Just seeing if anyone has found a good solution to this yet?
We do not scan for Microsoft patches at all. However i want to scan for some of them on certain machines.
My issue is if i set the vulnerabilities to scan then ALL of our machines will start to scan for the them which increases our production scan time by quite a bit.
I know how to only update certain machines that bit is easy but there is only one scan folder - the minute you set the vulnerability to scan your entire estate will scan for those patches..
maybe i am having a bad day but a solution is not jumping out at me!
I thought about cloning the definitions and changing the detection rules but we are talking 2000 definitions... and even then the machines will still scan for them..
Is there a way using a new agent i can only scan for certain patches on certain machines? Or even using scopes cleverly?