Forum Discussion
Apache Log4j Detection Optimizations Summary: While the...
Why is the plugin scanning the whole file system without thorough checks enabled? I thought that was the point of the thorough checks option?
That is our standard requirement but after customer feedback and consideration for the prevalence of Apache Log4j files, it was decided make an exception and to no longer require thorough tests. Additionally, customers were omitting thorough tests in subsequent scans which was causing the vulnerability to appear remediated in T.io and T.sc. Also, customers did not want other plugins that use thorough tests to be run.
We are considering re-introducing the thorough tests requirement in the future but not at this time.
Thanks for the response. Given the operational impact of the scanning the entire file system that others are mentioning, it seems like there is no way around impacting the system except for disabling the plugin completely which is not ideal. If I enable thorough checks, I expect increased scan time and resource usage. I don't expect that from a standard authenticated scan.
An earlier article mentioned that a scan without thorough checks would check running java processes for log4j and a scan with thorough checks would also scan the file system. I still think this is a good functional separation to have.
Please can you confirm that the basic agent scan through tenable.io no longer carries out a full file system scan?
Wow, this is a pretty dramatic move... while I understand the intent behind the change, there is a reason people do not want to do entire file system checks (especially when you run daily Agent scans).
