AnsweredAssumed Answered

QID 105489 false-positive?

Question asked by Britton Grim on Jan 26, 2015
Latest reply on Apr 4, 2018 by Michael Scheidell

Good day all,

 

A client of ours that is regularly scanned in the QualysGuard VM application via internal authenticated scans is encountering recurring issues surrounding QID 105489 (Microsoft Sync Framework SP1 Not Installed) on two of their Windows 7 workstations.

 

I insisted they isolate the two machines, then download and apply the suggested patch Qualys suggests (at http://www.microsoft.com/en-in/download/details.aspx?id=17616) so we could re-scan.  I wasn't going to put it past them to have missed something during a crunch-time as they're trying to be caught up for PCI audits.  This morning we re-scanned after the patch had been applied successfully to find the system still showing the same QID detection.

 

I know how the process works for PCI false-positive review, but what I'm curious about is:

 

  • How do I go about addressing this?
    • The suggested remediation action has been followed and yet the issue persists
  • Is there "false-positive review" process for anything other than PCI scans?
    • If not, how should this be handled?  An exception does not seem to fit this, as this is the scanner incorrectly identifying a vulnerability -- rather than an accepted business risk
  • Where should this be reported for review?
    • What type of information (e.g. scanid, etc.) needs to be provided for this to be looked into?

 

Thanks very much for any assistance anyone can provide -- my client has no idea where to go with this and I, frankly, am stumped on this one!

 

Regards,

B.Grim

Outcomes