Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

Categories

Announcements

Announcements regarding the VulnDetect project

Archived

14 Topics

123 Posts

T

Version 3.4.0.0 is the latest Stable release.

It can be downloaded from here:
https://vulndetect.com/dl/agents/secteerSetup-3.4.0.0.exe
https://vulndetect.com/dl/agents/secteerSetup-3.4.0.0.msi
App Requests

Post requests for apps that are missing

Added App Requests

345 Topics

2k Posts

O

Name of the app:
LocalSend

Developer:
Tien Do Nam

Website:
https://localsend.org/

Download Site:
https://github.com/localsend/localsend

Version number displayed in the app:
1.16.1 (56)

App-Icon:
localsend_app_Icon.png

Here the information extracted from the EXE file:
File name and path: C:\Users\olive\AppData\Local\Programs\LocalSend\localsend_app.exe Product Name: LocalSend Internal Name: localsend_app Original Filename: localsend_app.exe File Description: LocalSend Company: Tien Do Nam Legal Copyright: Copyright (C) 2022-2024 Tien Do Nam. All rights reserved. Legal Trademarks: Comments: File Version String: 1.16.1+56 File Version: 1.16.1.56 Product Version String: 1.16.1+56 Product Version: 1.16.1.56
Auto Update Requests

Post requests for apps that you wish to see updated automatically

22 Topics

35 Posts

O

Please add Keeper Password Manager to the Auto-Patching process, so it is automatically updated (when I select it).
I post one app in one topic, so we can keep the topics smaller.

For Keeper Password Manager there is a Choko package available:
https://community.chocolatey.org/packages/keeper
[Corporate] Deployment -> Custom Software

Announcements regarding the VulnDetect project

39 Topics

39 Posts

T

Can I uninstall the Agent using the Agent and Custom Software?

Yes, that is doable, although you won't be able to see the correct state in the Job Activity, because the system won't be able to report back to the backend.

Here is a PowerShell script that does that:
# Set environment variables for 32-bit and 64-bit Windows $ProgramData = $env:ProgramData $SecTeer = "SecTeer VulnDetect" $myTaskPath = "\$SecTeer\" if ($env:PROCESSOR_ARCHITECTURE -eq "x86") { $agentRegPath = 'Registry::HKLM\Software\SecTeer\Agent' $appRegPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*" $ProgramFiles = "${env:ProgramFiles}" } else { $agentRegPath = 'Registry::HKLM\Software\WOW6432Node\SecTeer\Agent' $appRegPath = "SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*" $ProgramFiles = "${env:ProgramFiles(x86)}" } $SecTeerPath = Join-Path -Path $ProgramFiles -ChildPath $SecTeer # Determine the uninstall method - prefer EXE uninstaller if available $command = if (Test-Path -Path "$SecTeerPath\unins000.exe") { Join-Path -Path $SecTeerPath -ChildPath "unins000.exe" } elseif (Test-Path -Path "$SecTeerPath\unins001.exe") { Join-Path -Path $SecTeerPath -ChildPath "unins001.exe" } else { $null } # Launch the uninstaller if found, attempt MSI removal otherwise if ($command) { try { $processSpecs = New-Object System.Diagnostics.ProcessStartInfo $processSpecs.FileName = $command $processSpecs.RedirectStandardError = $True $processSpecs.RedirectStandardOutput = $True $processSpecs.UseShellExecute = $False $processSpecs.Arguments = "/VERYSILENT /SUPPRESSMSGBOXES /FORCECLOSEAPPLICATIONS /NOCANCEL" $process = [System.Diagnostics.Process]::Start($processSpecs) $process.WaitForExit() } catch { Write-Warning "Failed to start the uninstaller process: $_" } } else { try { Uninstall-Package -Name "$SecTeer" -Force -ErrorAction SilentlyContinue } catch { Write-Warning "Failed to uninstall the package: $_" } } # Remove all scheduled tasks related to SecTeer VulnDetect $scheduleTasks = @( "SecTeer VulnDetect*", "SecTeerVulnDetectAgentStateMonitoring", "SecTeerVulnDetectMaintenance*" ) foreach ($taskName in $scheduleTasks) { try { Get-ScheduledTask -TaskName $taskName -TaskPath "\" -ErrorAction SilentlyContinue | Unregister-ScheduledTask -Confirm:$false } catch { Write-Warning "Failed to unregister task $taskName: $_" } } # Clear registry remnants in Add/Remove Programs try { Get-ItemProperty "HKLM:\$appRegPath" | Where-Object { $_.DisplayName -like "$SecTeer*" } | Remove-Item -Force -ErrorAction SilentlyContinue } catch { Write-Warning "Failed to remove registry remnants: $_" } # Purge leftover files and folders try { $folderToRemove = Join-Path -Path $ProgramData -ChildPath $SecTeer Remove-Item -Path $folderToRemove -Recurse -Force -ErrorAction SilentlyContinue } catch { Write-Warning "Failed to remove folder $folderToRemove: $_" } Write-Output "$SecTeer has been successfully removed."
Detection Issues

Detection errors and issues should be posted here

Solved Detection Issues

426 Topics

2k Posts

O

@Tom It is now fixed
Bundling Issues

Detection errors and issues should be posted here

Solved Bundling Issues

43 Topics

143 Posts

O

About WSCC
I am using WSCC (Windows System Control Center) to download and update the following tools:
MiTeC Utilities NirSoft Utilities Other Utilities Sysinternals Suite
At the download site of WSCC the portable versions are offered on top, installers are offered below the portable versions.
I am also using the portable version of WSCC.
Set-Up of WSCC
When you extract the portable version to any folder and start it, then a Wizard shown, that helps users setting WSCC up correctly.

In the first step you can select, what tools you want to install:
1b597bb9-d6d6-417b-a113-5a891bbfb417-image.png

For each tool set (like Sysinternals Suite) you can select various options (lie the installation path):
6abbe750-8ce8-46cd-98ca-2fce8073bb0f-image.png

The default folders for the tools are:
%WSCCFOLDER%\Apps\MiTeC Utilities %WSCCFOLDER%\Apps\NirSoft Utilities %WSCCFOLDER%\Apps\Other Utilities %WSCCFOLDER%\Apps\Sysinternals Suite
For the MiTeC Utilities, the NirSoft Utilities and also the Other Utilities you can also define, if
only the 32-Bit version should be installed (default option) only the 64-Bit version should be installed both versions (32-Bit and 64-Bit) should be installed
Default Settings
c89507e0-288e-49ed-b1d5-c1fe1a8f8a75-image.png

My Settings
6de20d91-4a1d-4e3a-966c-e77398ac2df1-image.png
I selected to install both versions (32-Bit and 64-Bit) support VulnDetect.
Bundle MiTeC Utilities
The 32-Bit version and also the 64-Bit version of the MiTeC Utilities are all stored in the same folder.
Here only the following two applications have a 32-Bit version and also a 64-Bit version:
%WSCCFOLDER%\Apps\MiTeC Utilities\NetScanner.exe %WSCCFOLDER%\Apps\MiTeC Utilities\NetScanner64.exe %WSCCFOLDER%\Apps\MiTeC Utilities\XMLView.exe %WSCCFOLDER%\Apps\MiTeC Utilities\XMLView64.exe
It should be easy to bundle them with one rule:
%WSCCFOLDER%\Apps\MiTeC Utilities\{Application}.exe %WSCCFOLDER%\Apps\MiTeC Utilities\{Application}64.exe
Please consider, that in the future some more MiTeC tools might have both versions!
Bundle NirSoft Utilities
The 32-Bit version of the NirSoft Utilities are placed in the folder:
%WSCCFOLDER%\Apps\NirSoft Utilities
The 64-Bit version of the NirSoft Utilities are placed in the sub-folder "\x64":
%WSCCFOLDER%\Apps\NirSoft Utilities\x64
Here some examples:
%WSCCFOLDER%\Apps\NirSoft Utilities\AppReadWriteCounter.exe %WSCCFOLDER%\Apps\NirSoft Utilities\x64\AppReadWriteCounter.exe %WSCCFOLDER%\Apps\NirSoft Utilities\DevManView.exe %WSCCFOLDER%\Apps\NirSoft Utilities\x64\DevManView.exe
It should be easy to bundle them with one rule:
%WSCCFOLDER%\Apps\NirSoft Utilities\{Application}.exe %WSCCFOLDER%\Apps\NirSoft Utilities\x64\{Application}.exe Bundle Other Utilities
The 32-Bit version of the Other Utilities are placed in the folder:
%WSCCFOLDER%\Apps\Other Utilities
The 64-Bit version of the Other Utilities are placed in the sub-folder "\x64":
%WSCCFOLDER%\Apps\Other Utilities\x64
Here some examples:
%WSCCFOLDER%\Apps\Other Utilities\Everything.exe %WSCCFOLDER%\Apps\Other Utilities\x64\Everything.exe %WSCCFOLDER%\Apps\Other Utilities\putty.exe %WSCCFOLDER%\Apps\Other Utilities\x64\putty.exe %WSCCFOLDER%\Apps\Other Utilities\SumatraPDF.exe %WSCCFOLDER%\Apps\Other Utilities\x64\SumatraPDF.exe
It should be easy to bundle them with one rule:
%WSCCFOLDER%\Apps\Other Utilities\{Application}.exe %WSCCFOLDER%\Apps\Other Utilities\x64\{Application}.exe Bundle Sysinternals Suite
The tools of the Sysinternals Suite are already bundled,
Means: when you expand the Sysinternals Suite, then you see each tool only once.

The only exception here is the tool Sysinternals RegDelNull, that is listed twice:
C:\PortableApps\PortableApps\_WSCCPortable\Apps\Sysinternals Suite\RegDelNull.exe C:\PortableApps\PortableApps\_WSCCPortable\Apps\Sysinternals Suite\RegDelNull64.exe
@Tom This is a issue, that sould be fixed!
Feature and Functionality Requests

This category will be used to keep track of user contributed suggestions

Implemented Feature Requests

143 Topics

472 Posts

O

I am using the CSV export on a daily base, it is really very useful.
But sone things should really be improved.

Recommended Version
For some tools (like “MiTeC Icon Explorer") the recommended version (5.2.0) is older, than the installed version (5.3.0). In the list of applications you do not show a recommended version.
In my CSV export I have 15 applications, where the recommended version is different, but only for 3 entries the recommended version is newer.
Therefore, the recommended version should not be exported, when it is older or equal to the installed version.

Export Tool Collections
All tools from "Sysinternals" are bundled as "Sysinternals Suite".
The whole suite including all apps is not exported.
You should export the package headline ("Sysinternals Suite") and also all included tools.
I do not know if it causes trouble when the package headline ("Sysinternals Suite") has an empty column "File".

Identical naming for Apps in Tool Collections
All tools from Sysinternals begin with the text "Sysinternals" (like "Sysinternals DebugView" or "Sysinternals Process Explorer") what is great, when you sort the exported CSV.
Also all tools from MiTeC begin with the text "MiTeC".
But only some tools from NirSoft begin with the text "NirSoft" and none of the tools from Nenad Hrg begin with "Nenad Hrg".

Export status "Patch" and "Update"
In the UAT instance you show the status "Patch" and "Update".
This status is not yet exported, but it is really very helpful!

Please consider these suggestions for the CSV export.
Bugs and issues

This category will be used to keep track of bugs reported by users

Solved Bugs and Issues

47 Topics

277 Posts

O

@GregAlexandre OK, then I mark this issue as solved.
General Discussion

Feel free to discuss what was good or bad in Secunia PSI and what you expect from VulnDetect

18 Topics

70 Posts

T

During testing of the Google Chrome 131.0.6778.109 MSI package, we found that it was broken, resulting in Exit Code 1603 after attempting to spawn a UAC prompt as the SYSTEM user.

This issue occurs both when upgrading via VulnDetect and Intune. In some cases, it even breaks the existing installation during rollback of the failed update.

As a result, we pulled the update before releasing it to customers.

Once Google has fixed the Enterprise "ready" MSI installer, we will update the package and make it available after thorough testing.

Please "upvote" the following post by Mikhail Gurin if you are affected by this and have a Google account. Hopefully, this will help make Google prioritize the fix: https://support.google.com/chrome/thread/311347547

For reference, we use the following installers:
https://dl.google.com/tag/s/dl/chrome/install/googlechromestandaloneenterprise.msi https://dl.google.com/tag/s/dl/chrome/install/googlechromestandaloneenterprise64.msi
We also tested the EXE-based installers for offline deployment but found that these are incompatible with MSI-based installations.

It should be noted that the MSI works if launched interactively as a regular user who can approve the UAC prompt.