• Support
  • Forums
  • Blogs

Vulnerability Scanning - Vuln ID 813116 - Microsoft Antimalware - False Positive

clokendagger77clokendagger77

New Life Form
Running OSSIM 5.5.1.  When running a vulnerability scan against a Windows Server 2008 R SP1 host with System Center Endpoint Protection installed, the following vulnerabilities are identified and appear to be a false positives:
  
Microsoft Malware Protection Engine on Windows Defender Multiple Vulnerabilities - 811067
Microsoft Malware Protection Engine on Windows Defender RCE Vulnerability - Apr 2018 - 813116

The more recent of the two indicates the following detection criteria:

Installed version: 1.1.5605.0
Fixed version: 1.1.14700.5 or higher

When reviewing the config for this vulnerability (http://ww.hoodies-online.de/nasl.php?oid=813116), it appears to be checking the following registry entry:  HKLM:SOFTWARE\Microsoft\Windows Defender\Signature Updates\EngineVersion

Manually checking that registry value shows the version as:  1.1.14800.3

Has any one been able to determine why this fase positive is occuring or why the plugin is identifying the installed version as 1.1.5605.0?

Share post:

Answers

Sign In or Register to comment.