New Vulnerability Management Flagging Wrong OS and Unapplicable CVEs

[MattR 0]

We were able to apply the license and then create the policy under the Common Features policy to get this enabled.  We have noticed that at least two PCs running Windows 11 Pro 22H2 are being flagged as Microsoft Windows 10 Pro 22H2.  It shows a significant number of vulnerabilities, when checking on many of them, it appears that it is only flagging because it doesn't see the Windows 10 KB installed.  When trying to install applicable patches/rollups for Windows 11 to address the vulnerability, it is already installed.  The PCs are both current on the latest Monthly Rollups, so likely have few known Windows-related vulnerabilities. 

I suspect its mechanism of determining what OS for vulnerabilities is just looking at 22H2 and not taking into account there are versions for Windows 10 and 11 that have the same version.  In the computer details, both PCs are identified correctly in the Cloud Console as Windows 11 Pro 22H2.

[MattR 0]

I unactivated the license and re-activated it, appeared to help reduce the numbers so far (still have a couple on one of the PCs), but I think its still working on scanning for vulnerabilities, so not sure if they will re-add at some point. 

[bbdokken 1]

I can confirm I am seeing the same behavior. Win 11 systems are detected as Win 10. Patches are up to date but vulnerabilities patched in this month's updates are shown as missing. 

[MattR 0]

I have found applying the Google Chrome and Microsoft Edge patches don't appear to actually apply.  I no longer have the false positives with the Windows 11 machines, so I guess my deactivate/reactivate issue fixes it.  On the PCs we forced the update on, it had to reboot them.  I am hoping it will auto update and not need reboots on the others, but time will tell.

[bbdokken 1]

Today, Monday 24 July, everything looks correct. I haven't made any changes, so thanks for fixing that ESET.

[MattR 0]

We have seen that fixed as well.  So far we haven't had any success with the patch management upgrade at all.  Edge, Chrome, Adobe Acrobat DC, Teamviewer.  None look like they actually update anything yet when kicking out the upgrade. Not sure if it's an issue with the application being local to the profile vs the PC or not.

[remosito 0]

are having the win 10 vulnerabilities showing for win11 pcs as well. Disable/Re-enable didnt fix it so far.

 

In addition. Patch List is still showing a patch for software on a PC for which I deinstalled the software last week. At least the corresponding vulnerability disappeared... in the computer -> details -> installed software it is not showing up anymore too.

 

It seems just patch list doesnt seem to get updated...

Edited August 9, 2023 by remosito

[bbdokken 1]

The vulnerabilities showing because Win 11 was identified as Win 10 was fixed until today. Today all my Win 11 machines are shown as Win 10 and a list of vulnerabilities. 

[remosito 0]

the misidentified as win10 of our win11 pc vulnerabilities have disappeared now.

 

The patch list is still showing a patch for software on a machine for which that sw actually got deinstalled a couple of weeks ago. 

[MattR 0]

We are just starting to roll out eSet, so only getting more PCs with other applications that have patches available now.  Almost all the patches we try to roll out from the console don't really appear to work.  So far only Fox IT reader has upgraded and went away.  Libre Office, Firefox, Zoom, Teamviewer, Chrome/Edge, etc. do not seem to work.  I suspect most of those are installed in profile, but not sure about LibreOffice though being installed like that.