Group Details Private

VulnDetect Team Member

VulnDetect Employees

Member List

  • [VulnDetect][Custom Software] Microsoft 365 / Office - Updating

    Updating your Microsoft 365 installations using Custom Software is very easy.

    We have made the below simple sample code, which will update it in a safe manner.

    You may want to alter this:
    /update user displaylevel=false forceappshutdown=false

    The displaylevel can be set to true, then the user will see a popup.

    And you would be able to close the apps by changing forceappshutdown to true. Our tests shows that this is safe, as it doesn't close the apps, if people have unsaved documents open. However, please test this on a few hosts, before doing this across the entire company network.

    $path64 = "C:\Program Files\Common Files\microsoft shared\ClickToRun"
    $path32 = "C:\Program Files (x86)\Common Files\microsoft shared\ClickToRun"
    $file = "OfficeC2RClient.exe"
    $arguments = "/update user displaylevel=false forceappshutdown=false"
    function updateOffice ($clicktorun, $arguments) {
        Start-Process -PassThru -FilePath $clicktorun -ArgumentList $arguments
    }
    if (Test-Path -LiteralPath "$path32\$file" -PathType Leaf -ErrorAction SilentlyContinue) {
        updateOffice -clicktorun $path32\$file
    }
    elseif (Test-Path -LiteralPath "$path64\$file" -PathType Leaf -ErrorAction SilentlyContinue) {
        updateOffice -clicktorun $path64\$file
    }
    else {
        Write-Host "Error: $file not found in default locations, aborting."
    }
    

    Remember to select All files:
    All files.png

    MS 365 Update.png

    posted in [Corporate] Deployment -> Custom Software
  • RE: Toolbox for VulnDetect

    @OLLI_S Lots of good ideas.
    The first one, that about excluding drives or folders, is getting a lot closer. I don't have a date yet, but we will soon make the final decision about how it should be implemented in the backend and then it shouldn't be long before there will be a UI component for it too.

    posted in Detection Issues
  • RE: Office 2013

    @GregAlexandre Noted. Thank you.
    Btw. depending on your installation, you will be notified via the Windows Update details in VulnDetect about missing updates for old Office versions.

    posted in App Requests
  • RE: Cobian Reflector

    Thank you, product added

    posted in App Requests
  • RE: Toolbox for VulnDetect

    @GregAlexandre Interesting.

    Luckily, I discussed this with a developer earlier today, and it seems that we can keep the --immediate though technically it will work quite differently.

    Instead of running an inspection, it will signal the service and ask it to run the inspection.

    Only caveat is that it most likely will require Admin privileges to send this signal.

    And then the process will exit immediately, while the service runs in the background.

    The other options will still vanish because they will be incompatible with the new changes.

    posted in Detection Issues
  • RE: Toolbox for VulnDetect

    @OLLI_S Just wanted to officially inform about some upcoming and breaking changes to the agent.

    Well, breaking for the Toolbox, but not for anything else, as far as we can tell.

    With the upcoming major release of the agent, it will no longer be possible to run the --immediate in the same as way as before.

    The reason is simple: It doesn't make sense, because the inspection data returned by the agent are wrong, because the agent runs in the wrong context.

    Instead, the --immediate will be changed to send a request for a new inspection task to the backend. Within 1 minute, the agent (the service) should pick up the task and inspect.

    This also means that the following options will be removed from the agent:

    --no-filesystem
    --no-registry
    --no-system
    --no-msi
    --no-winupdate
    --ignore
    --path
    

    The "ignore" and "path" can still be controlled via the registry:
    https://vulndetect.org/topic/2388/

    I don't know how many users use the Toolbox, we use it, because it is a nice way to extract data for new detections, which in turn is posted to some internal sub-categories for documentation purposes.

    But the functionality to inspect is not used by anyone at SecTeer.

    posted in Detection Issues
  • RE: Azure SSO

    @jak552 We discussed this a few days ago, it sounds like this is viable to implement in a soon to come UI update.
    With some luck before the end of the year.

    posted in Feature and Functionality Requests
  • RE: [Solved] No Photofoltre Icon

    @OLLI_S Yes

    posted in Solved Detection Issues