[Solved] OpenSSH - Why is this found?


  • Community Moderator

    VulnDetect found OpenSSH twice on my system:

    • C:\Windows\System32\OpenSSH\ssh.exe
    • C:\Windows\WinSxS\amd64_openssh-client-components-onecore_31bf3856ad364e35_10.0.17134.1_none_e57dc8a085c8dd4a\ssh.exe

    This is a Windows System Component so this should be ignored because the user must not update this product in this folder!
    So, do you plan to show also Windows components?


  • Community Moderator

    This is bundled with windows and we have the suggestion [Work in progress] Hide bundled applications
    So I mark the issue as solved.


  • Community Moderator

    In my VM curl is found twice:
    1) C:\Windows\System32\curl.exe
    2) C:\Windows\WinSxS\amd64_curl_31bf3856ad364e35_10.0.17134.1_none_63ec3c6686553e29\curl.exe

    Both versions are shown as Unsave although the user must not update these versions (OS-Related).
    So you have to find a solution for system related apps.


  • Community Moderator

    I have an other App for your Special Treatment list: curl
    Found 2 times in the following folders:

    1) C:\Windows\System32\curl.exe
    2) C:\Windows\WinSxS\amd64_curl_31bf3856ad364e35_10.0.17134.1_none_63ec3c6686553e29\curl.exe

    Both are in the Windows 10 system folder so this must not be updated by the user


  • Community Moderator

    I have an other App for your Special Treatment list: Silverlight
    Found 2 times in the following folders:

    1) C:\Program Files\Microsoft Silverlight\sllauncher.exe
    2) C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe

    Both are in the Windows 10 system folder so this must not be updated by the user


  • Community Moderator

    I have an other App for your Special Treatment list: Flash Player
    Found 7 times in the following folders:

    1) C:\Windows\System32\Macromed\Flash\Flash.ocx
    2) C:\Windows\SysWOW64\Macromed\Flash\Flash.ocx
    3) C:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_10.0.17134.109_none_0d7973b1bf7e4a2c\Flash.ocx
    4) C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_10.0.17134.109_none_17ce1e03f3df0c27\Flash.ocx

    5) C:\Users\OLLI\AppData\Local\Google\Chrome\User Data\PepperFlash\30.0.0.113\pepflashplayer.dll
    6) D:\ _Bakup_Profile_C-Laufwerk\OLLI\AppData\Local\Google\Chrome\User Data\PepperFlash\30.0.0.113\pepflashplayer.dll
    7) D:\PortableApps\PortableApps\GoogleChromePortable\Data\profile\PepperFlash\30.0.0.113\pepflashplayer.dll

    At 6) I had to add a blank between "D:" and the "_".

    Number 1), 2), 3) and 4) are in the Windows 10 system folder so this must not be updated by the user
    Number 5) is bundled with Google Chrome
    Number 7) is bundled with Google Chrome Portable
    Number 6) is a backup of 5)


  • VulnDetect Team Member

    This is detected because it also is an independent program, which you may download and install.
    We will not detect system components that are not accessible as standalone programs.
    But I suppose we need to add OpenSSH to the list of products that needs contextual rules, so only the user managed versions will be reported and not the one managed by Windows.
    Thank you for highlighting this.