[Implemented] Don't store log files in the Windows folder
-
Currently the log file is stored in the Windows folder C:\Windows
Please use the official Windows Log folder for your logging output. -
As suggested for local time vs UTC, using the Windows eventlog format would resolve this.
-
The VulnDetect uses the "official" log folder under Windows now.
-
Perfect, now the log files are placed in C:\Windows\Logs\SecTeer
-
I recognized that the log files are only stored in the folder C:\Windows\Logs\SecTeer when I start the scan batch with Administrator rights.
When I start the scan batch without Administrator rights then no log files will be created.So I suggest that you store the log files in a folder where you don't need Administrator rights.
-
VulnDetect is intended to be run in an automated manner, using the scheduling. When it runs in this manner, it has the required privileges to store log files (and read all applicable files).
If you run VulnDetect as a "normal" user, which works fine for most, you should be aware that there is a number of potential issues, since VulnDetect doesn't necessarily have the privileges to read all relevant files on the system.
This also goes for the logging, so if you want log details, while running VulnDetect as a "normal" user, you should either view directly on the console (so no -q) or you should specify "-l c:\users\myuser\mylogfile.log" and again, no "-q" since it also makes logging quiet.
So, all in all, if you want correct (complete) results, you should either only use the scheduled inspection or run "secteer.exe" as an administrative user. Running "secteer.exe" directly should only be used for a quick update of your results or for testing.
On another, but related, note, we will soon be launching a new feature in VulnDetect, which also will require higher privileges, so again, running "secteer.exe" directly is only for quick troubleshooting or testing of newly added rules / apps.
/Tom
Download the latest SecTeer VulnDetect agent here:
https://vulndetect.com/dl/secteerSetup.exe -
@tom said in Don't store log files in the Windows folder:
On another, but related, note, we will soon be launching a new feature in VulnDetect, which also will require higher privileges, so again, running "secteer.exe" directly is only for quick troubleshooting or testing of newly added rules / apps.
OK, so I have to run secteer.exe with administrator rights.
Is this enough for the future changes? -
@olli_s It should be. But again, we can't guarantee that it will work exactly the same way, when you run it in a console, as when it runs as a Windows Service.
-
So that needs to be tested...
I set the topic to Implemented. -
T Tom referenced this topic on
