This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
raslam
Flexera
Feb 22, 2021
06:47 AM
The issue with the content process has been resolved. Can you please confirm if you have received the emails from the content team for your software suggestions?
Regards,
Raheel
... View more
Feb 22, 2021
06:44 AM
Hello Aftab,
We have answered your questions below.
On further checking, it was seen that hosts are scanned twice on two consecutive days. For example, the scan date is 17th Feb, host belonging to one of the above imports was scanned again on the 18th. We have verified with a client that at a time a host is part of only one import. Could you confirm if this is normal behavior? What else can I check here? Why is the host being scanned twice on 17th and 18th when the import is scheduled to run only once every week(17th Feb in this case)
Answer: It seems like the import schedule is still running. The important thing you need to check is the SVM daemon, like from which SVM account it was downloaded and installed? As you mentioned, they are using more licenses, so this could be they have multiple SVM accounts running the same SCCM import schedules and therefore using more licenses? If you manage to find that account, then try to login to that account and set the daemon import schedule to weekly. https://docs.flexera.com/csi/Content/helplibrary/System_Center_Import_Schedules__Requires_the_Software_Vulnerability_Manager.htm#svm_cloud_edition_scanning_1104539063_1033723
The client is licensed for only 10K hosts, and they are running scans for more than that. This is also generating additional records in the database, is there a way where we can limit SVM to scan only 10K hosts, and any additional scan should not be logged in database? I have verified host license for the client is set to 10K. Answer: Yes, we can set the actual SVM account license count to 10 k. Maybe the account they are using is the admin account created by a root SVM account. We need to change the license count for the SVM root account.
Is there a way to not log errors "license reached limit" in database, can we purge these? If yes, which database/table should I be looking at to achieve this?
Answer: We cant purge these messages since any new scans coming into SVM with no licenses available will show these messages. But we usually advise our customer to run the database cleanup rule from time to time to delete the old data. For example, remove the machines which haven't been scanned for 2 weeks. This will free a lot of licenses and any new machine reporting in will not show these messages. https://docs.flexera.com/csi/Content/helplibrary/Database_Cleanup.htm?Highlight=database%20cleanup At this point, the customer can follow the below steps. Run the cleanup rule to delete the unnecessary data from the DB. Find an account from which the SVM daemon was installed and then delete the existing schedules. Login to the accounts which they want to use for SCCM import and install the daemons with the same accounts. Create a weekly schedule on those SVM accounts. This will simplify their data and then will get fewer data into their tool. We hope this clarifies. If you need further help then we kindly advise you to create a ticket via your Flexera Support Community portal and one of the SVM Support engineers will get back to you. Regards,
Raheel
... View more
Feb 19, 2021
03:26 AM
Hello,
We have checked with the SVM content team, Apparently, one of the internal software suggestion processes is broken at the moment. so therefore there is a delay in processing the incoming software suggestion. We have now escalated this internally and changed the severity level to high. We hope the suggestion will be processed ASAP and you will be informed accordingly.
Sorry for the inconvenience.
Regards,
Raheel
... View more
Feb 18, 2021
06:46 AM
The unsuccessful login activity also logs into the activity log section of the SVM. But thanks for flagging this up, at the moment the unsuccessful login activity is not logging in the activity section of SVM. We did the detailed investigation and apparently, in the recent release of SVM, this feature appears to be broken now. For reference: We have copied the below screen screenshot from the previous version of SVM where this feature was working fine. At this point, we have now informed the engineering and they will take the necessary steps in future releases to resolve this issue.
Regards,
Raheel
... View more
Feb 17, 2021
04:59 AM
Hello,
You can get the activity log imported into the CSV format from SVM.
For example :
If you go to SVM > Database Access > Database Console > Right-click on the user_activity_log table > show data > click on the export button and export all pages. This will give all the user_activity_log details saved in the CSV file.
Regards,
Raheel
... View more
Feb 16, 2021
08:10 AM
Hello Aftab,
We do have some Dell products listed in the VPM ( Vendor Patch Module) section of SVM. These dell products you can deploy from SVM with the standard SVM deployment procedure. Please identify, If these products are drivers products that can fulfill the customer requirement then yes you can patch only these dell products from SVM.
Please note: All of the above products are from Vendor Patch module which is a paid module of SVM. If the customer wants to use this module then there is an additional cost associated with that.
Regards,
Raheel
... View more
Feb 16, 2021
08:00 AM
Ganesh,
You can use the below URL to create an account in the Flexera community.
https://flexeracommunity.force.com/Community/s/verifyEmail
After logging into the Flexera community you can go ''get support > open a new case'' to create a case with Flexera support. Once the ticket will be logged with Flexera Support, the support engineer will get back to you accordingly.
Regards,
Raheel
... View more
Feb 12, 2021
03:58 AM
1 Kudo
Hi,
You can quickly check and verify the WMI check if it is working or not.
For example :
Login to your SVM console > Configuation > Settings
Disable check for Microsoft Security Updates
Run the scan and create a log and see if just the WMI check is running fine? If it is then you might need to check your WUA agent status from services , if the WUA service is running or not? for more details, you can check the windows update log.
Regards,
Raheel
... View more
Feb 11, 2021
06:39 AM
Hi,
Can you please don't select any language at step 4 of the package creation wizard? Usually, select nothing picks up the OS language setting and installed the product with that language. but it seems like the Adobe package is only offered in these languages.
Regards
Raheel
... View more
Feb 10, 2021
10:35 AM
2 Kudos
Summary:
The current SVM on-premise version doesn't support the PHP 7.3, since PHP 7.2 has already been EOL in November 2020. This article will help our SVM on-premise customer to upgrade the PHP 7.2 version to PHP 7.3. Steps :
Prerequisite: you need to have PHP 7.2 installed
Add PHP 7.3 Remi repository
PHP 7.3 is available for CentOS 7 and Fedora distributions from the Remi repository. Add it to your system by running
yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm yum -y install epel-release yum-utils
Disable repo for PHP 7.2
yum-config-manager --disable remi-php72
Enable repo for PHP 7.3
yum-config-manager --enable remi-php73
Unzip the attached ioncube_loader_lin_7.3 zip file and use winscp to place at the following location /usr/local/Secunia/csi/lib
yum update (Make sure you install the php 7.3)
php –version (Make sure you have php 7.3 installed)
nano /etc/php.d/00-ioncube.ini
Edit 00-ioncube.ini ( Change the zend_extension=/usr/local/Secunia/csi/lib/ioncube_loader_lin_7.2.so to ioncube_loader_lin_7.3.so)
apachectl restart
... View more
Feb 03, 2021
05:51 AM
Summary
At this moment, is not possible for Flexera to maintain an accurate vulnerability assessment of Jenkins 2.x for Windows OS, as the latest Jenkins releases contain bad PE Header version metadata that mismatches the publicly advertised versions by the vendor.
Diagnosis
Upon a deeper investigation of the executable files included in the latest releases of Jenkins 2.x and their PE header metadata included in the files, it turned out that the vendor has mislabeled their versions for both the LTS and Weekly releases. When installed, the LTS version of Jenkins 2.263.3 contains version metadata of 2.9.0.0 instead of its advertised public version number (2.263.3). When installed, the Weekly version of Jenkins 2.275 contains version metadata of 2.9.0.0 instead of its advertised public version number (2.275). Conclusion:
Flexera has added detection capabilities to be able to recognize the Jenkins installation files on Windows OS and flag them as part of SVM scan results. Due to the version metadata problem explained above, we cannot yet add further security assessment capabilities that will enable recognition of whether your version is EOL, Insecure, or Patched. Flexera will continue monitoring Jenkins 2.x releases and would enable assessment capabilities as soon as the vendor supplies installation files that hold the correct metadata versions as advertised. Until then, the product would simply appear with a “Patched” status, we do understand this status is potentially incorrect for your version of Jenkins. We are monitoring this closely and once the metadata will be corrected by the vendor, we will further update the rules accordingly.
... View more
Labels:
Feb 03, 2021
02:56 AM
1 Kudo
Summary
Adobe no longer supports Flash Player after December 31, 2020, and blocked Flash content from running in Flash Player beginning January 12, 2021, Adobe strongly recommends all users immediately uninstall Flash Player to help protect their systems. https://www.adobe.com/products/flashplayer/end-of-life.html
Steps: a) Scan the system and get Adobe Flash in the Scan Results in SVM. b) Update Smart Groups to ensure that the latest suggestions are made c) Go to SPS and simply double-click on the Adobe Flash entry (in grey!) d) Enable the "Edit Package Content" checkbox and click Next. ( You can also import the attached XML file here, which contains all the below steps) e) In the JavaScript template, insert "-uninstall -force" in the *var silentParams * variable f) Download the file from the link below and import it manually into the SPS package wizard. g) Use "Export SPS Package" to export the executable to the file system h) Transfer the SPS package to the machine where Adobe Flash is installed k) Double-click on the SPS.exe file and accept the UAC prompt.
Please note: After testing the package with the above steps. You can name the package as a uninstall Adobe Flash player package on step 1 and then processed it with package publishing via WSUS to deploy on your machines.
File Used: https://fpdownload.macromedia.com/get/flashplayer/current/support/uninstall_flash_player.exe
... View more
Feb 03, 2021
02:06 AM
Hello,
Thanks for reporting this and we are currently checking this internally and will get back to you.
Regards,
Raheel
... View more
Jan 26, 2021
02:11 AM
Hello Samrita,
Can you please provide more detail about, which Software Vulnerability Manager link you are trying to access? Please get back to us, so we can further assist you.
Regards,
Raheel
... View more
Jan 26, 2021
02:05 AM
Hello, We have more than 50000 products in our product DB for active vulnerability tracking. For the products which are not part of the product DB, our SVR ( Software Vulnerability Research) customers can suggest software via their SVR portal. You can find more detail in the below link.
https://community.flexera.com/t5/Software-Vulnerability-Research/Steps-to-quot-Suggest-Software-quot-for-tracking-in-SVR/ta-p/5618
We do have a proper detail of the product in the DB as well. Please have a look at the below screenshot.
Brief Overview
The Secunia Research team produces invaluable security advisories based upon the research of the vulnerabilities affecting any given software update. Sometimes a single update can address multiple vulnerabilities of varying criticalities and threats, but these advisories aggregate and distill findings down to a single advisory perfect for the prioritization of patch efforts. In these advisories, criticality scores are consistently applied along with details around attack vectors and other valuable details. Illegitimate vulnerability reports are also investigated and rejected so you can focus only on what truly matters. Please find more detail about Secunia Research from the below link.
https://www.flexera.com/products/operations/software-vulnerability-research/secunia-research.html
Related Links
Software Vulnerability Research
Software Vulnerability Research - Secunia Research Data
Software Vulnerability Manager
Security Advisories from Secunia Research
Anatomy of a Security Advisory We hope this clarifies. Regards, Raheel
... View more
Latest posts by raslam
Subject | Views | Posted |
---|---|---|
29 | Feb 22, 2021 06:47 AM | |
20 | Feb 22, 2021 06:44 AM | |
53 | Feb 19, 2021 03:26 AM | |
42 | Feb 18, 2021 06:46 AM | |
63 | Feb 17, 2021 04:59 AM | |
100 | Feb 16, 2021 08:10 AM | |
22 | Feb 16, 2021 08:00 AM | |
36 | Feb 12, 2021 03:58 AM | |
202 | Feb 11, 2021 06:39 AM | |
87 | Feb 10, 2021 10:35 AM |
Activity Feed
- Posted Re: Product Suggestions on Software Vulnerability Management Forum. Feb 22, 2021 06:47 AM
- Posted Re: SVM Database Issue on Software Vulnerability Management Forum. Feb 22, 2021 06:44 AM
- Posted Re: Product Suggestions on Software Vulnerability Management Forum. Feb 19, 2021 03:26 AM
- Posted Re: Failed attempts for User Login in the Activity Log? on Software Vulnerability Management Forum. Feb 18, 2021 06:46 AM
- Posted Re: Failed attempts for User Login in the Activity Log? on Software Vulnerability Management Forum. Feb 17, 2021 04:59 AM
- Kudoed Re: Can we use SVM for patching Dell Drivers? for bkelly. Feb 16, 2021 09:18 AM
- Posted Re: Can we use SVM for patching Dell Drivers? on Software Vulnerability Management Forum. Feb 16, 2021 08:10 AM
- Posted Re: Help required in raising ticket first time on Software Vulnerability Management Forum. Feb 16, 2021 08:00 AM
- Got a Kudo for Re: Csia.exe appears to get stuck. Feb 13, 2021 11:39 AM
- Posted Re: Csia.exe appears to get stuck on Software Vulnerability Management Forum. Feb 12, 2021 03:58 AM
- Posted Re: Adobe Acrobat Reader - Multiple Languages issue on Software Vulnerability Management Forum. Feb 11, 2021 06:39 AM
- Posted How to manually upgrade the Software Vulnerability Manager On-Premises Linux box/CentOS SVM Virtual Applicance from php 7.2 to php 7.3 on Software Vulnerability Manager Knowledge Base. Feb 10, 2021 10:35 AM
- Posted Jenkins Vulnerability Assesment Discrepancy on Software Vulnerability Manager Knowledge Base. Feb 03, 2021 05:51 AM
- Posted Quick way to Remove Adobe Flash Player using Software Vulnerability Manager on Software Vulnerability Manager Knowledge Base. Feb 03, 2021 02:56 AM
- Posted Re: Record changes and deletion of data in Flexera SVM logs (cloud version) on Software Vulnerability Management Forum. Feb 03, 2021 02:06 AM
- Posted Re: Security Vulnerability Manager on Software Vulnerability Management Forum. Jan 26, 2021 02:11 AM
- Posted Re: Software Build of Materials on Software Vulnerability Management Forum. Jan 26, 2021 02:05 AM
- Kudoed Re: 3rd party updates failing to install with error 0x800b0004(2146762748) for sbristow. Jan 18, 2021 03:38 AM
- Kudoed How to configure LDAP for VA for arodziewicz. Jan 12, 2021 07:24 AM
- Posted Re: Flexera scheduled scan not run since december on Software Vulnerability Management Forum. Jan 12, 2021 07:15 AM
Contact Me
Online Status |
Offline
|
Date Last Visited |
Feb 26, 2021
05:55 AM
|