[Solved] Microsoft Teams - No longer detected (Bug)
-
Microsoft Teams was detected in the past but currently it is no longer detected.
Here the information extracted from the EXE file:
File name and path: C:\Users\melan\AppData\Local\Microsoft\Teams\current\Teams.exe Product Name: Microsoft Teams Internal Name: Teams Original Filename: Teams.exe File Description: Microsoft Teams Company: Microsoft Corporation Legal Copyright: Copyright (C) 2016 Microsoft. All rights reserved. Legal Trademarks: Comments: File Version String: 1.5.00.9163 File Version: 1.5.0.9163 Product Version String: 1.5.00.9163 Product Version: 1.5.0.9163 -
O OLLI_S moved this topic from Detection Issues on
-
Microsoft Teams Desktop Client is now shown.
Thank you @Tom for fixing this! -
@OLLI_S I pushed that host to our "test" inspection processor (SCHME) and analysed the processing logs.
The issue was that there are multiple Teams.exe files, and in rare cases, a temporary file created by the Microsoft Teams updater, got elected as the parent. But another rule set, dictates that all these temporary files should be "discarded", thus this temporary file and all it's "children" vanished.
I've changed the logic of the bundling, so this temporary file always will be a child (if it exists). When the temporary file is discarded by the other rule set, then it won't affect the results that you and other users see.
This was a good "catch".
Thank you!
(this also means that it wasn't related to the user being inactive)
-
@Tom Is this procedure not a possible security risk?
Many apps install themselves in user content and if the user is not online for a week, then admins will never get the info, that there are known vulnerabilities on the machine....
I think this is very risky.To test this, I logged in on the target machine as the target user (see PMs in the chat).
Then I started a full system scan (twice).But Microsoft Teams is still not shown!
-
@OLLI_S I checked your account, there is one installation on a PC under your user.
I can't see any Teams installations on other PCs or for other users.
Can you send a PM with the host name?
Thinking about it, there might be a natural explanation for this, which I can't check in any easy way. In the latest agent versions, we look at active users, and we only show apps that are installed under
\Users\<username>\if the user has been active within the past 7 days.So if the user you refer to hasn't used the PC for a long time, then the apps for that user will be hidden, even if the PC is online.
Once the user becomes active again, the results are included (and updated) on subsequent inspections.
/Tom
Download the latest SecTeer VulnDetect agent here:
https://vulndetect.com/dl/secteerSetup.exe