when we run a vulnerability scan on our SQL servers we get a lot of redgate alerts, i know you can setup to ignore certain alerts and have a maintenance window but ignoring the alerts isn't an option (what if its actually a hack) and the maintenance window is dangerous for obvious reasons.