems CSI is using a different file, scan32.exe, to determine compliance, this file is not updated by the hotfix.
So, we are now having systems which have been patched still showing as insecure, distorting our results.


No one has replied to this thread yet - be the first
This thread has been marked as locked.