Capture Client application vulnerability detection is wholly unreliable
I'm curious what resources are being used to determine whether an application version installed on an endpoint has any known vulnerabilities. I have received some alerts from Capture Client for vulnerable versions here and there, but having just done a manual check, it seems that relying on this system would be a mistake.
As an example: Wireshark 3.6.1. In the details section for this app in the Capture Client Management console, it says, "This app has no known vulnerabilities."
MITRE and the NVD disagree, with one rated Critical, and three of the rest rated High:
CVE-2022-0586, CVE-2022-0585, CVE-2022-0583, CVE-2022-0582 (Critical), CVE-2022-0581
@mangonacre did you ever sorted this out? On my SentinelOne Console (native, not CaptureClient) I finally saw the AppRisk for Wireshark 3.6.1 as critical on a macOS Client but 126.96.36.199 for Windows has no KnownRisk.
I already had a new version of Wireshark on that macOS Client but it took ages to make S1 realize that there is an updated version to evaluate. The App Inventory should be updated once a day, but I guess that varies.
SentinelOne considers Application Vulnerability Detection as Beta and might get an complete overhaul in the future (no ETA on that).