Overview

The major version upgrades of third-party software are not assigned a severity level by GFI LanGuard in the list of missing patches.

Root Cause

By default, the GFI LanGuard ignores major version upgrades when computing the vulnerability level.

Process

1. Create a backup of the XML file which by default is located in: <drive>\ProgramData\GFI\Languard <version>\ where <version> is the version number of GFI LanGuard and rename the backup copy to toolcfg_simple.xml.orig
2. Manually add this category in the XML file:

<Category Name="MajorVersionUpgradeOfTypeSecurityAffectsVulnerabilityLevelTwist"><Items>
<Item Name="Affects"><![CDATA[1]]></Item></Items></Category>

1. Save the file and close it.
2. Open the XML file in a web browser and make sure that it displays correctly as a valid XML.
3. Restart the GFI LanGuard Attendant service from the Services applet.