Issue
Customer reporting false positives in the VMware Carbon Black Cloud Enterprise EDR Vulnerability Detection module for multiple servers/workstations after patching or confirming mitigation.
Environment
Carbon Black Cloud
Resolution
Dismiss the vulnerability for the affected endpoint(s) within the Carbon Black Cloud console. Dismissing the vulnerability formally informs the system that the CVE is no longer present in the environment.
Carbon Black Documentation: Dismissing a Vulnerability
Other references:
Dismiss a Vulnerability for Multiple Assets
Access Dismissed Vulnerabilities
Reevaluate Dismissed Vulnerabilities
Cause
The Carbon Black vulnerability scan does not automatically detect and update the findings at the endpoint level, even after a patch has been applied or a manual scan has been triggered.
Comments
0 comments
Please sign in to leave a comment.