Many Windows 10 False Positives

Author Message
stevel

  • Total Posts : 4
  • Joined: 1/17/2007
  • Status: offline
Many Windows 10 False Positives Friday, July 22, 2016 11:09 PM (permalink)
I'm getting a lot of false positives on my machines lately.  1 on Windows 7 machines (different thread, known issue, but no update from GFI since January on status).  I'm also getting 19 false positives on Windows 10 machines.  No missing patches (WSUS and Windows Updates, as well as Nessus - None of these show issues, but Languard does.  It shows them as Low Security Vulnerabilities, but not as missing patches).  Something seem to be wrong with these rules.  Maybe it's just with Windows 10 build 1511?
 
All systems are patched (per Microsoft and Nessus), so it's not that.  Languard is also up to date too, so that's also not the problem (just so people don't tell me to try that).
 
- oval:org.cisecurity:def:475: Windows SAM and LSAD Downgrade Vulnerability - CVE-2016-0128 (MS16-047)
- oval:org.cisecurity:def:520: Windows Shell Remote Code Execution Vulnerability - CVE-2016-0179 (MS16-057)
- oval:org.cisecurity:def:744: Direct3D Use After Free Vulnerability – CVE-2016-0184 (MS16-055)
- oval:org.cisecurity:def:745: Windows Imaging Component Memory Corruption Vulnerability – CVE-2016-0195 (MS16-055)
- oval:org.cisecurity:def:766: Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability – CVE-2016-0176 (MS16-062)
- oval:org.cisecurity:def:767: Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability – CVE-2016-0197 (MS16-062)
- oval:org.cisecurity:def:771: RPC Network Data Representation Engine Remote Code Execution Vulnerability - CVE-2016-0178 (MS16-061)
- oval:org.cisecurity:def:775: Windows Kernel Elevation of Privilege Vulnerability - CVE-2016-0180 (MS16-060)
- oval:org.cisecurity:def:779: Windows Graphics Component Information Disclosure Vulnerability - CVE-2016-0168 (MS16-055)
- oval:org.cisecurity:def:780: Windows Graphics Component Information Disclosure Vulnerability - CVE-2016-0169 (MS16-055)
- oval:org.cisecurity:def:781: Windows Graphics Component RCE Vulnerability - CVE-2016-0170 (MS16-055)
- oval:org.cisecurity:def:784: Secondary Logon Elevation of Privilege Vulnerability - CVE-2016-0099 (MS16-032)
- oval:org.cisecurity:def:859: Group Policy Elevation of Privilege Vulnerability - CVE-2016-3223 (MS16-072)
- oval:org.cisecurity:def:860: Windows PDF Remote Code Execution Vulnerability - CVE-2016-3203 (MS16-068/MS16-080)
- oval:org.cisecurity:def:861: WPAD Elevation of Privilege Vulnerability - CVE-2016-3213 (MS16-063/MS16-077)
- oval:org.cisecurity:def:866: Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability - CVE-2016-3236 (MS16-077)
- oval:org.cisecurity:def:868: Windows PDF Information Disclosure Vulnerability - CVE-2016-3215 (MS16-068/MS16-080)
- oval:org.cisecurity:def:870: Windows PDF Information Disclosure Vulnerability - CVE-2016-3201 (MS16-068/MS16-080)
- oval:org.cisecurity:def:881: Windows SMB Server Elevation of Privilege Vulnerability - CVE-2016-3225 (MS16-075)
 
#1
    Goran

    • Total Posts : 1
    • Joined: 3/12/2013
    • Status: offline
    Re:Many Windows 10 False Positives Friday, August 26, 2016 9:28 PM (permalink)
    We are having some results. Any fix for available for this?
     
    #2
      rpearson

      • Total Posts : 2
      • Joined: 6/22/2015
      • Status: offline
      Re:Many Windows 10 False Positives Thursday, October 20, 2016 1:13 PM (permalink)
      Ugh I am having the same issue. I have 9 Windows 10 machines and I think they are totaling 140 low vulnerabilities that I cant get to go away with patches.
       
      #3
        mwaters911

        • Total Posts : 21
        • Joined: 5/15/2013
        • Status: offline
        Re:Many Windows 10 False Positives Thursday, November 17, 2016 3:31 PM (permalink)
        I have the same sort of thing on my Windows 7 machines.  Many bogus vulnerabilities detected on fully patched systems.  One fix I had recommended was to uninstall the agent and reinstall it then run a full scan and that would clear up the errant vulnerabilities.  Are you kidding me?  Do you know how long that would take to do across an whole organization?  
         
        And I wonder, too, with the reported vulnerabilities, if my machine is as patched as it can be, then why tell me there are vulnerabilities for which there is no fix. I'm not talking about network ports, services and such, but mostly for software that is reported as having a vulnerability, usually old versions that aren't installed, that I have already upgraded past those versions.  If I'm not running the suspect version, then why tell me about it and have it affect my overall health rating? 
         
        #4
          Blueh

          • Total Posts : 3
          • Joined: 2/6/2017
          • Status: offline
          Re:Many Windows 10 False Positives Monday, February 06, 2017 2:41 PM (permalink)
          Is there any news on a fix for this issue?  This thread has been active since July 2016 and we are still experiencing this issue.  All our windows 10 clients are showing this behaviour.
           
          oval:org.cisecurity:def:1474: Windows Remote Code Execution Vulnerability – CVE-2016-7212 (MS16-130) oval:org.cisecurity:def:1475: Windows IME Elevation of Privilege Vulnerability – CVE-2016-7221 (MS16-130) oval:org.cisecurity:def:1476: Task Scheduler Elevation of Privilege Vulnerability – CVE-2016-7222 (MS16-130) oval:org.cisecurity:def:1481: Media Foundation Memory Corruption Vulnerability – CVE-2016-7217 (MS16-132) oval:org.cisecurity:def:1482: Windows Animation Manager Memory Corruption Vulnerability – CVE-2016-7205 (MS16-132) oval:org.cisecurity:def:1483: Windows Bowser.sys Information Disclosure Vulnerability - CVE- 2016-7218 (MS16-135) oval:org.cisecurity:def:1496: Windows NTLM Elevation of Privilege Vulnerability – CVE-2016-7238 (MS16-137) oval:org.cisecurity:def:1497: Local Security Authority Subsystem Service Denial of Service Vulnerability – CVE-2016-7237 (MS16-137) oval:org.cisecurity:def:1498: VHD Driver Elevation of Privilege Vulnerability – CVE-2016-7224 (MS16-138) oval:org.cisecurity:def:1499: VHD Driver Elevation of Privilege Vulnerability – CVE-2016-7223 (MS16-138) oval:org.cisecurity:def:1500: VHD Driver Elevation of Privilege Vulnerability – CVE-2016-7225 (MS16-138) oval:org.cisecurity:def:1501: VHD Driver Elevation of Privilege Vulnerability – CVE-2016-7226 (MS16-138) oval:org.cisecurity:def:1517: Secure Boot Component Vulnerability – CVE-2016-7247 (MS16-140) oval:org.cisecurity:def:1603: Windows Graphics Remote Code Execution Vulnerability - CVE-2016-7272 (MS16-146) oval:org.cisecurity:def:1604: Windows Graphics Remote Code Execution Vulnerability - CVE-2016-7273 (MS16-146) oval:org.cisecurity:def:1613: Windows Crypto Driver Information Disclosure Vulnerability - CVE-2016-7219 (MS16-149) oval:org.cisecurity:def:1645: Win32k Elevation of Privilege Vulnerability – CVE-2016-7260 (MS16-151) oval:org.cisecurity:def:1646: Win32k Elevation of Privilege Vulnerability – CVE-2016-7259 (MS16-151) oval:org.cisecurity:def:1651: Windows Uniscribe Remote Code Execution Vulnerability - CVE-2016-7274 (MS16-147) oval:org.cisecurity:def:1653: Secure Kernel Mode Elevation of Privilege Vulnerability - CVE-2016-7271 (MS16-150) oval:org.cisecurity:def:1681: Windows Kernel Memory Address Information Disclosure Vulnerability - CVE-2016-7258 (MS16-152)  
           
          #5
            Online Bookmarks Sharing: Share/Bookmark

            Jump to:

            Current active users

            There are 0 members and 2 guests.

            Icon Legend and Permission

            • New Messages
            • No New Messages
            • Hot Topic w/ New Messages
            • Hot Topic w/o New Messages
            • Locked w/ New Messages
            • Locked w/o New Messages
            • Read Message
            • Post New Thread
            • Reply to message
            • Post New Poll
            • Submit Vote
            • Post reward post
            • Delete my own posts
            • Delete my own threads
            • Rate post

            2000-2017 ASPPlayground.NET Forum Version 3.9