KEV Scanner Policy Action Management
BigFix provides four utility tasks to facilitate the deployment, execution, and configuration of the Known Exploited Vulnerabilities (KEV) Scanner. The KEV Scanner is necessary to identify certain CVEs (for more details on which CVEs require the KEV Scanner, refer to BigFix Wiki at BigFix Known Exploited Vulnerabilities (KEV) Content Pack).
- Task 100: Deploy KEV Scanner. This task is used to produce a policy action to deploy the KEV Scanner on endpoints in your environment.
- Task 110: Remove KEV Scanner. This task is used to remove the KEV Scanner and any artifacts on an endpoint.
- Task 120: Manage KEV Scanner Settings. This task is used to manage settings on an endpoint, where the KEV Scanner is deployed.
- Task 130: Execute KEV Scanner. This task is used to periodically execute the KEV Scanner on the endpoint.
Note: You can prevent the KEV Scanner from being executed on any
device by applying the
KEV_Deny
client setting with the value as 1
on that device. For more information on client settings and how to apply them, refer
to List of settings and detailed
descriptions.Included Directory Paths/Excluded Directory Paths
These are path wildcards that can be leveraged to direct the scanner on where or where not to search. These wildcard paths may leverage environment variables, ? for signal character matching, and * for zero or more character matching.
-
CPU Throttling Threshold
- This setting limits the CPU Utilization of the scanner on the endpoint to roughly a certain percentage of the CPU.
- Default: 100