Group Details Private

Global Moderators

Forum wide moderators

Member List

T Tom
  • RE: Error in server communication (280,226) : (0x00002ee2) => The operation timed out


    I'm happy you found a solution.

    And thank you very much for the detailed explanation, I'm certain other customers can benefit from this.

    posted in Bugs and issues
  • RE: Error in server communication (280,226) : (0x00002ee2) => The operation timed out



    It appears that we have some outdated documentation, it will be fixed within a day or two. The OCSP / CRT hosts should be:

    However, this is most likely not the cause of the issue that you have.

    I can see that the host got registered with the system. This means that the installer managed to contact the backend and get the authToken, that you see in the logfile.

    Since the installer is invoked interactively by the logged in user, it uses the same network / proxy settings as the user that is logged in, when it invokes the Agent to register for a authToken.

    While the Agent runs as the SYSTEM user, after it is installed.

    In some environments, there is restrictions on what the SYSTEM user can do on the network and whether it has access to a proxy.

    I suspect that is what you are seeing here.

    Since I don't know anything about your system configuration, it is hard to advise on the proper cause of action to allow the Agent network access.

    posted in Bugs and issues
  • RE: [RELEASE] SecTeer VulnDetect Agent v2.4.2.0 & - 2022-12-19

    VulnDetect Agent is available. We would appreciate if you test and use this on selected systems.

    Please report any and all issues you find with this latest Agent. It is a prerequisite for upcoming features, however, it is expected to be superseded soon, as more functionality will be added.

    posted in Announcements
  • [VulnDetect][Custom Software] Microsoft 365 / Office - Updating

    Updating your Microsoft 365 installations using Custom Software is very easy.

    We have made the below simple sample code, which will update it in a safe manner.

    You may want to alter this:
    /update user displaylevel=false forceappshutdown=false

    The displaylevel can be set to true, then the user will see a popup.

    And you would be able to close the apps by changing forceappshutdown to true. Our tests shows that this is safe, as it doesn't close the apps, if people have unsaved documents open. However, please test this on a few hosts, before doing this across the entire company network.

    $path64 = "C:\Program Files\Common Files\microsoft shared\ClickToRun"
    $path32 = "C:\Program Files (x86)\Common Files\microsoft shared\ClickToRun"
    $file = "OfficeC2RClient.exe"
    $arguments = "/update user displaylevel=false forceappshutdown=false"
    function updateOffice ($clicktorun, $arguments) {
        Start-Process -PassThru -FilePath $clicktorun -ArgumentList $arguments
    if (Test-Path -LiteralPath "$path32\$file" -PathType Leaf -ErrorAction SilentlyContinue) {
        updateOffice -clicktorun $path32\$file -arguments $arguments
    elseif (Test-Path -LiteralPath "$path64\$file" -PathType Leaf -ErrorAction SilentlyContinue) {
        updateOffice -clicktorun $path64\$file -arguments $arguments
    else {
        Write-Host "Error: $file not found in default locations, aborting."

    Remember to select All files:
    All files.png

    MS 365 Update.png

    posted in [Corporate] Deployment -> Custom Software
  • RE: Toolbox for VulnDetect

    @OLLI_S Lots of good ideas.
    The first one, that about excluding drives or folders, is getting a lot closer. I don't have a date yet, but we will soon make the final decision about how it should be implemented in the backend and then it shouldn't be long before there will be a UI component for it too.

    posted in Detection Issues
  • RE: Office 2013

    @GregAlexandre Noted. Thank you.
    Btw. depending on your installation, you will be notified via the Windows Update details in VulnDetect about missing updates for old Office versions.

    posted in App Requests
  • RE: Cobian Reflector

    Thank you, product added

    posted in App Requests
  • RE: Toolbox for VulnDetect

    @GregAlexandre Interesting.

    Luckily, I discussed this with a developer earlier today, and it seems that we can keep the --immediate though technically it will work quite differently.

    Instead of running an inspection, it will signal the service and ask it to run the inspection.

    Only caveat is that it most likely will require Admin privileges to send this signal.

    And then the process will exit immediately, while the service runs in the background.

    The other options will still vanish because they will be incompatible with the new changes.

    posted in Detection Issues
  • RE: Toolbox for VulnDetect

    @OLLI_S Just wanted to officially inform about some upcoming and breaking changes to the agent.

    Well, breaking for the Toolbox, but not for anything else, as far as we can tell.

    With the upcoming major release of the agent, it will no longer be possible to run the --immediate in the same as way as before.

    The reason is simple: It doesn't make sense, because the inspection data returned by the agent are wrong, because the agent runs in the wrong context.

    Instead, the --immediate will be changed to send a request for a new inspection task to the backend. Within 1 minute, the agent (the service) should pick up the task and inspect.

    This also means that the following options will be removed from the agent:


    The "ignore" and "path" can still be controlled via the registry:

    I don't know how many users use the Toolbox, we use it, because it is a nice way to extract data for new detections, which in turn is posted to some internal sub-categories for documentation purposes.

    But the functionality to inspect is not used by anyone at SecTeer.

    posted in Detection Issues