SecTeer VulnDetect Support Forum

    VulnDetect

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Download VulnDetect Installer

    [Work in progress] Hide bundled applications

    Feature and Functionality Requests
    app-detection
    3
    14
    3444
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • OLLI_S
      OLLI_S Community Moderator last edited by OLLI_S

      Some applications come bundled within other applications.
      For example: 7-Zip that is found 4 times on my system:

      • 3 times in the folder of the NVIDIA drivers and NVIDIA GeForce Experience
      • 1 times in the folder of StarCitizen

      For these versions of 7-Zip are not listed in the list of installed applications in the Windows 10 Settings.

      These versions are updated by the bundled product, the user must not update these instances manually.
      The problem is that VulnDetect offers download links also for these installations.

      1 Reply Last reply Reply Quote 0
      • Referenced by  T Tom 
      • OLLI_S
        OLLI_S Community Moderator @Tom last edited by

        @tom said in [Work in progress] Hide bundled applications:

        I see you opened something similar for the corporate edition

        Wich topic to you mean?

        1 Reply Last reply Reply Quote 0
        • T
          Tom VulnDetect Team Member @OLLI_S last edited by

          @olli_s We can close it, I see you opened something similar for the corporate edition

          /Tom
          Download the latest SecTeer VulnDetect agent here:
          https://vulndetect.com/dl/secteerSetup.exe

          OLLI_S 1 Reply Last reply Reply Quote 0
          • OLLI_S
            OLLI_S Community Moderator @Tom last edited by

            @Tom VulnDetect (Personal) offers bundling and as far as I can see this topic here can be closed.
            Or is there any specific reason, why you want to leave it opened?

            T 1 Reply Last reply Reply Quote 0
            • T
              Tom VulnDetect Team Member @Anselm last edited by

              @Anselm
              That is true.
              However, it is still the responsibility of the parent program to report this and fix it. You are likely to break many programs if you just replace the DLL.
              We will keep an eye out for this and add detection for DLLs when we become aware of programs that bundle vulnerable versions and "provide" a vector to exploit it (very often Java and AIR vulnerabilities can't be exploited, because there is no feasible vector, the same is the case for many DLLs).

              /Tom
              Download the latest SecTeer VulnDetect agent here:
              https://vulndetect.com/dl/secteerSetup.exe

              OLLI_S 1 Reply Last reply Reply Quote 0
              • A
                Anselm @Tom last edited by

                @Tom ok, but: if you have a vulnerability in the exe file, you also have it in the dll. And often applications bundles the dll and not the exe.

                T 1 Reply Last reply Reply Quote 0
                • T
                  Tom VulnDetect Team Member @Anselm last edited by

                  @Anselm Currently, we will limit it to the products that we already detect.

                  The detection of libraries / DLLs is not within our current scope. Though we may create a few exceptions, when there is major issues like with "unacev2.dll".

                  /Tom
                  Download the latest SecTeer VulnDetect agent here:
                  https://vulndetect.com/dl/secteerSetup.exe

                  A 1 Reply Last reply Reply Quote 0
                  • A
                    Anselm @Tom last edited by

                    @Tom do you talk about exe or dll? I think you have a lot of programs bundled together e.g. with 7zip.dll or unrar.dll.

                    T 1 Reply Last reply Reply Quote 0
                    • OLLI_S
                      OLLI_S Community Moderator last edited by OLLI_S

                      Cool, @Tom that VulnDetect now supports Bundled Apps.

                      1 Reply Last reply Reply Quote 0
                      • T
                        Tom VulnDetect Team Member last edited by

                        The UI has been updated two days ago, to support bundled applications. This means that most bundled applications can be viewed in the UI.

                        Any feedback on bundling is welcome.

                        When you see detections of e.g. 7-Zip, curl, Java and so on, that are actually part of other programs, please post it, send it via email or in the chat and we will create both the parent product and create the bundling specification that relates the two pieces of software.

                        /Tom
                        Download the latest SecTeer VulnDetect agent here:
                        https://vulndetect.com/dl/secteerSetup.exe

                        A 1 Reply Last reply Reply Quote 0
                        • T
                          Tom VulnDetect Team Member last edited by

                          Finally, we are getting ready to launch this new feature. We have run the first tests in the test environment and are ready to update the backend either tomorrow or Monday.

                          The first iteration will hide (disregard) the bundled apps.

                          However, we expect to make an update for the UI very soon, that will allow you to view the hidden bundled applications.

                          Please, do start to report bundled applications, in most cases, all we need is a copy of the path of e.g. Java, Flash, curl or whatever program that is part of another parent installation.

                          /Tom
                          Download the latest SecTeer VulnDetect agent here:
                          https://vulndetect.com/dl/secteerSetup.exe

                          1 Reply Last reply Reply Quote 0
                          • T
                            Tom VulnDetect Team Member last edited by

                            We will not hide them completely, but they will be reported more subtle and in a way where only experts would want to spend that extra click or two to get the details.

                            While this is work in progress, then it is not something you should expect very soon.

                            /Tom
                            Download the latest SecTeer VulnDetect agent here:
                            https://vulndetect.com/dl/secteerSetup.exe

                            1 Reply Last reply Reply Quote 0
                            • A
                              Anselm last edited by

                              I would like to now about those applications. Experts like me often update those packages as a workaround, if the "main" application does not do it (e.g. the main application is eol).

                              1 Reply Last reply Reply Quote 0
                              • T
                                Tom VulnDetect Team Member last edited by

                                Yes, I perfectly agree. That is work in progress and once the tech has been implemented then we will start reviewing all the cases. I'll let you know, and then we need those reported as well.

                                /Tom
                                Download the latest SecTeer VulnDetect agent here:
                                https://vulndetect.com/dl/secteerSetup.exe

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Download SecTeer Personal VulnDetect - an alternative to the long lost Secunia PSI

                                Please see our Privacy and Data Processing Policy
                                Sponsored and operated by SecTeer | VulnDetect is a replacement for the EoL Secunia PSI
                                Forum software by NodeBB