Vulnerability scans of Symantec applications and appliances
search cancel

Vulnerability scans of Symantec applications and appliances


Article ID: 162433


Updated On:


Protection Engine for Cloud Services Protection for SharePoint Servers Protection Engine for NAS Messaging Gateway


A vulnerability scan has been run against a Symantec application, and one or more Common Vulnerabilities and Exposures (CVE) were reported by the scanner.


Symantec performs internal vulnerability scans of its products as part of the development and QA process, but recognizes the value of our customers doing independent validation of their organization's security posture.

To ensure that your organization is getting an accurate report please consider the following:

  • Run vulnerability scans against the latest release with all appropriate patches applied.
  • Run vulnerability scans against the normal operating configuration of the product.
  • Run vulnerability scans with a fully updated scanner that has the most recent set of signatures.

Even following these best practices, a vulnerability scan may return some CVEs or other vulnerabilities. For some products, Symantec patches vulnerabilities in libraries or protocols without updating the library or software version. This can result in false positives from vulnerability scanners which do an unsophisticated port and version number scan.

When contacting Symantec regarding the results of a vulnerability scan, please provide the full scan report, as well as details on the scanning software and version.