Update to Microsoft Checks

Travis Finn, Consultant, CoalfireOne Scanning Services

Part of the glamorous life of an ASV involves a rigorous Quality Assurance program to ensure that we are the best ASV's we can possibly be. Some of those efforts are not as readily apparent to our clients as others; but on some occasions, we like to share when our work directly benefits those who trust Coalfire to help reduce their risk and simplify compliance.

Coalfire partners with Rapid7 to provide accurate, reliable vulnerability scans using Rapid7’s Nexpose vulnerability management software. While we do enjoy their company at industry events and so on, we also work hard together to ensure the services we offer to our clients meet the high standards of quality that are associated with our companies’ names.

A recent effort to minimize the number of False Positives affecting our clients has proven quite successful. Over several months, we combed through available data and found a number of potential Microsoft vulnerability checks, seen below, that looked like they could be improved. The very talented engineers at Rapid7 sprang into action and worked diligently to increase the accuracy of those checks, listed below:

We are very pleased to announce that the efforts of both of our teams have proven successful. We say this with great confidence as the changes were implemented several months ago and monitored closely thereafter to ensure we had the numbers to back up our claim of improved accuracy.

Our clients may already have noticed a reduction in the number of False Positives showing up when scanning their Microsoft devices. As stated above, this is no coincidence, but a very deliberate effort from two companies working together to bring the best product to market possible.

We have no intention of resting on our laurels, however. Quality Assurance is a continuous process, and one that we prefer to be data driven. Keep an eye on our blogs for future announcements and expert advice from your trusted friends in the vulnerability management world at Coalfire!

Travis Finn


Travis Finn — Consultant, CoalfireOne Scanning Services

Recent Posts

Post Topics



Accounting Agency AICPA Assessment assessments ASV audit AWS AWS Certified Cloud Practitioner AWS Certs AWS Summit bitcoin Black Hat Black Hat 2017 blockchain Blueborne Breach BSides BSidesLV Burp BYOD California Consumer Privacy Act careers CCPA Chertoff CISO cloud CMMC CoalfireOne Compliance Covid-19 credit cards C-Store Culture Cyber cyber attacks Cyber Engineering cyber incident Cyber Risk cyber threats cyberchrime cyberinsurance cybersecurity danger Dangers Data DDoS DevOps DevSecOps DFARS DFARS 7012 diacap diarmf Digital Forensics DoD DRG DSS e-banking Education encryption engineering ePHI Equifax Europe EU-US Privacy Shield federal FedRAMP financial services FISMA Foglight forensics Gartner Report GDPR Google Cloud NEXT '18 government GRC hack hacker hacking Halloween Health Healthcare heartbleed Higher Education HIMSS HIPAA HITECH HITRUST HITRUST CSF Horror Incident Response interview IoT ISO IT JAB JSON keylogging Kubernetes Vulnerability labs LAN law firms leadership legal legislation merchant mobile NESA News NH-ISAC NIST NIST 800-171 NIST SP 800-171 NotPetya NRF NYCCR O365 OCR of P2PE PA DSS PA-DSS password passwords Payments PCI PCI DSS penetration Penetration Testing pentesting Petya/NotPetya PHI Phishing Phising policy POODLE PowerShell Presidential Executive Order Privacy program Ransomware Retail Risk RSA RSA 2019 Safe Harbor Scanning Scans scary security security. SOC SOC 2 social social engineering Spectre Splunk Spooky Spraying Attack SSAE State Stories Story test Testing theft Virtualization Visa vulnerability Vulnerability management web Wifi women XSS