Pro Tips #12: Log4j and Lansweeper

Posted: Friday, December 17, 2021 1:22:05 PM(UTC)

Esben.D

Member Administration Original PosterPosts: 2,165

Log4j has been dominating most people's week, so in that spirit, we'll keep going. Find out how Lansweeper can help with log4j in my latest Pro Tips blog post.

Reply to

Options

#1 LightUpDiFire Member Posts: 4

posted: 1/20/2022 12:50:30 PM(UTC)

Hello,
Would be great to understand a little bit more about the report,

As an example, we receive 500 devices with different software listed, few examples of the software:
Cisco AnyConnect Secure Mobility Client;
Dell Command | Update;
FortiClient VPN;
Dell Power Manager Service;
Dell Optimizer Service;
McAfee VirusScan Enterprise;
Dell SupportAssist Remediation;
VMware Tools;
McAfee Product Improvement Program;

Does this mean that all those devices, where the above software is detected, are vulnerable?
As an example, it is a software of normal work laptop and for sure vendors of the software are aware of the Log4j and works on updates, most of the software run locally on Windows devices and devices are behind Windows Firewall and Defender... I just try to understand the risks of the report detections.

Best regards,
LightUp

#2 Esben.D Member Administration Original PosterPosts: 2,165

posted: 1/27/2022 12:23:47 PM(UTC)

I think I replied to your other thread as well, but the explanation on the report's page should clear it up.

"The report below is based on a software GitHub list created by the Dutch national cyber security center. The report lists all software in your environment for which the publisher matches with one of the publishers listed by the Dutch cyber security center that had at one point vulnerable software. The software found can be cross-checked with the Github software list to view the most recent Log4j vulnerability status."

https://www.lansweeper.c...lnerable-software-audit/