Old Active Directory users being listed

JLC_UK · 2023-08-16T10:07:30+00:00

There was an error rendering this rich post.

Clicking through the Exec Summary to a list of vulnerabilities, and I am seeing a lot of disabled windows active directory users being shown as the "account" with a problem.

These users may have used the endpoint, but have since been disabled, and the endpoint reassigned and a new user has logged using active directory.

If nothing else this makes the output of Bitdefender rather unhelpful to say the least.

Am I missing a stage here ? Shouldn't the endpoint report back with the correct username ?

Find more posts tagged with

Accepted answers

Flexx

https://community.bitdefender.com/en/discussion/96853/old-active-directory-users-being-listed

The reason why it is showing disabled Windows Active Directory users as the "account" with a problem is because it is using the Active Directory user account that was logged in to the endpoint when the vulnerability was detected. If the user has since been disabled, then the vulnerability report will be incorrect.

There are a few things that you can do to fix this issue:

1) Make sure that Bitdefender is properly synchronized with Active Directory. This will ensure that it is using the latest list of Active Directory users, including those that have been disabled.

2) If Bitdefender is already synchronized with Active Directory, then you can try to manually update the vulnerability report. To do this, go to the "Vulnerability Reports" page in Bitdefender and click on the "Refresh" button.

3) If the manual update does not work, then you may need to contact Bitdefender support for help.

In addition to the above, here are some additional things to consider:

1) It is possible that the disabled Windows Active Directory user is still able to access the endpoint, even though they have been disabled. This could be due to a number of factors, such as a misconfiguration in Active Directory or a security vulnerability on the endpoint.

2) If you are concerned about the security of your endpoints, then you should regularly review the vulnerability reports from Bitdefender and other security solutions. This will help you to identify any potential security risks and take steps to mitigate them.

3) You should also make sure that your endpoints are properly patched and up-to-date with the latest security updates. This will help to protect them from known vulnerabilities.

For more information, kindly contact the bitdefender business support by visiting https://www.bitdefender.com/support/contact-us.html?last_page=BusinessCategory

Additionally, @Alex_Dr or @Andra_B can have a look into this for you.

Regards

JLC_UK

Thank you. That makes sense and I have set the alerts to ignore as our AD isn't integrated with BitDefender. (I may look into that).

All comments