Search:

Contact Sales:  US: +1.888.266.6361  International: +1.703.581.6361

You are here : Comodo HackerGuardian > HackerGuardian Support

View Report

To view Daily Scanning Audit Report select View Report in the Daily Scanning section of the interface (as shown below).

The following screen appears:

The Daily Scanning Audit Reports section has the following columns.

  • Report - shows the scan report.
  • Domain - shows domains' names.
  • Time ( Request | Start | End | Scan Time) - shows the Date, Time, and period of the performed Scan.
  • Status - shows whether the scan has been completely performed or not. If completely performed then the Status is shown . If not completely performed then the Status remains .
  • TrustLogo Status - shows whether the scan has been passed or not. If completely passed then the Status is shown .

To view the report click on the View button listed under the Report column. The following screen with the summary appears.

 

Report in details

Under the summary information you can see a report in details:

In the Report List the IP which has been scanned, would be shown at the top of list.

The Report list displays sum of all vulnerabilities found during scan followed by detailed description of the vulnerabilities one by one, which states the reason for not permitting to enter the server.

Synopsis

The Synopsis provides a detailed description of the security hole. 

Based on the synopsis a vulnerability description is given. Beneath each synopsis is the Solution, Risk Factor and CVE.

Solution 

For each Security warning / Vulnerability,  there is an accompanying solution which will help administrators remediate the problem.

Risk Factor - Low | Medium | High

In the report list the Risk Factor shows the severity of the vulnerability.

Here NVD provides severity rankings of “Low”, “Medium”, and “High” in addition to the numeric CVSS scores but these qualitative rankings are simply mapped from the numeric CVSS scores:

  • Vulnerabilities are labeled “Low” severity if they have a CVSS base score of 0.0-3.9.
  • Vulnerabilities will be labeled “Medium” severity if they have a base CVSS score of 4.0-6.9.
  • Vulnerabilities will be labeled “High” severity if they have a CVSS base score of 7.0-10.0. 

CVE

The CVE list provides an index of standardized names for vulnerabilities and other information security exposures - CVE aims to standardize the names for all publicly known vulnerabilities and security exposures.

Examples of universal vulnerabilities include:

  • phf (remote command execution as user "nobody")
  • rpc.ttdbserverd (remote command execution as root)
  • world-write able password file (modification of system-critical data)
  • default password (remote command execution or other access)
  • denial of service problems that allow an attacker to cause a Blue Screen of Death
  • smurf (denial of service by flooding a network)

Examples of exposures include:

  • running services such as finger (useful for information gathering, though it works as advertised)
  • inappropriate settings for Windows NT auditing policies (where "inappropriate" is enterprise-specific)
  • running services that are common attack points (e.g., HTTP, FTP, or SMTP)
  • use of applications or services that can be successfully attacked by brute force methods (e.g., use of trivially broken encryption, or a small key space)

Each CVE name includes the following:

  • CVE identifier number (i.e., "CVE-1999-0067").
  • Indication of "entry" or "candidate" status.
  • Brief description of the security vulnerability or exposure.
  • Any pertinent references (i.e., vulnerability reports and advisories or OVAL-ID).

Reporting a False Positive

A false positive exists when HackerGuardian incorrectly detects a Security Hole (vulnerability of level 3,4 or 5) or if compensating controls exist elsewhere in the network's security infrastucture to offset or nullify the vulnerability.  

Administrators have the ability to submit suspected false postives to Comodo from with the security advisory itself (see below)

If  you think this is a legitimate false positive, click the 'Click here' link shown above. This will open the false postive reporting interface. (shown below).


  • Next, check the box 'You confirm that this security item is a false postive and has been fully patched/fixed on your server'. 

  • Important - administrators must include information in the text box detailing the patch or compensating control that they have deployed. If this space is left blank then the request will be automatically rejected

Click 'Save' to submit the report to the HackerGuardian technicians for analysis and verfication. The advisory will contain the following message to indicate that your submission is under review: 

Our support team will review the information provided to ensure it is satisfactory.

Confirmed as false positive by our technicians -  The vulnerability will no longer count as a security hole on your domain during the next scheduled Daily Scan.

For Example - If this false positive represented the only Security Hole on your host, then your domain will pass the  next Daily Scan. 

Not Confirmed as false positive by our technicians - The vulnerability/security hole is genuine - the administrator of the host must resolve the vulnerability by the time of the next daily scan in order to pass and gain certification.

General

PCI Scan Control Center