Overview

A vulnerability check against the 'startup type' of a service (automatic, manual, disabled) does not return accurate results.

For example, when checking if a service's startup type is set to disable, the check should return TRUE if the service is set to disable. In this case, the vulnerability check always returns as TRUE regardless of the state of the service.

Environment

LanGuard 2011 build 20110509, SR1 build 20110817

Root Cause

This vulnerability check issue is a product defect which has been resolved for LanGuard 2011 in SR2.

Resolution

Please upgrade to LanGuard 2011 SR2 or higher to resolve this issue.

Furthermore, it is crucial to meet the following requirements of the scan profile:

• The service name must be used and NOT the display name (e.g. 'AudioSrv' and NOT 'Windows Audio')
• The strings for the service name and values are case sensitive (e.g. 'AudioSrv' as the service name and 'running' as the value)
• The following audits under Network & Software Audit Options > System Information must be enabled:
  • Retrieve basic OS information by SMB 
  • Request server information (recommended)
  • Enumerate services