After making my special-msi unavailiable the 1.0.7.0 is continuing the scan and submits the data (checked with agent and --immediate).
So it's OK now!!
Thx
Posts
-
RE: if log-File C:\Windows\Logs\SecTeer\secteer.log stopps after "Enumerating MSI data"
-
RE: agent / secteer.exe dies when analysing my Office 15.0 (Office 2013) Registry entries
After re-importing the reg to my Win7 the 1.0.6.0 is dying again.
The 1.0.7.0 is continuing the scan and submits the data (checked with agent and --immediate).
So it's OK now!!
Thx -
RE: agent / secteer.exe dies when analysing my Office 15.0 (Office 2013) Registry entries
Sorry for confusing ...
I'm sure I reproduced it on my Win10 before posting,
but now it's UR (unreproducable) thereIn that case it's not relevant to others (only to my special-Win7).
So you can mark this as 'closed' ...Sorry again!
-
RE: agent / secteer.exe dies when analysing my Office 15.0 (Office 2013) Registry entries
What You see in Code-Window ist the complete reg-file (no Office 2013/365 installed on my side)!
That's why I thought you may be interested in. -
if log-File C:\Windows\Logs\SecTeer\secteer.log stopps after "Enumerating MSI data"
Not really a bug with secteer but may be a problem with some older/rare msi-Files and so more a hint:
I observed on my machines, that the agent stopped working after "Enumerating MSI data". exe/agent were still running (so no "die" of process/service).
As the agent is running as a service it can't display windows to the users (silent).
When running from a Admin-CMD the Windows Installer comes up with message-windows and i had to fix 2 msi -files: "Windows Installer: The feature you are trying to use is on a network resource that is anavailiable. --> Browse...". One was located on a DVD and one on "C:\Users...\AppData\Local\Temp....". Both from programs i would not request from you to be detected!!I re-created the files, put them to a persistant location on HDD, followed the instuctions of windows installer and on next run secteer runs on the MSI-Topics with success.
-
agent / secteer.exe dies when analysing my Office 15.0 (Office 2013) Registry entries
agent / secteer.exe v-1.0.6.0 dies when analysing my Office 15.0 (Office 2013) Registry entries
"dies" means:
The agent does not display a window. Log file stops after "There are 8 registry rules". When running from Admin-CMD there is a message window (Dr. Watson^^).Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\15.0] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\15.0\Common] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\15.0\Common\FilesPaths] "office.odf"="C:\\PROGRA~2\\COMMON~1\\MICROS~1\\OFFICE15\\Cultures\\OFFICE.ODF" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\15.0\Common\InstallRoot] "Path"="C:\\Program Files (x86)\\Microsoft Office\\Office15\\"
shortest way to reproduce:
"C:\Program Files (x86)\SecTeer VulnDetect\secteer.exe" --no-filesystem --no-winupdate --no-system --no-msi --immediateAfter (saving as .reg) and deleting the Registry-Tree the registry can scanned successfull with my Win7. Importing the .reg to a Win10 causes also secteer.exe to die.
Btw: I didn't have Office 2013 installed. Only VisionViewer2013.
A re-installation with an additional update (KB3178640) do not put back these reg-keys. So I have no idea when and by whom they have been created. -
RE: my 'inspection data' is too big and cannot be submitted to server: The time limit for the transaction has been reached.
Hi,
sorry for delay too.
I now updated to agent v1.0.6.0 and submission to server is now successful!
So the problem is fixed.Many Thanks!
-
my 'inspection data' is too big and cannot be submitted to server: The time limit for the transaction has been reached.
Hello,
my 'inspection data' cannot be submitted to server:
My Win7-OS has german language:
german: Das Zeitlimit fΓΌr den Vorgang wurde erreicht.
english: The time limit for the transaction has been reached.[2019-04-27 06:50:09.141+0120] Enumerated filesystem in 317.783ms
[2019-04-27 06:50:09.141+0120] Read file version information in 326.102ms
[2019-04-27 06:50:09.152+0120] Inspecting registry
[2019-04-27 06:50:09.342+0120] Inspected registry in 0.189ms
[2019-04-27 06:50:09.348+0120] Sending inspection data to server
[2019-04-27 06:50:09.349+0120] Connecting to server: agent.vulndetect.com
[2019-04-27 06:50:39.352+0120] Error in server communication (290,197) : (0x00002ee2) => Das Zeitlimit f++r den Vorgang wurde erreicht.
[2019-04-27 06:50:39.352+0120] Failed to submit inspection data:
[2019-04-27 06:50:39.352+0120] Waiting 10 minutes before retryingI guess the (german-OS) message comes from an "http POST command" used by secteer and my 'inspection data' is too big.
My Win7 is rather old (from July 2009) and has seen a lot (!!) of hardware, software, updates and problems ... .Waiting just repeats the error.
To check if its dependent to one of my files I split the analysis by running secteer with option --immediate in several steps.
As DriveLetter c:\ is also too big, i split it into 2 parts:
one step on c:\windows with all other Windows-Checks and a
second step on Folder C:\SecTeer with Hard-Links/NTFS-Links/NTFS-Junction/... to all 1st-stage-Folders on C:\ except C:\Windows.C:\Program Files C:\Program Files (x86) C:\ProgramData C:\Users C:\PerfLogs ...
All these single steps can now submit the data without errors
(and i can check results directly after each step)"C:\Program Files (x86)\SecTeer VulnDetect\secteer.exe" --path "C:\Windows" --immediate
pause
"C:\Program Files (x86)\SecTeer VulnDetect\secteer.exe" --no-winupdate --no-registry --no-system --path "C:\SecTeer" --immediate
pause
"C:\Program Files (x86)\SecTeer VulnDetect\secteer.exe" --no-winupdate --no-registry --no-system --path "D:" --immediate
pause
... continuing with other Drive Letters ...I have also a Dual-Boot Win10 (not seeing the Win7-drive) where SecTeer has run fine at the beginning.
After installing MS Visual Studio 2017 CE the data is now also too big and a split is necessary.Is there a way on my side to submit the data in one step?
Thx!
-
[Solved] detection Issues in C:\Windows\Installer\$PatchCache$\Managed\
several Old Versions of Microsoft Office and the Adobe Reader are detected here:
C:\Windows\Installer$PatchCache$\Managed...But I think this aren't problems as the *.exe are never used from here but files are necessary when updating/reinstalling software.
May be I made the folder visible/accessable in the past so that I'm alone with these detections.
Is there a way to suppress it e.g. by blacklist?
Thanks!