Symantec Control Compliance Suite for Vulnerability Manager (CCS VM) Scans against Microsoft Windows with Adobe products installed are returning old Adobe versions as vulnerabilities when those Adobe products are not installed
Symantec Control Compliance Suite for Vulnerability Manager - CCS VM Scans against Microsoft Windows with Adobe products installed are returning old Adobe versions as vulnerabilities when those Adobe products are not installed.
False positive results for Adobe products and versions
The Adobe products install updates with new versions and on occasion it will relocate its registry entries to a new location. The old registry entries are not removed. When the CCS VM product does a scan against one of these IP devices it will look in the registry to find the vulnerability. The old registry values are then found and flagged as a vulnerability even though it is a false positive.
There are three possibilities: 1.) Scrub the target IP device of old Adobe registry values. The file: /opt/Symantec/CCSVM/plugins/java/1/WindowsScanner/1/windows-adobe.clp contains informations such as: " (if (eq (call ?j_adobeProductName indexOf "Adobe") 0) then (bind ?j_adobeVersion (winreg-read-string ?j_service ?jk_productSubKey "DisplayVersion")) ; Product DisplayName ; Adobe Reader 6.x - 9.x: "Adobe Reader 9.4.4" ; Adobe Reader 9.x MUI: "Adobe Reader 9.3.0 MUI" ; Adobe Reader 10: "Adobe Reader X" ; Adobe Reader 10 MUI: "Adobe Reader X MUI" ; Adobe Reader 10.x: "Adobe Reader X (10.0.1)" ; Adobe Reader 10.x MUI: "Adobe Reader X (10.0.1) MUI"
Which can then be used to help in locating registry entries for older versions of the product.
2.) Create a scan template that removes older Adobe version checks.
3.) Add exceptions to the results to ignore older Adobe version checks.
Imported Document ID: TECH189480
Subscribing will provide email updates when this Article is updated. Login is required.