You can use the "Configuring and Managing CIFS on EMC Celerra" manual.  If you need more than this, take each CVE number for the vulnerabilities found and plug them into the Knowledgebase.  Chances are, we've already seen it at least once.  If not, open a SR and provide the following:

• Manufacturer and name of scanning product
• Complete output from scanner running against Celerra (specify CS or DM)

The response from Tech Support / Engineering can be used as "official" documentation of the fact that the specific vulnerabilities are not applicable to Celerra.

-bill

keep in mind that DART doesnt use any Microsoft code

so most of the "vulnerabilities" are red herrings - i.e. the scanner think the Celerra is running a certain version of Windows that could be susceptible because the Celerra does too good a job of looking like a Microsoft server

these scanners dont test the vulnerabilites itself - they usually test the software / service pack / hotfix

Rainer

Bill,

yes ..i got a list of CVEs from their tool (Nessus). some of these come up in PowerLink but most do not.

for example:

*********************************************

CVE : CVE-1999-0504, CVE-1999-0505, CVE-1999-0506, CVE-2000-0222,

     CVE-2002-1117, CVE-2005-3595

    BID : 494, 990, 11199

. Information found on port microsoft-ds (445/tcp)

    Synopsis :

   

    It is possible to obtain information about the remote operating

    system.

   

    Description :

   

    It is possible to get the remote operating system name and

    version (Windows and/or Samba) by sending an authentication

    request to port 139 or 445.

   

    Solution :

   

    n/a

   

    Risk factor :

   

    None

*********************************************

Thanks

FYI , here is official reply from support

emc83326

emc127289