ESET Online Help

Search English
Select the topic

Vulnerabilities

The Vulnerabilities section provides an overview of detected vulnerabilities on computers. The computer is scanned to detect any installed software vulnerable to security risks. Automated scanning with instant reporting to the console allows you to prioritize vulnerabilities based on severity, manage security risks and allocate resources effectively. Multiple filtering options allows you to identify and focus on critical security issues.


note

Prerequisites

To view and enable ESET Vulnerability & Patch Management, ensure you have one of the following tiers:

ESET PROTECT Elite

ESET PROTECT Complete

ESET PROTECT MDR

ESET PROTECT MDR Ultimate

You can enable ESET Vulnerability & Patch Management on computers running:

ESET Management Agent version 10.1+

ESET Endpoint Security for Windows version 10.1+

ESET Endpoint Antivirus for Windows version 10.1+

ESET Server Security for Microsoft Windows Server version 11.0+

ESET Mail Security for Microsoft Exchange Server 11.0+

ESET Security for Microsoft SharePoint Server 11.0+

ESET Endpoint Security for macOS version 8.0+

ESET Endpoint Antivirus for Linux version 11.0+ (Patch Management not available). Vulnerabilities detection is currently supported only on the following operating systems:

Ubuntu Desktop 20.04 LTS

Ubuntu Desktop 22.04 LTS

Ubuntu Desktop 24.04 LTS

Red Hat Enterprise Linux 8 with supported desktop environment installed

Red Hat Enterprise Linux 9 with supported desktop environment installed

Linux Mint 20

Linux Mint 21.1, Linux Mint 21.2

ESET Server Security for Linux version 11.0+ (Patch Management not available)


important

ESET Vulnerability & Patch Management is not supported on ARM processors.

Enable Vulnerability & Patch Management

1.Click Computers.

2.Select the computer/group where you want to enable Vulnerability & Patch Management.

3.Select Configure Solutions and click Enable Vulnerability & Patch Management.

4.In the Enable ESET Vulnerability & Patch Management window:

a.Verify the Auto-patch management for applications toggle is enabled to automatically apply missing patches to the selected computers.

b.Verify the Operating system auto-updates toggle is enabled to automatically apply OS updates to the selected computers.

c.Targets—keep the default (All devices) or select the targets (computers, static or dynamic group).

d.Optionally, select Always enable on new devices. This option is displayed when you selected All devices.

5.Click the Enable button.

cloud_enable_vapm_eset_solutions

When Vulnerability & Patch Management is enabled:

The icon_vulnerabilities Vulnerabilities icon appears next to the computer name.

You can see the Vulnerability & Patch Management tile with the Active status in computer details.


note

Some applications may restart the computer automatically after an upgrade.


note

Some applications (for example, TeamViewer) can be licensed to a specific version. Revise your applications. To avoid an unnecessary upgrade, set Auto-patch strategy > Patch all except excluded applications while creating a policy.

View Vulnerabilities

You can view Vulnerabilities from several places:

Click Vulnerabilities in the main menu to open the Vulnerabilities section and view a list of vulnerabilities.

Click Computers > click the computer and click Details > in the Vulnerability & Patch Management tile, click Show vulnerabilities to open the Vulnerabilities section.

Click Computers > in the Vulnerabilities column, click the number of vulnerabilities on the selected computer to open the Vulnerabilities section.

Grouping of vulnerabilities

Select an option from the drop-down menu to group vulnerabilities:

Ungrouped—default view

Group by Application Name—vulnerabilities are grouped by vulnerable application name, with numbers of Affected Devices and Vulnerabilities. When grouped, click an application row and click Show Vulnerabilities to display vulnerabilities for the selected application.

Group by CVE—vulnerabilities are grouped by the CVE (Common Vulnerabilities and Exposure) number. A CVE is an identification number of a vulnerability. When grouped, click a CVE row and click Show Devices to display devices (computers) with the vulnerability.

Filtering the view

To filter, click Add Filter:

1.In some filters, you can select the operator by clicking the operator icon next to the filter name (the available operators depend on the filter type):

icon_equals Equal or Contains

icon_does_not_equal Not equal or Doesn´t contain

icon_greater_than_or_equal More

icon_less_than_or_equal Less

2.Select one or more items from the list. Type a search string or select the items from the drop-down menu in the filter fields.

3.Press Enter. Active filters are highlighted in blue.

Application name—the application name with the vulnerability

Application version—the application version

Vendor—the application vendor with the vulnerability

Risk score—vulnerability risk score from 0 to 100


note

Risk score—assesses the severity of computer system security vulnerabilities. A risk score is based on:

CVSSv2/CVSSv3

CVE popularity—indicates the vulnerability activity level

Compromised risk rate—indicates the number of devices with confirmed vulnerability

CVE lifecycle—indicates the time elapsed since the vulnerability was first reported

A risk score is indicated in:

yellow (0–40)—medium severity

red (41–100)—critical severity

CVE—a CVE (Common Vulnerabilities and Exposure) number, which is an identification number of a vulnerability

Muted vulnerabilities

Computer name—the name of the affected computer; click the computer name to view the details of the computer with the vulnerability

Category—vulnerability category:

oApplication vulnerability

oOperating system vulnerability

First seen—The date and time when the vulnerability was first detected on the device

OS type—Windows, Linux or macOS

Vulnerability preview

Click an application name to view vulnerability details in a side panel. Vulnerability preview manipulation includes:

icon_apply_later_defaultNext—displays the next vulnerability in the vulnerability preview side panel

icon_apply_sooner_defaultPrevious—displays the previous vulnerability in the vulnerability preview side panel

gear_iconManage content for Vulnerability Details—manages how the vulnerability preview side panel sections are displayed and in what order

remove_defaultClose—closes the vulnerability preview side panel

cloud_vulnerabilities_preview

Overall Impact—displays the overall impact of an application. It is a percentage of all risk scores of visible vulnerabilities. The visibility of vulnerabilities is affected by the selected static group and by filters: OS type, Muted vulnerabilities (the static group for the dashboard is your root group (usually All)).

 

For more information, refer to the list of apps covered in Vulnerabilities.

Mute/Unmute Vulnerability

You can mute or unmute vulnerabilities in several ways:

Click a row > select Mute Vulnerability/Unmute Vulnerability

Select one or more rows > click the Actions button > select Mute Vulnerability/Unmute Vulnerability

The muted vulnerability has a Muted flag. The purpose of the Muted state is to:

Exclude the vulnerability from the count for a specific computer in the Vulnerabilities column in Computers. If a vulnerability is muted, the total count of vulnerabilities on the device decreases.

Suppress the impact on related statistics in the ESET Vulnerability & Patch Management dashboard. The muted vulnerability is not considered in the data analysis and the representation on the dashboard.

Vulnerability scan

You can quickly scan a selected device for vulnerabilities and missing patches:

In Vulnerabilities, click the computer row and select Computer > Scan Device > Vulnerability scan

In Computers, click the computer row and select Scan Device > Vulnerability scan

In Computers, select the computer and click the Actions button, then select Scan Device > Vulnerability scan

In Computers or Vulnerabilities, select any group, click gear_icon then select Tasks > Scan > Vulnerability scan

Task Start vulnerability scan is scheduled to execute as soon as possible.


important

The task may have a higher demand on the device resources for up to 10 minutes.

 

You can create a report template with vulnerability data and then add the report to the Dashboard.

For more information, see Vulnerability & Patch Management FAQ.