Author Topic: hackerguardian ASV Scanning Service for PCI Compliance fake checks  (Read 1096 times)

Offline shoko

  • Newbie
  • *
  • Posts: 5
After dozens of scans one morning hackerguardian decided that my 5 of my servers changed operating system from windows 2012R2 to windows 2003.
as you know windows 2003 end of life so I failed with my scan.

I open a ticket and comodo support team send me back to make sure that I don't use windows 2003
Since my servers hosting in Amazon cloud (EC2) and they not support OS windows 2003 I replay back to comodo support team that windows 2003 not supported on Amazon.
It looks that I did not convince them and they send me to check my OS with Amazon system Administrator  >:(

In short, instead of checking and fixing their bug they throw you to hell and cover the bugs with "false positive"

If they can't detect an operating system I doubt if they know to identify real problems.






Offline RossPH

  • Newbie
  • *
  • Posts: 24
Re: hackerguardian ASV Scanning Service for PCI Compliance fake checks
« Reply #1 on: December 03, 2015, 12:53:00 PM »
We regularly update our scanning engine with new plugins which detect new vulnerabilities and issues.  Unfortunately a new plugin has suffered from false positives when scanning your servers.  We're looking into this issue and will correct it as soon as possible.  All scanning engines suffer from detection of false positives and it does not indicate that real vulnerabilities are missed.  External PCI scanning relies on the information that can be obtained from publicly accessible services which is often limited. 

Offline shoko

  • Newbie
  • *
  • Posts: 5
Re: hackerguardian ASV Scanning Service for PCI Compliance fake checks
« Reply #2 on: December 05, 2015, 11:40:44 AM »
If your new plugin has suffered from false positives your customers don't need to have "black note" on their reports.
You're forgetting that the reports sending to the banks and payment gateways.

The banks and payment gateways don't like to get report with false positives alerts specially when you detect OS Windows 2003 that end of life.




 

Seo4Smf 2.0 © SmfMod.Com Smf Destek