An individual vulnerability test is known as a HackerGuardian 'Plug-in'. Each individual plug-in is written to test for a specific vulnerability. These can be written to actually exploit the vulnerability or just test for known vulnerable software versions.
HackerGuardian is continuously updated with the latest plug-in vulnerability tests via a direct feed available to all PCI Scanning Service subscribers - providing up to the second security against the latest vulnerabilities. At the moment there are over 24,000 with more being developed and added weekly.
This area enables the administrator to choose which plug-ins are deployed during a scan. Plug-ins can be enabled or disabled by family type or on an individual plug-in basis.
Plugin families are listed in the left hand column, individual plugins are within those families listed in the right hand column.
Plugin Family Column
Contains a list of the Plug-in types by broad category.
Clicking the check button at the top of this column means you will include all plug-ins in all families.
Conversely, clicking means to deselect every individual plug-in in every plug-in family.
Individual plug-ins are grouped according to broad threat classification. Click the name of any plug-in family in the right hand column to display the full list of individual plug-ins of that family in the left hand column.
In the example above, the user selected the plug in family 'Windows'. The list of family members for Windows is shown in the right hand column.
Clicking next to a family name will select every plug-in in that family. Similarly, clicking will deselect all plug-ins in that family.
Left clicking on the individual plug-in name in the right hand column will open an advisory panel containing a description of the plug in. Plug-in advisories replicate the report message that failing this plug-in test would produce in the scan report.
Clicking next to an individual plug-in will omit it from the vulnerability scan.
As new threats and vulnerabilities emerge, new HackerGuardian plug-ins are developed to detect them. The HackerGaurdian PCI Scanning Service is automatically updated with these new additions as soon as they are released - ensuring your servers and network enjoy the maximum security from the latest threats.
You will receive an email notification every time new vulnerability test plug-in's are released if you check the appropriate alert box in E-Mail Alert Options
Note: Although the latest plugins are made available as soon as they are released, they are not implemented on a specific scan until they are actually deployed in the Plug in Family Column.
New plugins released but not yet enabled
This is a deliberate feature to ensure administrators keep the maximum control and knowledge over which tests are used against their servers.
To enable all the new tests, click at the head of the 'Plug in Family' section.
New plugins enabled
Click Save to record your preferences.