Vulnerability Remediation Using Configuration Scripts

You can use configuration scripts to remediate vulnerabilities in Windows assets. The vulnerabilities identified on assets are remediated by deploying a job that includes missing patches and configuration scripts. By executing the configuration scripts, we can ensure that the vulnerability is completely fixed and not just patched.

Prerequisite: Windows Cloud Agent version 5.7.0

You can remediate or fix such vulnerabilities by adding them to a new or existing patch job from the Vulnerability Management, Detection and Response (VMDR) application.

Following the VMDR Prioritization workflow allows you to remediate individual or multiple vulnerabilities. 

Remediating an individual vulnerability at a time:

Remediating multiple vulnerabilities at a time:

Upon selecting the Add to New Job or Add to Existing Job option, you are navigated to the Patch Management application. While creating the job, the Manual Patch Selection option and the Include configuration charges checkbox are selected by default. 

Remediating Vulnerabilities by Creating a Job from Patch Management

You can create a QQL-based job from the Patch Management application by clicking Automated Patch Selection to remediate the vulnerabilities. 

1. To complete the first three steps, that is Basic Information, Select Assets, and Select Pre-actions, refer to Creating Patch Job for Windows Assets.

2. To select Patches, click Automated Patch Selection, enter the Vulnerability QQL, and select the Include configuration changes checkbox. 

3. Click Preview.

The missing patches on the assets are visible on the Patches tab, and the applicable Configuration Scripts included in the job are visible on the Config Changes tab.

4. Complete the Select Post-actions, Schedule, Options, Job Access, and Confirmation steps by referring to Creating Patch Job for Windows Assets.