The Setup wizard installs reports that allow you to examine the vulnerabilities discovered on the client computers. Setup installs the following new reports in the Vulnerability Assessment category:

• Severity of vulnerabilities across all clients
  
  
• Count of computers with different vulnerability scores for a specific vulnerability type
  
  
• Computers with a vulnerability score for a specific vulnerability
  
  
• Vulnerability details for a specific computer
  
  
• Extended vulnerability details for a specific computer
  
  

The data for the reports comes only from clients that have returned hardware inventory after running the vulnerability assessment scan tool. The following section details the suggested order to view the reports.

Start with Severity of vulnerabilities across all clients. This report displays the severity level for each vulnerability discovered by the scan. A high severity can indicate a high number of computers with a low vulnerability score, a low number of computers with a high vulnerability score, or a high number of computers with a high vulnerability score. If you have a high percentage of computers with no status, it means they do not have that vulnerability. If you have a large number of clients that have not returned inventory, verify that those clients are able to receive and process the advertisement for the vulnerability assessment tool.

For each vulnerability in Severity of vulnerabilities across all clients, click the link for more information about that vulnerability in your environment. When you click the link, you go to the report Count of computers with different vulnerability scores for a specific vulnerability type. Each vulnerability is given a score and a verbal description. The description should indicate which vulnerabilities require more attention and which are advisory. For example, a description of Check Passed is desirable but Check Failed (Critical) should be investigated.

To see which computers are affected by a particular vulnerability, click the link from Count of computers with different vulnerability scores for a specific vulnerability type to go to the Computers with a vulnerability score for a specific vulnerability report.

To see all of the vulnerabilities for a single computer, click the link from the Computers with a vulnerability score for a specific vulnerability report to go to the Vulnerability details for a specific computer report.

To see the extended details for a specific computer, click the link from Vulnerability details for a specific computer report to go to the Extended vulnerability details for a specific computer report.

Resource Explorer might be useful to verify that a computer has reported vulnerability information during hardware inventory, but reports are easier to interpret and act upon.

1. In the SMS Administrator console, expand Collections and click the collection that contains computers for which the software updates details are required. In the right pane, you can see all the computers in this collection.

2. Right-click the computer, point to All Tasks, and click Start Resource Explorer. The Resource Explorer window opens.

3. Expand Hardware, and click the System Vulnerabilities node. To better understand what the vulnerability ID and score mean, refer to Investigating Vulnerabilities.

4. Click the System Vulnerabilities Detail node. Some vulnerabilities do not have detail, so the list displayed here may be different from the list displayed in the System Vulnerabilities node.

Concepts

Other Resources