VulnDetect Team Member

The driver file is present, so in that sense the software is there. But it appears that the driver also is bundled with other software from Intel.

I can also see that there is a new version, that will be added soon.

However, there are some issues with the accuracy of this, that is also why it is released as "Testing".

It should be clear in the UI of Personal edition with a black "Testing" pill. In the Personal we default to show these "Testing" apps, in order to get this kind of feedback.

However, in the Corporate, it isn't visible for ordinary accounts, except for Olli, and for our internal test accounts. The issue here, is that you can't see that it is "Testing" in the Corporate UI, so you may be led to believe that it is fully supported. Since Olli is the only external person who can see "Testing" in Corporate, we won't change that any time soon.

This detection will remain as "Testing", while we await a new backend feature, which should aid us in tracking this in a proper and reliable manner.

@OLLI_S Thank you, I've changed the file. Please report if that causes other issues.

@OLLI_S Looks like it is fixed.

@GregAlexandre Version 40278 is available now and I also confirmed it by downloading it.

@GregAlexandre
The advisory is still present:
https://security-advisory.acronis.com/updates/UPD-2302-3bd6-1ff4

Description
This update contains fixes for 2 high severity security vulnerabilities and is recommended for all users.

More details will be published soon.

Let's hope they release a new build asap.

@GregAlexandre If you look at this page, you'll see the latest build referenced:
https://www.acronis.com/en-us/support/updates/

However, if you click the link, then you get the older version, also the release notes has been pulled.

It is curious, as our robot found build 40252 on 21 February, and the update was detected on one or more customer PC's on 22nd, and the update was assigned to a curator who made the rule (on 22nd).

And there was even a new entry in their advisory database, indicating that build 40252 fixes security issues (albeit, no details were present).

We will set 40173 as Recommended for now and update as soon as a new build has been released.

@lammertsm Thank you. Detection has been added as "testing". We will soon release it properly.

@GregAlexandre

Removing chocolatey isn't trivial for all users, since a few already used it or started using after it was installed by VulnDetect.

We are assessing ways to determine this in a reliable way, so we don't remove it if the user has used it.

Alternatively, we will release a removal script at some point, so you and others easily can remove it.

Thank you. The product has been added as "testing". Once we have collected proper rule data, we will release it.

@GregAlexandre Interesting, I have no record of why it should have disappeared. Do let me know if it happens again.

And thank you.