Categories

  • Announcements regarding the VulnDetect project

    14 Topics
    123 Posts
    T
    Version 3.4.0.0 is the latest Stable release. It can be downloaded from here: https://vulndetect.com/dl/agents/secteerSetup-3.4.0.0.exe https://vulndetect.com/dl/agents/secteerSetup-3.4.0.0.msi
  • Post requests for apps that are missing

    352 Topics
    2k Posts
    OLLI_SO
    Meantime Versions 2.18.4 and 2.18.5 were released. Here the version info of 2.18.5: File name and path: C:\Users\olive\AppData\Local\Programs\PLITCH\PLITCH.exe Product Name: PLITCH Internal Name: PLITCH.dll Original Filename: PLITCH.dll File Description: PLITCH Company: PLITCH Legal Copyright: Legal Trademarks: Comments: File Version String: 2.18.5.0 File Version: 2.18.5.0 Product Version String: 2.18.5+d5d023cac37e6398062fb9016f8cfbebd4401c07 Product Version: 2.18.5.0
  • Post requests for apps that you wish to see updated automatically

    25 Topics
    40 Posts
    T
    Why we only patch the two most recent major Python versions Python follows a lifecycle where only the newest major versions receive full support, including official binary installers. Once a version moves into security-fix-only mode, upstream stops shipping these installers. From Python 3.12 release notes: “Python 3.12 is now in the ‘security fixes only’ stage… releases of those are made irregularly in source-only form... binary installers are no longer provided.” Source: https://www.python.org/downloads/release/python-31213/ For older versions: Updates are source-only, not packaged installers No consistent or supported upgrade path on Windows Effectively shifts maintenance to manual builds or downstream distributions Bottom line: If upstream doesn’t ship a proper installer, we don’t have a reliable or safe way to patch it.
  • Announcements regarding the VulnDetect project

    61 Topics
    60 Posts
    rnzR
    Autodesk Revit updates can be handled through Custom Tag Approvals, where customers upload the required Revit update files themselves. We have used the following custom configuration: [image: 1783421329942-2c13f69c-ecf4-41db-acaa-89ee19b08c5f-image.jpeg] Download the required Revit update file from your Autodesk account. [image: 1783421795878-60f00162-a809-446a-88e7-55725a351e5b-image.jpeg] Upload the update file to the relevant Custom Tag Approval in VulnDetect by enabling customization [image: 1783424129942-153e40cc-0020-4a95-af14-f46efc8d5030-image-resized.jpeg] Assign the custom tag to the hosts where Autodesk Revit should be updated. VulnDetect will deploy the uploaded update file to the tagged hosts on the next inspection. Please make sure the uploaded update file matches the Revit version installed on the target hosts, as Autodesk updates are usually specific to a product and version branch. This approach can be used to keep Revit updated through VulnDetect by maintaining the update files directly on the Custom Tag Approval.
  • Detection errors and issues should be posted here

    457 Topics
    2k Posts
    OLLI_SO
    For Free Download Manager VulnDetect detects the version 6.34.2.6926. But VulnDetect recommends the version 6.33.2 (6656) (VulnDetect recommends an OLDER version). Please recommend the currently available version!
  • Detection errors and issues should be posted here

    47 Topics
    155 Posts
    G
    Hi, Or I missed it during the last check or the issue is back. Regards
  • This category will be used to keep track of user contributed suggestions

    143 Topics
    472 Posts
    OLLI_SO
    I am using the CSV export on a daily base, it is really very useful. But sone things should really be improved. Recommended Version For some tools (like “MiTeC Icon Explorer") the recommended version (5.2.0) is older, than the installed version (5.3.0). In the list of applications you do not show a recommended version. In my CSV export I have 15 applications, where the recommended version is different, but only for 3 entries the recommended version is newer. Therefore, the recommended version should not be exported, when it is older or equal to the installed version. Export Tool Collections All tools from "Sysinternals" are bundled as "Sysinternals Suite". The whole suite including all apps is not exported. You should export the package headline ("Sysinternals Suite") and also all included tools. I do not know if it causes trouble when the package headline ("Sysinternals Suite") has an empty column "File". Identical naming for Apps in Tool Collections All tools from Sysinternals begin with the text "Sysinternals" (like "Sysinternals DebugView" or "Sysinternals Process Explorer") what is great, when you sort the exported CSV. Also all tools from MiTeC begin with the text "MiTeC". But only some tools from NirSoft begin with the text "NirSoft" and none of the tools from Nenad Hrg begin with "Nenad Hrg". Export status "Patch" and "Update" In the UAT instance you show the status "Patch" and "Update". This status is not yet exported, but it is really very helpful! Please consider these suggestions for the CSV export.
  • This category will be used to keep track of bugs reported by users

    49 Topics
    287 Posts
    G
    @olli_s : could be moved to fixed as 3.0.x agents do not install chocolatey any more.
  • Feel free to discuss what was good or bad in Secunia PSI and what you expect from VulnDetect

    19 Topics
    70 Posts
    T
    The reported Notepad++ supply-chain incident, as described in public reporting, was limited to the application’s built-in auto-update mechanism. SecTeer VulnDetect does not use or depend on the Notepad++ auto-updater. All Notepad++ packages distributed through SecTeer are downloaded directly from the official vendor source and processed through SecTeer’s own validation pipeline. This includes: Verification of the Authenticode signature where the vendor provides signed binaries Malware scanning using Microsoft Defender Additional reputation-based checks as a supplementary control SecTeer packages are released independently of the vendor’s auto-update channel and are not delivered through the update mechanism involved in the reported incident. As a result, SecTeer did not distribute compromised code, and SecTeer’s distribution infrastructure was not impacted. A system could only have received the compromised update if the built-in Notepad++ auto-update feature was enabled on the system In short: SecTeer’s update mechanism was not involved in the incident, and no compromised Notepad++ packages were delivered through the SecTeer platform.