SecTeer VulnDetect Support Forum

    VulnDetect

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Download VulnDetect Installer

    [Solved] Microsoft Teams - No longer detected (Bug)

    Solved Detection Issues
    app-detection bug
    2
    5
    121
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • OLLI_S
      OLLI_S Community Moderator last edited by OLLI_S

      Microsoft Teams was detected in the past but currently it is no longer detected.


      Here the information extracted from the EXE file:

      File name and path:     C:\Users\melan\AppData\Local\Microsoft\Teams\current\Teams.exe
      Product Name:           Microsoft Teams
      Internal Name:          Teams
      Original Filename:      Teams.exe
      
      File Description:       Microsoft Teams
      Company:                Microsoft Corporation
      Legal Copyright:        Copyright (C) 2016 Microsoft. All rights reserved.
      Legal Trademarks:       
      Comments:               
      
      File Version String:    1.5.00.9163
      File Version:           1.5.0.9163
      Product Version String: 1.5.00.9163
      Product Version:        1.5.0.9163
      
      T 1 Reply Last reply Reply Quote 0
      • Moved from Detection Issues by  OLLI_S OLLI_S 
      • OLLI_S
        OLLI_S Community Moderator last edited by

        Microsoft Teams Desktop Client is now shown.
        Thank you @Tom for fixing this!

        1 Reply Last reply Reply Quote 0
        • T
          Tom VulnDetect Team Member @OLLI_S last edited by Tom

          @OLLI_S I pushed that host to our "test" inspection processor (SCHME) and analysed the processing logs.

          The issue was that there are multiple Teams.exe files, and in rare cases, a temporary file created by the Microsoft Teams updater, got elected as the parent. But another rule set, dictates that all these temporary files should be "discarded", thus this temporary file and all it's "children" vanished.

          I've changed the logic of the bundling, so this temporary file always will be a child (if it exists). When the temporary file is discarded by the other rule set, then it won't affect the results that you and other users see.

          This was a good "catch".

          Thank you!

          (this also means that it wasn't related to the user being inactive)

          /Tom
          Download the latest SecTeer VulnDetect agent here:
          https://vulndetect.com/dl/secteerSetup.exe

          1 Reply Last reply Reply Quote 0
          • OLLI_S
            OLLI_S Community Moderator @Tom last edited by

            @Tom Is this procedure not a possible security risk?
            Many apps install themselves in user content and if the user is not online for a week, then admins will never get the info, that there are known vulnerabilities on the machine....
            I think this is very risky.

            To test this, I logged in on the target machine as the target user (see PMs in the chat).
            Then I started a full system scan (twice).

            But Microsoft Teams is still not shown!

            T 1 Reply Last reply Reply Quote 0
            • T
              Tom VulnDetect Team Member @OLLI_S last edited by

              @OLLI_S I checked your account, there is one installation on a PC under your user.

              I can't see any Teams installations on other PCs or for other users.

              Can you send a PM with the host name?

              Thinking about it, there might be a natural explanation for this, which I can't check in any easy way. In the latest agent versions, we look at active users, and we only show apps that are installed under \Users\<username>\ if the user has been active within the past 7 days.

              So if the user you refer to hasn't used the PC for a long time, then the apps for that user will be hidden, even if the PC is online.

              Once the user becomes active again, the results are included (and updated) on subsequent inspections.

              /Tom
              Download the latest SecTeer VulnDetect agent here:
              https://vulndetect.com/dl/secteerSetup.exe

              OLLI_S 1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Download SecTeer Personal VulnDetect - an alternative to the long lost Secunia PSI

              Please see our Privacy and Data Processing Policy
              Sponsored and operated by SecTeer | VulnDetect is a replacement for the EoL Secunia PSI
              Forum software by NodeBB