 |
|
SecPod Saner is an application to proactively assess and secure endpoint
systems. It identifies security loopholes, misconfiguration and missing patches
and automatically remediates to ensure systems remain secure.
Software Requirements
Operating System Supported:
All Microsoft Windows operating systems.
Hardware Requirements
If you have a Microsoft Windows operating system running in your system, Saner will be able to be installed.
Scanning is a process of inspecting all the software installed on the system, looking for security loop holes and settings and reporting it in an XML format.
Yes, there is a scheduler available with SecPod Saner, which can be configured by the user according to convenience. Click on settings page>> scheduler >> Alter the time for scheduled scan and update.
Remediation is a process of correcting the security loop holes and misconfigured security settings by installing patches and updates from the respective vendors or changing the security settings of the system, which can be done in two ways. If the user configures Saner to do remediation in interactively for each fix(security setting changes or software updates), the user will be prompted for the confirmation for the action. In the silent mode remediation will be done without notifying the user except for certain actions where user intervention is mandatory.
Yes, there is a scheduler available with SecPod Saner, which can be configured by the user according to convenience. Click on the settings page and select the scheduler tab. Alter the time for the scheduled scan and update. Also make sure that you have selected Auto Remediation option in the Remediation tab.
A definition is an OVAL Definition that is used to determine the existence of a vulnerability or configuration issue. OVAL is an XML based language that expands to Open Vulnerability Assessment Language. Definition is an XML representation of conditions and states that define a vulnerability in a particular system.
SecPod Saner treats all the softwares and applications that are installed in the system as assets.
SecPod Saner use color code to represent the severity of the vulnerabilities found on the System
RED - CRITICAL
ORANGE - HIGH
YELLOW - MEDIUM
PALE YELLOW - LOW
A Compliance is a set of rules for the settings of an application or a product that is defined for the security or satisfactory functioning of the system. A non compliant system is not obeying the rules set by the product.
Vulnerability is a weakness that allows an attacker to reduce a system's information assurance.
It can be described as a state in a computing system (or set of systems) which either:
allows an attacker to execute commands as another user
allows an attacker to access data that is contrary to the specified access restrictions for that data
allows an attacker to pose as another entity
allows an attacker to conduct a denial of service
or in simple words an information security vulnerability is a mistake in software that can be directly used by a hacker to gain access to a system or network.
Most of the vulnerabilities are due to mistakes or errors created at the time software is developed. Most of the known vulnerabilities are associated to an incorrect manner of dealing with the inputs supplied by the user of the system. If these inputs are not correctly processed before using them inside the program they can generate unexpected system behavior.
Most of the software vendors provide a security patch or update once they confirm the vulnerability in their product. On applying the vendor provided patches the confirmed vulnerability will be corrected. SecPod Saner uses vendor provided patches or updates for rectifying the vulnerability issues found on the system.
A patch is a piece of software that is designed to fix problems, or it can be an update to the program or its supporting data. Patching or updating is the process of applying the patch on the system.
A patch, by definition, is meant to fix software problems. To keep software problem/error free it is essential to apply all the patches provided by the vendor for the software.
Antivirus software deals with malicious programs that are present in the system, but it is not removing the chances of affecting the same malicious program on the system. And the majority of malicious programs make use of loop holes in the application software installed on the system. In that sense antivirus software is not removing the root cause of a malicious activity that is happening in the system.
Saner covers majority of the desktop applications. If you believe an application is not covered, please feel free to report your requirements to us. We have a team committed to meeting requirements.
Saner covers majority of the desktop applications. If you believe an application is not covered, please feel free to report your requirements to us. We have a team committed to meeting requirements.
Yes, even after restarting the system SecPod Saner will be active and ready to serve the duties according to the Schedule.
No, Internet access is only needed when you bring up the machine and to pull updates from the SecPod Saner Server.
There is a support link available on the product, by clicking that you will be able to reach us.
There is a support link available on the product, by clicking that you will be able to reach us.
If you are keen about what is happening while SecPod Saner is doing its duties you can check the install folder for log files.
No, currently SecPod Saner is available in 32bit architecture. How ever this can be installed on supported 64bit operating systems.
No, SecPod Saner is available only for Microsoft Windows.
CVE is a list of information security vulnerabilities and exposures that aims to provide common names for publicly known problems. The goal of CVE is to make it easier to share data across separate vulnerability capabilities (tools, repositories, and services) with this "common enumeration." CVE® International in scope and free for public use, CVE is a dictionary of publicly known information security vulnerabilities and exposures. CVE’s common identifiers enable data exchange between security products and provide a baseline index point for evaluating coverage of tools and services.
CCE is Common Configuration Enumeration, which is a collection of configuration settings. Each setting is uniquely identified by an Id termed as CCE ID.
Definition update is the process of downloading the newly released OVAL Definition from the SecPod Saner Server for the corresponding operating system in which Saner is installed.
There is a button available in the Home page of SecPod Saner for downloading Definitions.
Downloaded updates are saved in a folder named as "updates", which will be inside the Saner install folder.
Yes, a Saner user can configure the scheduler to do the update activity according to convenience. To do that the user must navigate to the Settings Page of the Saner and select the Scheduler tab.
Product upgrade is also integrated with the update(Download Definitions) feature of SecPod Saner. If Saner needs to be upgraded, the user will be prompted while doing the definition update.
Saner users can click on the scan button given in the home page of Saner whenever he desires to do a scan. Or the user can configure Saner to perform the scan at a particular time of day, Saners Scheduler will take care of the job, the only condition is system must be up and running at the provided time of day.
Normally no, Saner is downloading all the definitions that are relevant to your operating system. However if you are very particular about certain software you can contact us and we will configure that for you.
After each scan Saner prepares a detailed report of the system, which can be viewed on the reports page.
Non Compliance percentage is calculated based on total number of compliance settings required for your operating system versus the number of compliance settings present in the system
Saners status messages are shown on the right bottom of Saner.
Normally scanning takes only about 3-5 minutes, but it can vary according to the operating system and number of applications installed. But if you still feel it is never ending, you can click on the stop button given in the scanning section of Saner or you can try quitting the Saner by right clicking on Saner from System Tray and starting it again. Even after that if the message is not cleared you can try restarting the "SecPod Saner Agent" from system service, At any stage you can contact our support team for any kind of help.
Remediation is a lengthy process, time taken for it can vary according to the operating system and number of applications installed. But if you still feel that it is never ending, you can try quitting the Saner by right clicking on Saner from System Tray and starting it again. Even after that if the message is not cleared you can try restarting the "SecPod Saner Agent" from the system service. At any stage you can contact our support team for any kind of help.
Ensure that you are connected to the Internet. If Saner still shows Preparing Reports, you can try quitting the Saner by right clicking on Saner from System Tray and starting it again. Even after that if the message is not cleared you can try restarting the "SecPod Saner Agent" from the system service. At any stage you can contact our support team for any kind of help.
Subscription/License is for using the product and service for the agreed period of time. For each subscription SecPod Saner will be associated with a license key.
No, once your license/subscription is expired you should renew it. After subscription expiry Saner wont perform the Definitions update or Remediation.
Contact the SecPod Sales Team for purchasing a new license or renewing the license.
Risk is the number of vulnerabilities or misconfigurations associated with a software product or application.
Status is the state of the Remediation. It will be shown as a Green tick. The Fix button will be available if there is an issue and Saner can solve the issue. Remediation Not Available status indicates that Saner will not be able to Remediate the Asset. After remediation the Status may turn to a green tick or Red cross mark. Green tick indicates the remediation succeeded and Red mark indicates Remediation failed due to some unknown reason.
Fix is a software module or configuration setting designed to solve the security loop hole in the system or asset.
If there are issues Found on a Compliance Scan or in a Vulnerability Scan, Remediation can be done either by configuring the product to do auto remediation or by clicking the "Remediate All" button in the bottom of the report page or clicking in the individual fix button provided along with the asset name.
In the Saner Reports page, Asset Remediation information can be viewed by clicking the info button.
In Saner the report page an abort button will be available as soon as the remediation starts. You can click on the abort button and stop the remediation for an asset.
The provided abort functionality is completely safe to use. Saner will discard the abort request if remediation has already started installing the update.
Abort will take some time to take effect, as it will be difficult to terminate certain operations at once. In some other scenarios installation might have started, so Saner will discard the abort request. Since aborting at the installation stage could result in unstable system state.
For each fix, remediation info is available in the reports page by the side of the Fix button. You can click on the info button for more details about the fix.
Yes, The Saner report page has a Fix button enabled for each assets. You can click on these fix buttons for remediating each asset individually.
No. It is not possible to save the report from the Saner. Paid customers can login to SecPod Viser and view different kinds of report showing the security status of the system.
No. Currently Saner installer requires input from the user.
The Saner installer requires 60MB of hard dis space for its installing and it will grow up to a maximum of 250MB after the Definition update.
You will not be able to disable the product until you uninstall Saner from the system.
Go to Control Panel, click on Add/Remove Programs and double click on the SecPod Saner entry.
The SecPod Saner installer and all the component libraries and executable are digitally signed. You can verify the digital signature associated with each library and executable.
Go to the Settings Page of Saner and make sure Download cache directory is pointing to a valid directory. You can contact support team for further help.
Check your Internet connection, if issue is still not resolved contact support team.
SecPod Saner is shipped with a license key along with the installer. You can make use of the license for activating the product.
The activation key is a unique license key provided to customers, along with the SecPod Saner installer. The activation key is used for authenticating with the SecPod Saner Server and Communicating with the server. Without the activation key Saner will not function.
Make sure that the supplied license key is proper. If you still find it impossible to activate please contact support team for further help.
No, SecPod Saner is not designed to do remote Scan, with one Saner you can Scan only one machine which is the Saner installed machine.
Saner make use of the OVAL Definitions and inspects applications and software for vulnerabilities and misconfigurations and prepares a detailed report about the system in XML format. Users will be able to view the reports using Saner from the reports page.
Saner determines an asset is vulnerable or not based on the Vulnerability OVAL definition, in which the vulnerability is described in a machine readable format. Saner compares vulnerability details with the details of applications present in the system.
Saner determines an asset is compliant or not based on the Compliance OVAL definition, in which the Configuration settings is described in a machine readable format. Saner compares vulnerability details with the details of applications present in the system.
Each vulnerability is associated with a CVSS Score, which is calculated based on the exploitability of the vulnerability, impact of the vulnerability.
1. Vulnerabilities are labeled "Low" severity if they have a CVSS score of 0.0-2.0.
3. Vulnerabilities will be labeled "Medium" severity if they have a CVSS score of 2.0-5.0.
3. Vulnerabilities will be labeled "High" severity if they have a CVSS score of 5.0-8.0.
4. Vulnerabilities will be labeled "Critical" severity if they have a CVSS score of 8.0-10.0.
Yes. If the system feels slow, you can stop the current Saner activity or reschedule the job. Saner also provides an option of changing the scan mode to make scanning a light weight process by selecting the Low Scan Mode. For that, Navigate to Saner Settings page, select Scanner tab and choose the Low option for Scan Mode.
No. Scanning is irrespective of system changes except installation/uninstallation of applications and software.
Reports are getting uploaded to SecPod Viser, where the collective reports are available, if you are a paid customer you will be able to login and view the
overall status graphical reports by opening SecPod Viser
Is there a way I can stop uploading the reports?
No. Uploading reports cannot be avoided unless you are disconnected from Internet.
Scanning will fail for the time being, but you can rescan at any time or Saner will take care of it by the help of the available Scheduler.
Uploaded reports are available to view through SecPod Viser if you are a paid customer.
Login to SecPod Viser with the given user name and password. SecPod Viser is a platform where you can view various reports that projects security aspects of your machine/machines.
Yes. It is available in the report page. After a scan is done, navigate to the Saner Reports Page, and expand the asset that you want to view.
Outdated software is software that is no longer supported by the vendor. That means for the issue found on that application patches and fixes would not be available from the vendor.
When SecPod Saner finds that vulnerability exists, it consults SecPod Ancor for available patches for the vulnerability, and then Saner downloads the respective patch and applies it on the system. The remediation operation supports two modes which are INTERACTIVE and QUIET
It is rare to find scenario where you will find assets with a notification "Remediation Not Available". In this case you can try to patch/update the software yourself. If not possible you can choose not to use the product or uninstall it untill the patch is available from the vendor. Normally vendors will release patch/updates once they confirm the vulnerability.
Microsoft remediation is done by launching Microsoft automatic updates, in quiet mode respective apis are called which will silently update the patches without user intervention.
When interactive mode is selected for Microsoft products remediation, the Windows automatic update window is opened for the user to select and apply the patch.
No. Remediation is done based on the vulnerabilities/misconfigurations present in the system.
After Remediation the respective status will be updated in Saner's Report Page, and there will be live update available for each assets remediation.
Some remediation requires restarting the system. You can try restarting the system and remediate once again. If the issue is still not resolved, contact our support team for further help.
Remediation will be able to fix the majority of the vulnerability and misconfiguration issues found on the system, provided the application/software is not outdated and the vendor had released patches for all the vulnerabilities found on the software.
In the reports page along with the asset name, fix info is available. You can click on the info button and view details about the patch/update that is going to get applied on the system.
There are two types of scans available in SecPod Saner, which are
1. Vulnerability Scanning
Scans of security loop holes in software/applications.
2. Compliance Scanning
Scans for misconfigurations in software settings.
In SecPod Saner scanning can be configured to two different modes.
1. Low Mode
Saner uses minimal system resources when performing the scan, this might take longer to finish the scan compared to the other scan mode.
2. Full Throttle
Saner uses maximum system resources when performing the scan.
Scheduler is a feature of SecPod Saner that performs its duties with out any user intervention. Using the Scheduler one can automate the key features of Saner such as Definition Downloading, Scanning, Remediation.
Auto Remediate is a feature in which remediation happens automatically after every scan if there are vulnerabilities or misconfigurations.
Patch update server is the Server that is going to provide all the remediation patches/updates. Paid customers will be able configure their own update servers and configure Saner to download remediation updates from their update server.
Yes. It is possible to configure the product to download fixes from local servers, but this feature is only enabled for paid customers.
No. Definition updates can only be downloaded from SecPod Ancor. If you have any concerns about this behavior, you can always report it to us, we have a team ready to receive your feedback and provide you a solution.
Currently no. Current supported language is English. Please contact the support team for further enhancements of the product.
Two modes of Remediation can be configured with SecPod Saner.
1. Interactive Mode installation
In this mode the user will be prompted for installing patches and updates. In case of Microsoft product updates, Saner launches Windows Automatic updates and you can choose to do hotfixes and updates.
2. Quiet Mode installation
Quiet mode will install the patches and updates with out any user intervention, unless it is mandated by the update.
Yes, by selecting quiet mode of remediation you can configure Saner to do remediation without intervention.
Default patch/update server is SecPod-Default, which provided from SecPod includes all the latest software patches with signature validation support, where authenticity of each patch/update is verified and installed.