-
Notifications
You must be signed in to change notification settings - Fork 571
Reporting false positives
This page describes how to submit reports of wes.py returning incorrect results. This way we have a complete set of information sufficient to properly investigate each case.
| Commandline | Description |
|---|---|
systeminfo > systeminfo_yyyyMMdd.txt |
Output of systeminfo command |
wmic qfe list brief > qfe_yyyyMMdd.txt |
List of patches installed according to the Win32_QuickFixEngineering WMI table |
wes.py systeminfo.txt > wes_yyyyMMdd.txt |
Output of WES-NG. Make sure to have the latest WES-NG definitions installed by running wes.py --update prior to executing the script. |
cscript listupdates.vbs > updates_yyyyMMdd.txt |
Determines the updates currently available for the system by checking Microsoft Update [1] |
Make sure to replace yyyyMMdd with the YearMonthDay of today (for example 20190226 -> systeminfo_20190226.txt) so the approperiate WES-NG definition file can be located when investigating.
[1] Have Windows Update search for updates and output them in a table. The listupdates.vbs script is available from the validation folder and works from Windows 7 onwards. Make sure you are connected to the Internet while executing it, and in case the results don't match the results from the regular Windows Update tool, it sometimes helps to run it again.
Examples are available in the validation/systeminfos/falsepositives folder.
Zip the above files into a single archive and attach it to the issue created at the issues page. Make sure to add the 'false positive' label to the issue.