Testing Secpod Saner Personal vulnerability scanner. SecPod Technologies is an information security products company located in Bangalore, India. They are also known as top OVAL Contributor and NVT vendor for OpenVAS. Besides the products designed for a big enterprises (vulnerability scanner Saner Business and threat intelligence platform Ancor), they have either vulnerability and compliance management solution for personal use – Saner Personal. And personal means that this scanner will scan only localhost. It’s free, SCAP-compatible, it has remediation capabilities. And it works. =)
Saner Personal is available for Windows, Linux and MacOS X. I have downloaded version for Windows here:
http://secpod.com/download-endpoint-security-software.html#
File SpSanerFree.exe 18.4 MB
I have installed it in Windows 8.1 Enterprise. Installation process is straightforward. No attempts to install bloatware. It took 47 MB. With downloaded SCAP content and scan results size folder “C:\Program Files (x86)\SecPod Saner” is 252 MB.
When installation was finished, SecPod Saner asked me to input CAPTCHA. No other registration was required.
Right after that it started to download and install SCAP-content: OVAL definitions for vulnerability and compliance scanning.
And without asking started system vulnerability and compliance scanning.
Full scan took about 2 minutes. No vulnerabilities were found. But there were 22 configuration problems.
When i clicked on “Click here for details” (under the frightened panda ^_^), Saner opened results section. Software inventarisation seemed ok. I think normally there should be an information about vulnerabilities, but unfortunately there were no vulnerable software on my host.
Compliance section were more interesting.
CCE links are going to scaprepo website.
Click on information icon opened a window with description of remediation process.
I have tested remediation of “Turn off Autoplay”.
Click on “Fix”. Queued… Installing… Fixed!
After performed remediation rescan is required.
Yep. One compliance issue is gone.
Settings. It is possible to set up modes for scanning (vulnerabilities and compliance), directory for OVAL content, scheduler for updates and scanning, automated remediation mode, proxy server for internet access and language (but only English is available).
SecPod Saner version 1.4.0.0 built on Sep 4 2015.
License for one year.
And finally, I wanted to mention that content is stored openly in standard format and you can always verify what OVAL definitions was evaluated on the host and how. All results are stored here, in “compliance” and “vulnerability” folders in OVAL Results and OVAL System Characteristics formats.
OVAL content from download.zip file.
MS_WIN8.1_VULNERABILITY-oval.xml
My conclusion: I liked it. Great product for personal use. Very fast and easy. It not only shows the problems that you have with your host, but literally makes your host more secure through automated remediation. And the fact that it is based on NIST/MITRE open security standards and the fact that this software works transparently for the end user makes it all much better.
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.
Pingback: Remediation capabilities of Vulnerability Management products | Alexander V. Leonov
Pingback: SteelCloud ConfigOS | Alexander V. Leonov
Pingback: ZeroNights16: Enterprise Vulnerability Management | Alexander V. Leonov
Pingback: Неожиданно победил в премии "Киберпросвет" | Александр В. Леонов