Scanning applications for vulnerabilities
Dec 4, 2023
If you have configured the application through the quick start wizard, the Vulnerability scan task is created automatically. You can view the task in the Managed devices folder, on the Tasks tab.
To create a task for vulnerability scanning in applications installed on client devices:
- In the console tree, select Advanced → Application management, and then select the Software vulnerabilities subfolder.
- In the workspace, select Additional actions → Configure vulnerability scan.
If a task for vulnerability scanning already exists, the Tasks tab of the Managed devices folder is displayed, with the existing task selected. Otherwise, the Find vulnerabilities and required updates task creation wizard starts. Follow the steps of the wizard.
- In the Select the task type window, select Find vulnerabilities and required updates.
- On the Settings page of the wizard, specify the task settings as follows:
- Search for vulnerabilities and updates listed by Microsoft
- Search for third-party vulnerabilities and updates listed by Kaspersky
- Specify paths for advanced search of applications in file system
- Enable advanced diagnostics
- Maximum size, in MB, of advanced diagnostics files
- On the Configure task schedule page of the wizard, you can create a schedule for task start. If necessary, specify the following settings:
- Scheduled start:
- Run missed tasks
- Use automatically randomized delay for task starts
- Use randomized delay for task starts within an interval of (min)
- On the Define the task name page of the wizard, specify the name for the task that you are creating. A task name cannot be more than 100 characters long and cannot include any special characters ("*<>?\:|).
- On the Finish task creation page of the wizard, click the Finish button to close the wizard.
If you want the task to start as soon as the wizard finishes, select the Run the task after the wizard finishes check box.
After the wizard completes its operation, the Find vulnerabilities and required updates task appears in the list of tasks in the Managed devices folder, on the Tasks tab.
In addition to the settings that you specify during task creation, you can change other properties of a created task.
When the Find vulnerabilities and required updates task is complete, Administration Server displays a list of vulnerabilities found in applications installed on the device; it also displays all software updates required to fix the vulnerabilities detected.
If the task results contain the 0x80240033 "Windows Update Agent error 80240033 ("License terms could not be downloaded.")" error, you can resolve this issue through the Windows Registry.
Administration Server does not display the list of required software updates when you sequentially run two tasks—the Perform Windows Update synchronization task that has the Download express installation files option disabled, and then the Find vulnerabilities and required updates task. In order to view the list of required software updates, you must run the Find vulnerabilities and required updates task again.
Network Agent receives information about any available Windows updates and other Microsoft product updates from Windows Update or the Administration Server, if the Administration Server acts as the WSUS server. Information is transmitted when applications are started (if this is provided for by the policy) and at each routine run of the Find vulnerabilities and required updates task on client devices.
You can find the details of third-party software that can be updated through Kaspersky Security Center by visiting the Technical Support website, on the Kaspersky Security Center page, in the Server Management section.