Detecting Common Vulnerabilities and Exposures

With Harmony Endpoint, you can perform custom scans on endpoints for Common Vulnerabilities and Exposures (CVE) in applications.

Notes:

  • Supported only for Windows and macOS-based endpoints.

  • Supported with the Endpoint Security client version E87.10 and higher.

Configuring Posture Assessment Settings

Harmony Endpoint periodically scans endpoints against the list of applications specified on the signature server and detects vulnerable CVEs in applications.

00:00: Harmony Endpoint can scan and detect CVEs on your endpoints. This video shows how to automatically apply patch updates for detected CVEs. 00:09: Log in to the Infinity Portal. Access the Harmony Endpoint Administrator Portal and then go to "Policy" and "Access and " and then click "Compliance and Posture". 00:20: Make sure you have enabled Enable Vulnerability assessment and performed a scan either manually or automatically. 00:28: Select "Enable patch updates" and click "Advanced Settings". 00:32: Select "Enable automated patch management" 00:35: Fill in the required information such as "patch update time", "applications" and "severities" and so on and click "OK". 00:42: Click Save and Install. 00:45: As a final step, review the changes and click "Install". 00:49: Thank you for watching the video.

To configure the Posture Assessment Settings:

  1. Go to Policy > Access & Compliance.

  2. In the Capabilities & Exclusions pane on the right, click the Compliance & Posture tab.

  3. Scroll-down to Posture Assessment Settings.

  4. Select the Enable Vulnerability assessment checkbox.

  5. Select the scan type:

    • To manually start the scan, click Manual.

      Note - To start the scan for the first time:

      1. Go to Asset Management > Computers.

      2. Select the devices for which you want to scan.

      3. Right-click and select Vulnerabilities > Scan Now.

      You can start subsequent manual scans by clicking Scan Now in Asset Management > Posture Management or by using the Run Diagnostics push operation.

    • To automatically start the scan, click Automated and specify the Interval (Weekly or Monthly), at (time) and every (frequency in days).

  6. Under Update server type, select the signature server:

    • External Check Point Signature Server

    • Other External Source

      • Under Path, enter the URL of the external source.

  7. To enforce the patch updates and reboot the endpoint immediately, select the Enable patch updates & reboot enforcement checkbox. To apply patch manually, see Applying the Patch for CVEs.

    • To allow users to postpone patch updates, specify Max user delay in patch update and Force patch update after in hours or days.

  8. To enforce the patch updates, select the Enable patch updates checkbox:

    Note - To apply patch manually, see Applying the Patch for CVEs.

    • To allow users to postpone patch updates, select the Enable patch updates & reboot enforcement checkbox and specify Max user delay in patch update and Force patch update after in hours or days.

    • To enable automatic patch updates, click Advanced Settings and select the Enable automated patch management checkbox:

      Note - This is supported only with Harmony Endpoint Security ClientClosed Application installed on end-user computers to monitor security status and enforce security policies. version E88.20 and higher.

      1. To specify the interval for patch updates, from the Set automated patch on list, select Interval, Weekly or Monthly and specify the interval.

      2. In the Applications section, specify the application to which you want to apply the patch and select:

        • All applications

        • Select specific applications. Search and select one or more applications.

      3. In the Severities section, specify the severities to which you want to apply the patch and select:

        • All Severities

        • Select specific severity. Search and select one or more severities.

      4. To exclude an application from applying the patch, in the Exclude applications section, search and select one or more applications.

  9. Click Save.

  10. At the top, click Install Policy.

After you enable Posture Assessment settings and install the policy, you can view the detected CVE and its CVSS score in the Viewing Endpoint Posture .