The most important statement to clarify here regarding Holm Security VMP scanning engine – It is designed for the purpose to detect vulnerabilities and to be a safe process as possible.
If any application crash during a scan you should treat this as potential vulnerabilities on your network.
Contact the application vendor of the affected service/application to find out if there are any software patches or known configuration issues that may prevent this behavior. If there are no known issues/fixes, then there are several possible reasons for such occurrences, which should be raised with the vendor in question:
- When performing a vulnerability scan, Holm Security will attempt to safely connect to and query hosts over TCP/IP, performing several different types of inquisitive actions. What can happen with older devices, single-purpose devices, custom OS or protocol implementations, and other types on non-general-purpose computing assets (i.e. Windows, MacOS or Linux hosts), is that the implementation of TCP/IP for the given asset has not been designed to account for or accommodate this kind of communication.
This situation can lead to failures for a reasons such as (but not limited to): insufficient memory specific to TCP/IP stack leading to small amount of probes consuming it all and causing DoS or unsafe handling of standard TCP/IP communication mechanism leading to the TCP/IP implementation crashing and causing DoS. If you are seeing this happen with a device or product in your environment, we suggest you reach out the vendor and follow-up with them, because the techniques we are using to probe are widely understood and commonly used, so any attacker interested in attacking these hosts will be able to do so.
- Ensure your operating systems is fully up-to-date with the latest software patches.
- Review and remediate all detected vulnerabilities possible, especially high and critical severity items.
- Check the scan settings in your scanning profile if you are conducting any Potentially dangerous tests.
- You can also choose to exclude that specific port in your scanning profile, preventing Holm Security scanner to try and communicate with that port.
- To minimize any potential operational impact, you may decide to scan these systems during a maintenance window or when the system is less used.