Supported Software

This article defines what Cyrisma can remediate directly through patching or configuration enforcement. It serves as an authoritative reference for supported third-party software patching and built-in security configuration remediations.

This content applies to remediation actions performed through Patch Manager and does not describe mitigation plans, which are covered separately as a governance and tracking mechanism.

Scope of Direct Remediation in Cyrisma

Cyrisma supports two primary categories of direct remediation:

• Software-based remediation through patching of supported third-party applications and Windows updates

• Configuration-based remediation for specific operating system security settings

If an item falls outside these categories, Cyrisma may still detect the issue, but remediation must be handled manually or tracked through mitigation plans.

Supported Third-Party Software for Patching

Cyrisma can directly patch a defined set of third-party applications on Windows systems. Detection of an application does not guarantee patch support; only applications listed below are eligible for automated or manual patching.

Supported Application Categories

Supported applications commonly fall into these categories:

• Web browsers and browser components

• Remote access and VPN software

• Developer tooling and runtimes

• Document viewers and media players

• Backup and virtualization utilities

• Common productivity and collaboration tools

Authoritative List of Patchable Third-Party Applications

The following third-party software is currently supported for patching in Cyrisma:

7-Zip
Adobe Acrobat Reader DC (Continuous)
Adobe AIR Runtime
Adobe Flash Player (IE and NPAPI variants)
Apache Tomcat
Apple iCloud
Apple iTunes
Bitwarden Desktop
Cisco Webex App
Cisco Webex Meetings
Docker Desktop for Windows
Docker CE for Windows
FileZilla
Firebird
Ghostscript
Git
Google Chrome (Consumer and Enterprise)
Greenshot
ImageMagick
IrfanView
Java Runtime Environment (32-bit and 64-bit)
LibreOffice
Microsoft Edge
Mozilla Firefox (x86, x64, ESR variants)
Mozilla Thunderbird (32-bit and 64-bit)
MySQL Connector for Python
Node.js
Node.js (NVM)
Notepad++
OpenSSL
OpenVPN (x86 and x64)
Oracle VM VirtualBox
PHP (XAMPP)
PuTTY (32-bit and 64-bit)
Python
RealVNC / VNC Server / VNC Viewer
Ruby
SafeNet Authentication Client
SonicWall NetExtender
TeamViewer (all supported variants)
TightVNC
UltraVNC
Veeam Agent
Visual Studio Code
Visual Studio Code Extensions (Python, ESLint, Java, Jupyter)
VLC Media Player
VMware Horizon Client
VMware Tools
WinRAR
WinSCP
Wireshark
Zoom Client (single-user, all-users, IT admin)

This list represents remediation capability, not detection coverage. Cyrisma may detect additional applications that are not patchable through the platform.

Windows Patch Remediation

Cyrisma supports remediation of Windows vulnerabilities through Windows Update–based patching. Patch Manager surfaces Windows KBs that are applicable to scanned endpoints and allows scheduling and tracking of those updates.

Windows patch remediation behavior follows Microsoft’s cumulative update model. Individual CVEs may map to older KBs that are superseded by newer cumulative updates.

Supported Security Configuration Remediations

In addition to software patching, Cyrisma supports remediation of select security configuration issues through direct system changes. These remediations address misconfigurations commonly flagged during vulnerability and secure baseline scans.

Obsolete SSL Versions

Remediation disables deprecated SSL protocols, including SSL 2.0 and SSL 3.0, which are vulnerable to known cryptographic attacks such as POODLE.

This remediation enforces secure protocol usage by modifying Windows SCHANNEL configuration.

Obsolete TLS Versions

Remediation disables TLS 1.0 and TLS 1.1, which are no longer considered secure and may expose systems to attacks such as Sweet32.

TLS configuration changes are applied at the operating system level and impact all applications relying on SCHANNEL.

Weak Cipher Suites

Remediation disables weak and deprecated cipher suites, including DES, RC4, and NULL encryption options.

This remediation reduces cryptographic attack surface by enforcing modern cipher standards.

WinTrust Certificate Padding Validation

Remediation enables the WinTrust EnableCertPaddingCheck setting to address vulnerabilities in Authenticode signature validation.

This configuration protects systems from crafted executable files that bypass signature validation.

Detection vs Remediation Capability

It is important to distinguish between what Cyrisma can detect and what it can remediate.

• Detection identifies vulnerabilities, misconfigurations, or missing patches.

• Remediation applies a technical fix through patching or configuration enforcement.

Not all detected issues are remediable through Cyrisma. Unsupported software, OS-level limitations, and platform-specific constraints may require manual remediation or tracking through mitigation plans.

Limitations and Considerations

• Third-party patching applies to Windows systems only.

• Linux and macOS vulnerabilities may be detected but are not currently patchable through Patch Manager.

• Configuration remediations affect system-wide behavior and should be evaluated in the context of operational requirements.

• Cyrisma does not provide automated rollback for applied patches or configuration changes.