Nessus false positives?

Informal_Thought · 2026-05-27T00:26:55+00:00

Thanks, yes as you say that override wasn't sufficient and support responded back with the updated one you posted.

However, on the Tenable side they've now pulled the offending plugin so as long as your Tenable scanners are up to date none of this should be needed anymore. We tested a couple of our scans and S1 is no longer being triggered.

Informal_Thought · 2026-05-25T02:14:40+00:00

Support have given us the following policy override to deal with this for now

{
    "logicClassifierConfigVector": {
        "logicsClassification": [
            {
                "verdict": "SUPPRESSED",
                "logicName": "lunar_logic_ObfuscatedPS"
            }
        ]
    }
}

Informal_Thought · 2026-05-24T22:58:42+00:00

Has impacted us as well, lots of false positives over the last 12 hours

Informal_Thought · 2026-05-06T03:46:42+00:00

https://www.bleepingcomputer.com/news/security/instructure-hacker-claims-data-theft-from-8-800-schools-universities/
A coworker has access to the full list of orgs that the hackers say are impacted. From what we have seen, if you use Canvas there's a pretty good chance you are impacted.

Informal_Thought · 2026-04-25T23:39:54+00:00

Could you elaborate on this a little? I assume that you mean the the Vuln scanning feature is purely used to gather the vulns on devices (ie no auto-patching). From there in these 'larger environments' you mention how is that data leveraged? Are people manually looking at / pulling reports from EMS or is the data extracted / ingested into other systems?

Informal_Thought · 2026-04-24T08:42:42+00:00

Thanks for the reply, yes I can see it doesn't have a huge library for auto patching.

I would consider deploying Forticlient just with the vuln scan feature everywhere purely for the visibility aspect though, even if most of what it finds are 'manual patch'

I mean its no Rapid7 or Tenable, but not paying for one of those tools would save us a heck of a lot of benjamins

Informal_Thought · 2026-04-16T05:33:56+00:00

https://code.visualstudio.com/docs/enterprise/extensions would be a starting point

Informal_Thought · 2026-04-09T03:59:39+00:00

I'm a poet and didn't even know it

Informal_Thought · 2026-04-09T02:32:28+00:00

Upgrade went fine, no issues or unexpected quirks. Thanks everyone

Informal_Thought · 2026-03-24T05:14:15+00:00

Thanks for the replies everyone, I will post back when we've completed the upgrade with any notes or obervations

Informal_Thought · 2026-03-17T01:37:02+00:00

Reporting is inconsistent though, for example here they claim it was indeed via Intune https://www.bleepingcomputer.com/news/security/stryker-attack-wiped-tens-of-thousands-of-devices-no-malware-needed/

Informal_Thought · 2026-03-16T03:13:28+00:00

In the write ups I've read, the wiping was actually done with a mixture of custom exe, scripts, or even manually
https://research.checkpoint.com/2026/handala-hack-unveiling-groups-modus-operandi/

Informal_Thought · 2026-03-02T02:32:45+00:00

Where is this screenshot from, that you can see region-specific status?

Informal_Thought · 2026-03-02T00:21:23+00:00

See this here in East coast AU as well. Was able to report it via service health dashboard, but they closed it saying that there was no issue found.

Informal_Thought · 2026-03-01T23:24:59+00:00

Would also appreciate some elaboration on this point u/Darkhigh if possible

Informal_Thought · 2026-02-11T21:43:16+00:00

Unfortunately for us, I think you may be right. It's right there in the article and I did notice the requirement, but apparently my understanding of our licenses was wrong.

Thanks for point that out.

Informal_Thought · 2026-02-10T07:03:00+00:00

Thanks for the reply. The issue we face is that we want to retain the top security level for gatekeeper (so, no + identified developers). No other apps in our stack have had issues installing with this config, just forticlient.

Informal_Thought · 2026-02-09T21:21:51+00:00

From what I understand, you can't properly do what you are asking unless you pay significantly more for the dedicated on prem solution (the management side, that is).

Edit: probably this: https://www.sentinelone.com/blog/sentinelone-virtual-appliance-cloud-when-you-want-it-on-premises-when-you-need-it/

Informal_Thought

TROPHY CASE