My company uses the Solarwinds RMM agent on many thin clients and since thin clients do not need to be kept up to date with the latest security patches we would love to see the ability to completely turn off vulnerability scans without uninstalling patch management.
The ability to run a task on a check failure is essential to automating resolutions to common problems. Since we are having to manage the VulnScan regularly, it would be advantageous to be able to run some "quick Fixes" to see if those can solve the issues prior to our involvement. Several people have come up with (mostly) automated ways of dealing with some of the vuln scan issues. But it still takes time to kick ...more »
When I load a vulnerability report on a target machine I see only that report. When I load a breach report I see BOTH reports. It is a given that right now, and according to most MSP policies, every Vulnerability report ever generated is going to fail. None of us EVER install updates the day they come out because that's the pathway to being a beta-bug-tester. So why they even have that report is beyond me, but be that ...more »
A report which offers some better way to analyze results of vulnerability scans (maybe similar to patch failure report)
e.g. see which computers have a given vulnerability; see how many computers for a specific client have a vulnerability
We are seeing an increasing number of vulnerability check failures across our customer estate. I am seeing at least 15 across 700 servers. I understand from support there is a trouble.exe that can be run but I think more can be done to improve reliablility including: 1. Running the Languard service as a named user rather than SYSTEM, this should be set at install time, or a logicard displayed. 2. Better intelience ...more »
Please split up Vulnerability Check in two check.
1) Missing patches
2) Vulnerability problems.
Since Agent 9.13 additonal software found its way into RMM. Some softwareproducts (e.g. Apache Web Server, MySQL) are just scanned for patches, they do not get patched. http://www.gfi.com/languard-supported-apps ** GFI LanGuard automatically detects missing patches, but the deployment is not automated for this product and must be performed manually by the users. The problem: you cannot ignore these patches. Especially ...more »
I suggest referring this up the chain so that the eDellRoot certificate issue can be detected by the RMM Vulnerability Scan. Dell has recently published a removal tool and manual removal instructions for the eDellRoot certificate... http://en.community.dell.com/dell-blogs/direct2dell/b/direct2dell/archive/2015/11/23/response-to-concerns-regarding-edellroot-certificate Additional, I have added a script request on FixitScripts, ...more »
Need the ability to better control vulnerability scans, specific the ability to select what should be classified as a vulnerability on client basis - Examples: Shutdown enable for all users on workstations. Find it hard to believe that is considered a vulnerability – users need to be able to shutdown PCs. Admin Shares are required and need to be inplace – part of Windows default install enable these.
The feature "Active Discovery" was a great enhancement for MAX RM. Finally, the Agent starts to discover the customer's subnet, too, and you can have a deeper look into his infrastructure. This is a step towards the right direction, but there's more you could add on top of "Active Discovery". How about "Network Analysis". Please, let us have a deeper look into the customer's subnet with the possibility to collect and ...more »
Some checks in GFI Max are forced by the product but not necessarily relevant to all of our customers. For instance, for some of our customers, we're not concerned if their vulnerability check fails every once in a while. It would be nice to be able to disable the "red x" for these checks so that the dashboard alerts are cleaner. For instance these customers would show white in dashboard where the customers who show ...more »