Posts made by cdqEAW67

After making my special-msi unavailiable the 1.0.7.0 is continuing the scan and submits the data (checked with agent and --immediate).
So it's OK now!!
Thx

After re-importing the reg to my Win7 the 1.0.6.0 is dying again.
The 1.0.7.0 is continuing the scan and submits the data (checked with agent and --immediate).
So it's OK now!!
Thx

Sorry for confusing ...

I'm sure I reproduced it on my Win10 before posting,
but now it's UR (unreproducable) there

In that case it's not relevant to others (only to my special-Win7).
So you can mark this as 'closed' ...

Sorry again!

What You see in Code-Window ist the complete reg-file (no Office 2013/365 installed on my side)!
That's why I thought you may be interested in.

Not really a bug with secteer but may be a problem with some older/rare msi-Files and so more a hint:

I observed on my machines, that the agent stopped working after "Enumerating MSI data". exe/agent were still running (so no "die" of process/service).

As the agent is running as a service it can't display windows to the users (silent).
When running from a Admin-CMD the Windows Installer comes up with message-windows and i had to fix 2 msi -files: "Windows Installer: The feature you are trying to use is on a network resource that is anavailiable. --> Browse...". One was located on a DVD and one on "C:\Users...\AppData\Local\Temp....". Both from programs i would not request from you to be detected!!

I re-created the files, put them to a persistant location on HDD, followed the instuctions of windows installer and on next run secteer runs on the MSI-Topics with success.

agent / secteer.exe v-1.0.6.0 dies when analysing my Office 15.0 (Office 2013) Registry entries

"dies" means:
The agent does not display a window. Log file stops after "There are 8 registry rules". When running from Admin-CMD there is a message window (Dr. Watson^^).

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\15.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\15.0\Common]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\15.0\Common\FilesPaths]
"office.odf"="C:\\PROGRA~2\\COMMON~1\\MICROS~1\\OFFICE15\\Cultures\\OFFICE.ODF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\15.0\Common\InstallRoot]
"Path"="C:\\Program Files (x86)\\Microsoft Office\\Office15\\"

shortest way to reproduce:
"C:\Program Files (x86)\SecTeer VulnDetect\secteer.exe" --no-filesystem --no-winupdate --no-system --no-msi --immediate

After (saving as .reg) and deleting the Registry-Tree the registry can scanned successfull with my Win7. Importing the .reg to a Win10 causes also secteer.exe to die.

Btw: I didn't have Office 2013 installed. Only VisionViewer2013.
A re-installation with an additional update (KB3178640) do not put back these reg-keys. So I have no idea when and by whom they have been created.

Hi,
sorry for delay too.
I now updated to agent v1.0.6.0 and submission to server is now successful!
So the problem is fixed.

Many Thanks!

Hello,

my 'inspection data' cannot be submitted to server:

My Win7-OS has german language:
german: Das Zeitlimit für den Vorgang wurde erreicht.
english: The time limit for the transaction has been reached.

[2019-04-27 06:50:09.141+0120] Enumerated filesystem in 317.783ms
[2019-04-27 06:50:09.141+0120] Read file version information in 326.102ms
[2019-04-27 06:50:09.152+0120] Inspecting registry
[2019-04-27 06:50:09.342+0120] Inspected registry in 0.189ms
[2019-04-27 06:50:09.348+0120] Sending inspection data to server
[2019-04-27 06:50:09.349+0120] Connecting to server: agent.vulndetect.com
[2019-04-27 06:50:39.352+0120] Error in server communication (290,197) : (0x00002ee2) => Das Zeitlimit f++r den Vorgang wurde erreicht.
[2019-04-27 06:50:39.352+0120] Failed to submit inspection data:
[2019-04-27 06:50:39.352+0120] Waiting 10 minutes before retrying

I guess the (german-OS) message comes from an "http POST command" used by secteer and my 'inspection data' is too big.
My Win7 is rather old (from July 2009) and has seen a lot (!!) of hardware, software, updates and problems ... .

Waiting just repeats the error.

---

To check if its dependent to one of my files I split the analysis by running secteer with option --immediate in several steps.
As DriveLetter c:\ is also too big, i split it into 2 parts:
one step on c:\windows with all other Windows-Checks and a
second step on Folder C:\SecTeer with Hard-Links/NTFS-Links/NTFS-Junction/... to all 1st-stage-Folders on C:\ except C:\Windows.

C:\Program Files
C:\Program Files (x86)
C:\ProgramData
C:\Users
C:\PerfLogs
...

All these single steps can now submit the data without errors
(and i can check results directly after each step)

"C:\Program Files (x86)\SecTeer VulnDetect\secteer.exe" --path "C:\Windows" --immediate
pause
"C:\Program Files (x86)\SecTeer VulnDetect\secteer.exe" --no-winupdate --no-registry --no-system --path "C:\SecTeer" --immediate
pause
"C:\Program Files (x86)\SecTeer VulnDetect\secteer.exe" --no-winupdate --no-registry --no-system --path "D:" --immediate
pause
... continuing with other Drive Letters ...

I have also a Dual-Boot Win10 (not seeing the Win7-drive) where SecTeer has run fine at the beginning.
After installing MS Visual Studio 2017 CE the data is now also too big and a split is necessary.

Is there a way on my side to submit the data in one step?

Thx!

several Old Versions of Microsoft Office and the Adobe Reader are detected here:
C:\Windows\Installer$PatchCache$\Managed...

But I think this aren't problems as the *.exe are never used from here but files are necessary when updating/reinstalling software.

May be I made the folder visible/accessable in the past so that I'm alone with these detections.

Is there a way to suppress it e.g. by blacklist?

Thanks!