AnsweredAssumed Answered

Microsoft CVE-2017-0290: Malware Protection Engine - Potential Vulnerability

Question asked by Robert Hart on May 12, 2017
Latest reply on Jun 19, 2017 by Peter David

It looks like Nexpose checks the OS and Registry key for the EngineVersion for this vulnerability.  This is great but if Defender is disabled by GPO or other means because you have another Anti malware engine running should Nexpose be stating you are vulnerable?  If Defender is disable wouldn't this become a potential vulnerability vs a vulnerability?  It would be great if Nexpose could detect this more accurately.

 

The issue is you can not update defender when it is disabled so you are left providing an exclusion in Nexpose.  However, if for some reason it becomes enabled then that potential vul. would be a vulnerability.

 

Anyone else of thoughts on how Nexpose is handling reporting this vulnerability?

Outcomes