[Implemented] Exclude specific drives/folders from scan

Reply to [Implemented] Exclude specific drives/folders from scan on Sun, 11 Feb 2024 12:15:25 GMT

OLLI_S — Sun, 11 Feb 2024 12:15:25 GMT

This feature has been implemented in the Corporate Version of VulnDetect.
Here you see a screen shot, how it looks there:

Therefore, I mark this topic as Implemented.

Reply to [Implemented] Exclude specific drives/folders from scan on Sat, 30 May 2020 10:36:52 GMT

OLLI_S — Sat, 30 May 2020 10:36:52 GMT

@Tom I suggest that you implement an UI like this:

So users can

add folders they want to exclude
remove folders permanently from the list of excluded folders
remove folders temporarily from the list of excluded folders by unchecking the checkbox

There might be some folders that always will be ignored by default, these folders are greyed out in the folder list.
This should cover all scenarios.

Reply to [Implemented] Exclude specific drives/folders from scan on Sun, 28 Apr 2019 18:43:42 GMT

OLLI_S — Sun, 28 Apr 2019 18:43:42 GMT

@Tom said in [Work in progress] Exclude specific drives/folders from scan:

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\SecTeer\Agent

I imported the reg-file and I saw that you have a list of ignored folders in the registry that looks like this:

C:\Program Files\dotnet
C:\Program Files\Common Files

Is there a way to comment out a path (so that it is not used while scanning but still in the list)?
So in the Toolbox and in the Configuration of VulnDetect users can have a checkbox in front of each path and check it (folder will be ignored) or un-check it (folder will not be ignored).

In the Toolbox this will look like this:

Reply to [Implemented] Exclude specific drives/folders from scan on Sat, 02 Feb 2019 11:45:39 GMT

OLLI_S — Sat, 02 Feb 2019 11:45:39 GMT

@Tom Thank you for implementing the --ignore command line parameter.
I added some backup folders and drives to the exclusion list and now my list of applications is shorter.
It really helps a lot!

Reply to [Implemented] Exclude specific drives/folders from scan on Thu, 31 Jan 2019 18:15:49 GMT

Tom — Thu, 31 Jan 2019 18:15:49 GMT

@OLLI_S Awesome

This with the \ that you refer to is only a command line thing. In the UI we control it and it will behave differently.

Reply to [Implemented] Exclude specific drives/folders from scan on Thu, 31 Jan 2019 17:03:43 GMT

OLLI_S — Thu, 31 Jan 2019 17:03:43 GMT

@Tom said in [Work in progress] Exclude specific drives/folders from scan:

I would appreciate to get a bit of feedback on how you wish to use this feature as it will tell us a lot about what users wish to ignore and why.

I want to exclude:

two external backup-drives (a complete drive like F:\ and G:\ )
a backup-folder of my user profile
a transfer-folder where I transfer files from my PC and my VM

Here it would be cool when I have a list of excluded folders in the configuration (web UI).
Add an input field where the user can enter a drive/path and a button "Add".
When the user presses "Add" you can remove unnecessary characters (like the \ at the end).
Below the field there is a list of excluded drives.
Behind each entry there is a small "Delete" icon.

When a full system scan is started, then the agent downloads the list of ignored folders from my account.

Reply to [Implemented] Exclude specific drives/folders from scan on Thu, 31 Jan 2019 16:58:33 GMT

Tom — Thu, 31 Jan 2019 16:58:33 GMT

@OLLI_S said in [Work in progress] Exclude specific drives/folders from scan:

@Tom You never know how users enter the paths in the registry / the Toolbox.

That is true, but we don't control how Windows cmd.exe interprets special characters such as \

And in the long run, this will be done via the UI. Only technically savvy users should play with this in the registry or on the command line.

Reply to [Implemented] Exclude specific drives/folders from scan on Thu, 31 Jan 2019 16:55:44 GMT

Tom — Thu, 31 Jan 2019 16:55:44 GMT

I should also mention that this will be added to the UI at some point, but that is not a high priority as we believe that the registry solution will suffice for most of the current user base.

I would appreciate to get a bit of feedback on how you wish to use this feature as it will tell us a lot about what users wish to ignore and why.

Reply to [Implemented] Exclude specific drives/folders from scan on Thu, 31 Jan 2019 16:55:11 GMT

OLLI_S — Thu, 31 Jan 2019 16:55:11 GMT

@Tom You never know how users enter the paths in the registry / the Toolbox.

Reply to [Implemented] Exclude specific drives/folders from scan on Thu, 31 Jan 2019 16:45:06 GMT

Tom — Thu, 31 Jan 2019 16:45:06 GMT

@OLLI_S I will talk with a developer about it, but I actually think this is dictated by Windows, as the \ will escape the "
However, doing:

secteer.exe --immediate --ignore=c:\

Will work.

Reply to [Implemented] Exclude specific drives/folders from scan on Thu, 31 Jan 2019 16:40:48 GMT

Tom — Thu, 31 Jan 2019 16:40:48 GMT

@OLLI_S No, command line arguments are NOT stored.

Reply to [Implemented] Exclude specific drives/folders from scan on Thu, 31 Jan 2019 16:23:41 GMT

OLLI_S — Thu, 31 Jan 2019 16:23:41 GMT

I found a little issue:
For testing I wanted to exclude my C drive and changed my batch file:

"C:\Program Files (x86)\SecTeer VulnDetect\secteer.exe" --immediate --ignore="C:\"

But when I do a full system scan then the drive C:\ is not ignored!
When I start the scan then I see In the command line the following line:

ignorePaths : D:\_Bakup_Profile_C-Laufwerk, C:"

The " at the end looks a bit strange.
So I removed the \ at the end of the line:

"C:\Program Files (x86)\SecTeer VulnDetect\secteer.exe" --immediate --ignore="C:"

But when I do a full system scan then the drive C:\ is NOW ignored!

So you should accept in the command line both variants (with the \ at the end and without it).

Reply to [Implemented] Exclude specific drives/folders from scan on Thu, 31 Jan 2019 15:57:29 GMT

OLLI_S — Thu, 31 Jan 2019 15:57:29 GMT

@Tom Cool feature!
I set the topic as "[Work in progress]".

@Tom said in Exclude specific drives/folders from scan:

You should also pay attention to the fact that it is merged with the registry entries.

Does this mean that the paths I enter at --ignore are stored in the registry?

Reply to [Implemented] Exclude specific drives/folders from scan on Thu, 31 Jan 2019 15:51:01 GMT

Tom — Thu, 31 Jan 2019 15:51:01 GMT

Those running secteer.exe directly like this:

secteer.exe --immediate

May appreciate to know that this new feature also applies to the command line:

secteer.exe --immediate --ignore="c:\windows" --ignore="c:\Program Files" --ignore="c:\Program Files (x86)" --path="c:\scanthis" --path="c:\andthis"

Notice that --path and --ignore can be supplied multiple times.

You should also pay attention to the fact that it is merged with the registry entries.

Reply to [Implemented] Exclude specific drives/folders from scan on Thu, 31 Jan 2019 15:43:31 GMT

Tom — Thu, 31 Jan 2019 15:43:31 GMT

The agent that we expect to release officially tomorrow (version 1.0.0.0) includes a hidden "feature".

You may download the new version from here:
https://test.vulndetect.com/dl/secteerSetup.exe

You can now ignore folders / drives by editing the registry.

First you need to import the below entries by storing it as a ".reg" file and import it (double click it).

.reg file:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\SecTeer\Agent]
"inspectionPaths"=hex(7):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,20,00,28,00,78,00,38,00,36,00,29,00,00,00,00,00
"ignorePaths"=hex(7):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,64,00,6f,00,74,00,6e,00,65,00,74,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,00,00,00,00

After importing this you can open regedt32 or regedit and go to:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\SecTeer\Agent

Now you can edit it in clear text.

Reply to [Implemented] Exclude specific drives/folders from scan on Wed, 12 Dec 2018 20:44:10 GMT

OLLI_S — Wed, 12 Dec 2018 20:44:10 GMT

@Ascendor I merged your topic with the existing topic, because it is the same suggestion.
Thank you for suggesting this!

Reply to [Implemented] Exclude specific drives/folders from scan on Wed, 12 Dec 2018 19:39:09 GMT

Ascendor — Wed, 12 Dec 2018 19:39:09 GMT

Hey,

I hold some backups on my system. These files are outdated and will stay outdated. Since I cannot explicitly select which folders to scan, those files will pollute my results list.
Please add a function to restrict folders to be scanned.

Thanks!

Reply to [Implemented] Exclude specific drives/folders from scan on Sat, 22 Sep 2018 10:23:43 GMT

OLLI_S — Sat, 22 Sep 2018 10:23:43 GMT

You also should add a parameter in your secteer.exe that excludes files and folders.
For example the parameter --exclude.

Reply to [Implemented] Exclude specific drives/folders from scan on Sun, 03 Jun 2018 20:19:43 GMT

OLLI_S — Sun, 03 Jun 2018 20:19:43 GMT

@tom said in Exclude specific drives/folders from scan:

So in short, the agent already supports this, but the feature has not been enabled yet.

Cool!

Reply to [Implemented] Exclude specific drives/folders from scan on Sun, 03 Jun 2018 17:39:32 GMT

Tom — Sun, 03 Jun 2018 17:39:32 GMT

@olli_s This feature is planned and will be implemented once we go from Tech Preview to Beta. We are also aware that in particular German companies have to exclude the scanning of certain user folders due to privacy concerns. So in short, the agent already supports this, but the feature has not been enabled yet.