SecTeer VulnDetect & PatchPro Support Forum VulnDetect
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Download VulnDetect Installer
    • Login

    [Implemented] Exclude specific drives/folders from scan

    Scheduled Pinned Locked Moved Implemented Feature Requests
    configuration
    21 Posts 3 Posters 11.3k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • OLLI_SO Offline
      OLLI_S Community Moderator
      last edited by

      @Ascendor I merged your topic with the existing topic, because it is the same suggestion.
      Thank you for suggesting this!

      1 Reply Last reply Reply Quote 0
      • T Offline
        Tom VulnDetect Team Member
        last edited by

        The agent that we expect to release officially tomorrow (version 1.0.0.0) includes a hidden "feature".

        You may download the new version from here:
        https://test.vulndetect.com/dl/secteerSetup.exe

        You can now ignore folders / drives by editing the registry.

        First you need to import the below entries by storing it as a ".reg" file and import it (double click it).

        .reg file:

        Windows Registry Editor Version 5.00
        [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\SecTeer\Agent]
        "inspectionPaths"=hex(7):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,20,00,28,00,78,00,38,00,36,00,29,00,00,00,00,00
        "ignorePaths"=hex(7):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,64,00,6f,00,74,00,6e,00,65,00,74,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,00,00,00,00
        

        After importing this you can open regedt32 or regedit and go to:
        HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\SecTeer\Agent

        Now you can edit it in clear text.

        /Tom
        Download the latest SecTeer VulnDetect agent here:
        https://vulndetect.com/dl/secteerSetup.exe

        1 Reply Last reply Reply Quote 0
        • T Offline
          Tom VulnDetect Team Member
          last edited by Tom

          Those running secteer.exe directly like this:

          secteer.exe --immediate
          

          May appreciate to know that this new feature also applies to the command line:

          secteer.exe --immediate --ignore="c:\windows" --ignore="c:\Program Files" --ignore="c:\Program Files (x86)" --path="c:\scanthis" --path="c:\andthis"
          

          Notice that --path and --ignore can be supplied multiple times.

          You should also pay attention to the fact that it is merged with the registry entries.

          /Tom
          Download the latest SecTeer VulnDetect agent here:
          https://vulndetect.com/dl/secteerSetup.exe

          1 Reply Last reply Reply Quote 0
          • OLLI_SO Offline
            OLLI_S Community Moderator
            last edited by

            @Tom Cool feature!
            I set the topic as "[Work in progress]".

            @Tom said in Exclude specific drives/folders from scan:

            You should also pay attention to the fact that it is merged with the registry entries.

            Does this mean that the paths I enter at --ignore are stored in the registry?

            T 1 Reply Last reply Reply Quote 0
            • OLLI_SO Offline
              OLLI_S Community Moderator
              last edited by

              I found a little issue:
              For testing I wanted to exclude my C drive and changed my batch file:

              "C:\Program Files (x86)\SecTeer VulnDetect\secteer.exe" --immediate --ignore="C:\"
              

              But when I do a full system scan then the drive C:\ is not ignored!
              When I start the scan then I see In the command line the following line:

              ignorePaths : D:\_Bakup_Profile_C-Laufwerk, C:"
              

              The " at the end looks a bit strange.
              So I removed the \ at the end of the line:

              "C:\Program Files (x86)\SecTeer VulnDetect\secteer.exe" --immediate --ignore="C:"
              

              But when I do a full system scan then the drive C:\ is NOW ignored!

              So you should accept in the command line both variants (with the \ at the end and without it).

              T 1 Reply Last reply Reply Quote 0
              • T Offline
                Tom VulnDetect Team Member @OLLI_S
                last edited by

                @OLLI_S No, command line arguments are NOT stored.

                /Tom
                Download the latest SecTeer VulnDetect agent here:
                https://vulndetect.com/dl/secteerSetup.exe

                1 Reply Last reply Reply Quote 0
                • T Offline
                  Tom VulnDetect Team Member @OLLI_S
                  last edited by

                  @OLLI_S I will talk with a developer about it, but I actually think this is dictated by Windows, as the \ will escape the "
                  However, doing:

                  secteer.exe --immediate --ignore=c:\
                  

                  Will work.

                  /Tom
                  Download the latest SecTeer VulnDetect agent here:
                  https://vulndetect.com/dl/secteerSetup.exe

                  1 Reply Last reply Reply Quote 0
                  • OLLI_SO Offline
                    OLLI_S Community Moderator
                    last edited by

                    @Tom You never know how users enter the paths in the registry / the Toolbox.

                    T 1 Reply Last reply Reply Quote 0
                    • T Offline
                      Tom VulnDetect Team Member
                      last edited by

                      I should also mention that this will be added to the UI at some point, but that is not a high priority as we believe that the registry solution will suffice for most of the current user base.

                      I would appreciate to get a bit of feedback on how you wish to use this feature as it will tell us a lot about what users wish to ignore and why.

                      /Tom
                      Download the latest SecTeer VulnDetect agent here:
                      https://vulndetect.com/dl/secteerSetup.exe

                      OLLI_SO 1 Reply Last reply Reply Quote 0
                      • T Offline
                        Tom VulnDetect Team Member @OLLI_S
                        last edited by Tom

                        @OLLI_S said in [Work in progress] Exclude specific drives/folders from scan:

                        @Tom You never know how users enter the paths in the registry / the Toolbox.

                        That is true, but we don't control how Windows cmd.exe interprets special characters such as \

                        And in the long run, this will be done via the UI. Only technically savvy users should play with this in the registry or on the command line.

                        /Tom
                        Download the latest SecTeer VulnDetect agent here:
                        https://vulndetect.com/dl/secteerSetup.exe

                        1 Reply Last reply Reply Quote 0
                        • OLLI_SO Offline
                          OLLI_S Community Moderator @Tom
                          last edited by

                          @Tom said in [Work in progress] Exclude specific drives/folders from scan:

                          I would appreciate to get a bit of feedback on how you wish to use this feature as it will tell us a lot about what users wish to ignore and why.

                          I want to exclude:

                          • two external backup-drives (a complete drive like F:\ and G:\ )
                          • a backup-folder of my user profile
                          • a transfer-folder where I transfer files from my PC and my VM

                          Here it would be cool when I have a list of excluded folders in the configuration (web UI).
                          Add an input field where the user can enter a drive/path and a button "Add".
                          When the user presses "Add" you can remove unnecessary characters (like the \ at the end).
                          Below the field there is a list of excluded drives.
                          Behind each entry there is a small "Delete" icon.

                          When a full system scan is started, then the agent downloads the list of ignored folders from my account.

                          T 1 Reply Last reply Reply Quote 0
                          • T Offline
                            Tom VulnDetect Team Member @OLLI_S
                            last edited by

                            @OLLI_S Awesome

                            This with the \ that you refer to is only a command line thing. In the UI we control it and it will behave differently.

                            /Tom
                            Download the latest SecTeer VulnDetect agent here:
                            https://vulndetect.com/dl/secteerSetup.exe

                            1 Reply Last reply Reply Quote 0
                            • OLLI_SO Offline
                              OLLI_S Community Moderator
                              last edited by

                              @Tom Thank you for implementing the --ignore command line parameter.
                              I added some backup folders and drives to the exclusion list and now my list of applications is shorter.
                              It really helps a lot!

                              1 Reply Last reply Reply Quote 1
                              • OLLI_SO Offline
                                OLLI_S Community Moderator
                                last edited by OLLI_S

                                @Tom said in [Work in progress] Exclude specific drives/folders from scan:

                                HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\SecTeer\Agent

                                I imported the reg-file and I saw that you have a list of ignored folders in the registry that looks like this:

                                C:\Program Files\dotnet
                                C:\Program Files\Common Files
                                

                                Is there a way to comment out a path (so that it is not used while scanning but still in the list)?
                                So in the Toolbox and in the Configuration of VulnDetect users can have a checkbox in front of each path and check it (folder will be ignored) or un-check it (folder will not be ignored).

                                In the Toolbox this will look like this:

                                Toolbox_for_Vulndetect_3.1_Alpha_Excluded_Folders.png

                                OLLI_SO 1 Reply Last reply Reply Quote 0
                                • OLLI_SO Offline
                                  OLLI_S Community Moderator @OLLI_S
                                  last edited by

                                  @Tom I suggest that you implement an UI like this:

                                  Toolbox_for_Vulndetect_3.1_Alpha_Excluded_Folders.png

                                  So users can

                                  • add folders they want to exclude
                                  • remove folders permanently from the list of excluded folders
                                  • remove folders temporarily from the list of excluded folders by unchecking the checkbox

                                  There might be some folders that always will be ignored by default, these folders are greyed out in the folder list.
                                  This should cover all scenarios.

                                  OLLI_SO 1 Reply Last reply Reply Quote 0
                                  • T Tom referenced this topic on
                                  • OLLI_SO OLLI_S referenced this topic on
                                  • OLLI_SO Offline
                                    OLLI_S Community Moderator @OLLI_S
                                    last edited by

                                    This feature has been implemented in the Corporate Version of VulnDetect.
                                    Here you see a screen shot, how it looks there:
                                    2024-02-11_12h22_32.png
                                    Therefore, I mark this topic as Implemented.

                                    1 Reply Last reply Reply Quote 0
                                    • OLLI_SO OLLI_S unpinned this topic on
                                    • OLLI_SO OLLI_S moved this topic from Feature and Functionality Requests on
                                    • First post
                                      Last post
                                    Download SecTeer Personal VulnDetect - an alternative to the long lost Secunia PSI

                                    Please see our Privacy and Data Processing Policy
                                    Sponsored and operated by SecTeer | VulnDetect is a replacement for the EoL Secunia PSI
                                    Forum software by NodeBB