cancel
Showing results for 
Search instead for 
Did you mean: 

Reasons to filter out scan results in SVM2018 - 'Blacklist' Rules

Reasons to filter out scan results in SVM2018 - 'Blacklist' Rules

Summary

Disabling scanning of certain locations may help you maintain a cleaner database avoiding scanning of locations where you know and you intend to keep old software program versions and executable files that are known to be risky, but the organization decided to keep present and unpatched anyways. 

Synopsis

Many times, you would want to disable scanning for vulnerabilities at 'special' locations:

  • C:\Windows\InfusedApps\Packages\...
  • ....\Backup\ directory
  • C:\Users\%Profile%\<YourApp>\
  • E:\External\Personal\Files\....
  • %AppData%
  • %Temp%
  • Other paths that do not correspond to your organization deployment policies and standard procedures.

Here are a number of reasons why you may want/need 'Blacklist' filter to be applied:

  1. Prevent SVM to be flagging infused Microsoft Office versions shipped with the default OS. 
  2. You may want to prevent SVM of injecting odd path locations where vulnerable software instances had been found because Windows Update/CCM will anyway fail to patch these files. 
  3. You may want to prevent SVM of discovering software in Backup locations where your organization keeps old versions of programs for backward compatibility and/or legacy reasons.
  4. Prevent scanning user directories and local TEMP folders which usually contain a lot of irrelevant software files which SVM may mix up with the versions you are only responsible to patch. 
  5. Keep your SVM database clean from junk data that do not focus on your work and it does not fall under the scope of assessment of actively installed programs.

Discussion

To create a simple 'Blacklist' you should navigate to Scanning/Filter Scan Results/Scan Paths

  • Enable the radio button 'Blacklisting' before proceeding
  • Click the 'Add Blacklist Rule' on the left of the radio buttons

User-added image

  • Give your rule a descriptive name that will indicate well enough what this rule is about.
  • Type the installation path of the software you want to filter out from your scan results.
    • Add a backslash at the end of the path ('\').
      • For example ...\AppData\Local\
  • You have the option of using the 'Site' field to apply your rule only within a given range of hosts that reside in a particular 'Site' boundary within the SVM database. 
    • The 'Site' grouping in SVM2018 could be an existing SCCM collection, Active Directory OU, the name of your domain, or a Custom site that you have configured yourself.
      • Using the Site to filter results is a good way to consider the scope of your filter.
  • Do not attempt to use Wildcharacters (*), or regular expressions as none of these would work.
    • SVM requires a full path specification and listing
    • Advanced search and specification of paths are not supported by SVM/Flexera. 

Additional Information

It's a good idea to avoid filtering of primary directories and to be as much specific as possible with regards to the path you insert. Be very specific.

This sort of filtering is 'all-inclusive' and it will prevent scanning of all sub-folders under the path you filtered out.

Example:
Filtering out 'D:\Program Files\Backup\Adobe\' when you intend to prevent scanning of 'D:\Program Files\Backup\Adobe\OldVersions\Reader\Version3.x\' is not a good idea.

You may have other versions (or programs such as Flash, or Photoshop, etc.) also filtered out, as those may be residing in another sub-categorized folder under 'D:\Program Files\Backup\Adobe\'

Was this article helpful? Yes No
No ratings