Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: newbie help

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
CSI

This thread has been marked as locked.
rworlton newbie help
Member 15th Nov, 2013 19:51
Ranking: 0
Posts: 4
User Since: 15th Nov, 2013
System Score: N/A
Location: US
I'm trying to figure out what I'm missing, i just started using CSI 7.0 and have been through the documentation but havent been able to figure out if I've missed a step somewhere.

Here is my problem, I've installed a local agent on a recently installed Windows 2008 R2 OS, it has no patches, it's still the gold image.

i expected the scan results to give me at least 70 windows patches missing and then give me the option to deploy the missing patches. what actually returned in the scan was a report that i was 100% patched, with 14 patches applied. When i use windows update it shows that several patches are indeed missing.

How do I tell CSI to look for everything... I've tried changing the type to 3 and re-scanning with no luck.

help is greatly appreciated, even if to point me to some good documentation ( other than the technical users guide)

Thanks,


r.danailov RE: newbie help
Secunia Official 18th Nov, 2013 08:52
Score: 25
Posts: 169
User Since: 3rd Jan 2012
System Score: N/A
Location: Copenhagen, DK
Hi,

Secunia CSI would only display missing security updates and it would not display to you missing feature updates. Could it be that the packages you see in Windows Update are not security-related updates for the Microsoft base Operating System and its components?

Kind regards / Stay Secure
Rosen Danailov / Security+
Secunia Customer Support
rworlton RE: newbie help
Member 18th Nov, 2013 21:22
Score: 0
Posts: 4
User Since: 15th Nov 2013
System Score: N/A
Location: US
I wondered about that but no, for example I'm not seeing MS13-081, MS13-054, MS13-052, MS12-035... just to name a few picked up by windows update but not listed in the scan results from CSI.

additionally your saying that CSI only scans for Security related updates? It does not look for the other break fix type patches?

-Ryan
Was this reply relevant?
+0
-0
r.danailov RE: newbie help
Secunia Official 19th Nov, 2013 13:21
Score: 25
Posts: 169
User Since: 3rd Jan 2012
System Score: N/A
Location: Copenhagen, DK
Hi,

Yes, Secunia CSI only looks to find missing security Windows updates. The updates are evaluated either against a local update server (WSUS/SCCM) or against the Windows Update official website. Under Configuration > Settings menu, you will be able to find configuration settings to configure where shall CSI (or its Agents) look to verify the missing MS updates.

Additionally, CSI displays missing KB numbers and it does not display missing MS bulletin IDs.

Kind regards / Stay Secure
Rosen Danailov / Security+
Secunia Customer Support
rworlton RE: newbie help
Member 19th Nov, 2013 22:05
Score: 0
Posts: 4
User Since: 15th Nov 2013
System Score: N/A
Location: US
I'm still a little lost as to why CSI isn't picking up the security related vulnerabilities listed above.. is there a log file that I can look at to figure out why the CSI agent didn't find the machine vulnerable?

Was this reply relevant?
+0
-0
r.danailov RE: newbie help
Secunia Official 22nd Nov, 2013 15:07
Score: 25
Posts: 169
User Since: 3rd Jan 2012
System Score: N/A
Location: Copenhagen, DK
Hi,

on 19th Nov, 2013 22:05, rworlton wrote:
I'm still a little lost as to why CSI isn't picking up the security related vulnerabilities listed above.. is there a log file that I can look at to figure out why the CSI agent didn't find the machine vulnerable?


Unfortunately, I am not able to assess immediately what is the actual reason, at least not until I have more information on the subject. Secunia CSC can assist you greatly if we knew more about your setup, in particular the following things:

a) Which scan method have you used to scan your machines?
b) Could the problem be reproduced more than once against more than 1 Client machines?
c) Which setting is enabled under Configuration > Settings > 'Windows Update Settings' in CSI ?
d) What operating system did CSI fail to detect updates for?

Furthermore, I would recommend you to report your case through our official email support address csc@secunia.com. This would surely ensure privacy and faster handling of your case. Else, please feel free to answer here and I would do my best to reply back as soon as possible.

Kind regards / Stay Secure
Rosen Danailov / Security+
Junior Solution Specialist
rworlton RE: newbie help
Member 22nd Nov, 2013 18:57
Score: 0
Posts: 4
User Since: 15th Nov 2013
System Score: N/A
Location: US
Awesome... you could read my first post and get all the answers to your questions... I hope working with support is better than this forum.

Was this reply relevant?
+0
-0
r.danailov RE: newbie help
Secunia Official 25th Nov, 2013 10:03
Score: 25
Posts: 169
User Since: 3rd Jan 2012
System Score: N/A
Location: Copenhagen, DK
Hi,

WindowsUpdate.log file will likely include additional information about the reason that prevented Secunia CSI Agent (via the Windows Update Agent service) to detect missing updates.

CSI Agents performs inventory of the executable files found on the local system during an active vulnerability scan and furthermore send the list of detected Windows files to the Windows Update Agent on the local system. WUA would further evaluate what is their security status.

It is the local Windows Update Agent (WUA) that finally assesses the security of your software and so depending on the configuration of the Windows Update service compared to the configuration of Secunia CSI ('Windows Update' section under Configuration > Settings), the local WUA may be disallowed to actually perform an assessment. Here are some more scenarios to exemplify:

a) Inside Secunia CSI you'd chosen to evaluate MS updates against the official Microsoft Update website - CSI fails to detect missing MS updates because the local host WUA is disallowed to verify updates against the official Microsoft website service.

b) Inside Secunia CSI you'd chosen to evaluate MS updates against ''Locally Managed Server" and so the CSI Agent asks WUA to collect MS Update information from the local WSUS server. However, the local WUA is actually configured to seek updates against MS website as it's not yet working with the local WSUS and so it denies checking against a different server.

c) Windows Update Agent (via the Trusted Installer) was in active installation mode at the time you ran your scans. WUA was currently busy and could not handle the request by the Secunia CSI Agent. The WUA failed to handle further requests because the machine was pending reboot.

In addition, there may be several more reasons why the detection would fail and all of those depend on how your CSI is configured to detect Microsoft Updates and how far your domain configuration / WUA configuration allows the CSI to perform its request.

Please re-test the detection with Secunia CSI after confirming that your settings match the configuration of the Windows Update service on the local test Client. Please test the detection on a second machine to confirm if the problem is global or local to the first test system only.

Kind regards / Stay Secure
Rosen Danailov / Security+
Secunia Customer Support

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability