SecTeer VulnDetect Support Forum

    VulnDetect

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Download VulnDetect Installer

    [Solved] No Detected Applications & Enumerating Drive Stall

    Solved Bugs and Issues
    5
    23
    8651
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      scottsan last edited by OLLI_S

      I have no detected applications when I logon at:
      https://personal.vulndetect.com/#/applications

      I tried the command "secteer --immediate" at an administrator command prompt. It enumerates my 😄 and d: drives, but when it gets to my e: drive the program hangs and does nothing. I have let it wait a good while a few times. Any ideas? Below is text from administrator command prompt:

      C:\Program Files (x86)\SecTeer VulnDetect>secteer --check-in --immediate
      [2018-12-31 04:20:57.625-0360] SecTeer Agent v0.10.11.0 starting in immediate mode
      [2018-12-31 04:20:57.625-0360] Starting SecTeer Agent in immediate mode
      [2018-12-31 04:20:57.627-0360] Running immediate inspection
      [2018-12-31 04:20:57.628-0360] Configuration:
      version:: 0.10.11.0
      authToken : ba0b2e67-f4ec-4b88-80ae-xxxxxxxxxxxx
      server : agent.vulndetect.com
      guid1::
      guid2::
      guid3::
      checkInInterval:: 3600 seconds
      checkInRetryDelay:: 360 seconds
      maxCheckInRetryCount:: 10
      dataRetryDelay:: 1800 seconds
      inspectionWindow:: 21600 seconds
      timezoneOffset : -360 minutes
      checkInNow : true
      inspectNow : true
      noFilesystem:: false
      noRegistry:: false
      noWinUpdate:: false
      noSystem:: false
      noPackage:: true
      [2018-12-31 04:20:57.628-0360] Starting system inspection
      [2018-12-31 04:20:57.628-0360] Fetching inspection rules from server
      [2018-12-31 04:20:57.672-0360] Connecting to server: agent.vulndetect.com
      [2018-12-31 04:20:58.451-0360] Server returned 200 => OK
      [2018-12-31 04:20:58.455-0360] Found 'computerName' = 'LIVERNUGGET'
      [2018-12-31 04:20:58.511-0360] Enumerating Win32_OperatingSystem
      [2018-12-31 04:20:58.642-0360] Enumerating Win32_Bios
      [2018-12-31 04:20:58.666-0360] Searching updates: IsInstalled=0
      [2018-12-31 04:21:17.827-0360] Found 1 updates
      [2018-12-31 04:21:17.832-0360] Searching updates: IsInstalled=1
      [2018-12-31 04:21:30.659-0360] Found 70 updates
      [2018-12-31 04:21:30.897-0360] Filesystem redirection status: Redirection disabled
      [2018-12-31 04:21:30.897-0360] Enumerating 'C:'
      [2018-12-31 04:21:30.932-0360] Skipping 'C:$WINDOWS.~BT', since it is blacklisted
      [2018-12-31 04:21:30.932-0360] Skipping 'C:$Windows.~WS', since it is blacklisted
      [2018-12-31 04:21:33.787-0360] Skipping 'C:\System Volume Information', since it is blacklisted
      [2018-12-31 04:21:36.586-0360] Skipping 'C:\Windows\InfusedApps', since it is blacklisted
      [2018-12-31 04:21:36.588-0360] Skipping 'C:\Windows\Installer', since it is blacklisted
      [2018-12-31 04:21:39.447-0360] Skipping 'C:\Windows\WinSxS', since it is blacklisted
      [2018-12-31 04:21:39.455-0360] Enumerating 'D:'
      [2018-12-31 04:21:40.257-0360] Enumerating 'E:'

      1 Reply Last reply Reply Quote 1
      • OLLI_S
        OLLI_S Community Moderator last edited by

        OK, I mark the topic as Solved and move it to the category Solved Bugs and Issues.

        1 Reply Last reply Reply Quote 0
        • S
          scottsan @Tom last edited by

          @Tom Hi Tom....it looks like things are working ok now. Thanks.

          1 Reply Last reply Reply Quote 0
          • T
            Tom VulnDetect Team Member @scottsan last edited by

            @scottsan Thank you so much for sending this. I hope and believe that we nailed the issue this time, a new agent has been released:
            https://vulndetect.org/topic/411/release-secteer-vulndetect-agent-v1-0-1-0

            You may download it here:
            https://vulndetect.com/dl/secteerSetup.exe

            /Tom
            Download the latest SecTeer VulnDetect agent here:
            https://vulndetect.com/dl/secteerSetup.exe

            S 1 Reply Last reply Reply Quote 0
            • T
              Tom VulnDetect Team Member @scottsan last edited by

              @scottsan Thank you very much. You can send it to
              tom [at] vulndetect [dot] com

              /Tom
              Download the latest SecTeer VulnDetect agent here:
              https://vulndetect.com/dl/secteerSetup.exe

              1 Reply Last reply Reply Quote 0
              • S
                scottsan @Anselm last edited by

                @Anselm I have a zipped PML file that is 1.5MB. How do I get it to you?

                T 2 Replies Last reply Reply Quote 0
                • A
                  Anselm @scottsan last edited by

                  @tom saving the result from procmon as "native process monitor format (PML)" and you can load it at another computer with procmon and you can use the functionality of procmon (e.g. filter) for analysing. Compressing PML file with 7z and compression level ultra can save ~90% of size.

                  S 1 Reply Last reply Reply Quote 0
                  • S
                    scottsan @Tom last edited by

                    @Tom I ran procmon as instructed and have a .csv file of when the secteer command was started. The file is about 6MB. How can I send this to you?

                    Here is some info from the file:

                    ![0_1549303710471_9b918d37-215f-43a0-9ea3-b45c0b5c3844-image.png](Uploading 100%)
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 15320 CreateFile C:\Windows SUCCESS Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 15320 CreateFile C:\Windows\System32\wow64log.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 15320 CreateFile C:\Windows SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 15320 QueryNameInformationFile C:\Windows SUCCESS Name: \Windows
                    46:27.7 secteer.exe 15320 CloseFile C:\Windows SUCCESS
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 15320 CreateFile C:\Program Files (x86)\SecTeer VulnDetect SUCCESS Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 15320 CreateFile C:\Windows\SysWOW64\apphelp.dll SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 15320 QueryBasicInformationFile C:\Windows\SysWOW64\apphelp.dll SUCCESS CreationTime: 2019-01-22 8:49:48 PM, LastAccessTime: 2019-01-22 8:49:48 PM, LastWriteTime: 2019-01-22 8:49:48 PM, ChangeTime: 2019-01-22 9:06:55 PM, FileAttributes: A
                    46:27.7 secteer.exe 15320 CloseFile C:\Windows\SysWOW64\apphelp.dll SUCCESS
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 15320 CreateFile C:\Windows\SysWOW64\apphelp.dll SUCCESS Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 15320 CreateFileMapping C:\Windows\SysWOW64\apphelp.dll FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE|PAGE_NOCACHE
                    46:27.7 secteer.exe 15320 CreateFileMapping C:\Windows\SysWOW64\apphelp.dll SUCCESS SyncType: SyncTypeOther
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
                    46:27.7 secteer.exe 15320 CloseFile C:\Windows\SysWOW64\apphelp.dll SUCCESS
                    46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES

                    A 1 Reply Last reply Reply Quote 0
                    • T
                      Tom VulnDetect Team Member @scottsan last edited by

                      @scottsan I spoke to the developer of the agent and he needs some more debug info, to find out what is going on.

                      We would very much appreciate if you would follow his instructions and provide us feedback:

                      Download ProcMon:
                      https://docs.microsoft.com/en-us/sysinternals/downloads/procmon
                      
                      Run ProcMon as an administrative user.
                      Add the following filters:
                      Process Name is not secteer.exe => Exclude
                      Event Class is Registry => Exclude
                      Event Class is Network => Exclude
                      Event Class is Process => Exclude
                      Event Class is Profiling => Exclude
                      
                      Make sure Edit -> Auto Scroll is enabled.
                      Make sure File -> Capture Events is enabled.
                      
                      In an administrative command prompt, run:
                      secteer.exe --immediate --suppress-console --path e:\
                      
                      And watch the output of ProcMon to see what directories it is accessing, and if there are any hints as to what the issue is.
                      Is there a directory loop with infinitely recursing directories ?
                      Does the output stop at any point, and if so, what is the path ?
                      Is it very slow to enumerate the drive ?
                      

                      /Tom
                      Download the latest SecTeer VulnDetect agent here:
                      https://vulndetect.com/dl/secteerSetup.exe

                      S 1 Reply Last reply Reply Quote 0
                      • V
                        VulnDetect @scottsan last edited by

                        @scottsan We will come back with either a new version soon or some suggestions about how to troubleshoot it.
                        The only workaround so far is by using the ignore option in the registry as discussed in this thread:
                        https://vulndetect.org/topic/144/work-in-progress-exclude-specific-drives-folders-from-scan

                        /Tom

                        1 Reply Last reply Reply Quote 0
                        • S
                          scottsan @Tom last edited by

                          @Tom I tried the latest version of the agent and there is no change. I let it run for several hours and it just sits at Enumerating 'E:'. See details below.

                          C:\Program Files (x86)\SecTeer VulnDetect>secteer --immediate
                          [2019-02-01 03:17:14.122-0360] SecTeer Agent v1.0.0.0 starting in immediate mode
                          [2019-02-01 03:17:14.122-0360] Starting SecTeer Agent in immediate mode
                          [2019-02-01 03:17:14.126-0360] Running immediate inspection
                          [2019-02-01 03:17:14.126-0360] Configuration:
                          version:: 1.0.0.0
                          authToken : 5cafb66c-fb52-4ad2-bd72-xxxxxxxxxxxx
                          server : agent.vulndetect.com
                          guid1::
                          guid2::
                          guid3::
                          checkInInterval:: 600 seconds
                          checkInRetryDelay:: 60 seconds
                          maxCheckInRetryCount:: 10
                          dataRetryDelay:: 1800 seconds
                          inspectionWindow:: 21600 seconds
                          timezoneOffset : -360 minutes
                          currentTime:: 2019-01-31 21:17:14 (local time)
                          checkInNow:: false
                          inspectNow : true
                          noFilesystem:: false
                          noRegistry:: false
                          noWinUpdate:: false
                          noSystem:: false
                          noPackage:: true
                          inspectRemote:: false
                          [2019-02-01 03:17:14.126-0360] Starting system inspection
                          [2019-02-01 03:17:14.126-0360] Fetching inspection rules from server
                          [2019-02-01 03:17:14.161-0360] Connecting to server: agent.vulndetect.com
                          [2019-02-01 03:17:14.955-0360] Server returned 200 => OK
                          [2019-02-01 03:17:14.958-0360] Found 'computerName' = 'LIVERNUGGET'
                          [2019-02-01 03:17:15.030-0360] Enumerating Win32_OperatingSystem
                          [2019-02-01 03:17:15.120-0360] Enumerating Win32_Bios
                          [2019-02-01 03:17:15.153-0360] Searching updates: IsInstalled=0
                          [2019-02-01 03:17:38.605-0360] Found 1 updates
                          [2019-02-01 03:17:38.610-0360] Searching updates: IsInstalled=1
                          [2019-02-01 03:17:53.877-0360] Found 71 updates
                          [2019-02-01 03:17:54.112-0360] Filesystem redirection status: Redirection disabled
                          [2019-02-01 03:17:54.112-0360] Enumerating 'C:'
                          [2019-02-01 03:17:54.151-0360] Skipping 'C:$Windows.~WS', since it is blacklisted
                          [2019-02-01 03:17:59.775-0360] Skipping 'C:\System Volume Information', since it is blacklisted
                          [2019-02-01 03:18:03.357-0360] Skipping 'C:\Windows\InfusedApps', since it is blacklisted
                          [2019-02-01 03:18:03.360-0360] Skipping 'C:\Windows\Installer', since it is blacklisted
                          [2019-02-01 03:18:06.513-0360] Skipping 'C:\Windows\WinSxS', since it is blacklisted
                          [2019-02-01 03:18:06.520-0360] Enumerating 'D:'
                          [2019-02-01 03:18:10.193-0360] Enumerating 'E:'

                          V T 2 Replies Last reply Reply Quote 0
                          • T
                            Tom VulnDetect Team Member @scottsan last edited by

                            @scottsan We now have a new version of the agent, can you please test it and report back to us?
                            https://test.vulndetect.com/dl/secteerSetup.exe

                            The new version is NOT available from the normal download location yet.

                            /Tom
                            Download the latest SecTeer VulnDetect agent here:
                            https://vulndetect.com/dl/secteerSetup.exe

                            S 1 Reply Last reply Reply Quote 0
                            • T
                              Tom VulnDetect Team Member @Tom last edited by

                              @Tom We plan to start making improvements to the agent on Monday, I hope you will have time to test during next week.

                              /Tom
                              Download the latest SecTeer VulnDetect agent here:
                              https://vulndetect.com/dl/secteerSetup.exe

                              1 Reply Last reply Reply Quote 0
                              • T
                                Tom VulnDetect Team Member @scottsan last edited by

                                @scottsan It is the next thing on our todo, we have an update we need to push later this week. And after that we will dedicate some time to improve some things in the agent, which we believe will fix your issue.

                                /Tom
                                Download the latest SecTeer VulnDetect agent here:
                                https://vulndetect.com/dl/secteerSetup.exe

                                T 1 Reply Last reply Reply Quote 0
                                • S
                                  scottsan @Tom last edited by

                                  @Tom Any progress on my issue? The SecTeer VulnDetect software flat out does not work for me now. It did work fine for me a few months back. So meanwhile I have installed SUMo Software Update Monitor at https://kcsoftwares.com/files/sumo_lite.exe . It just works and even though it is a little more complicated to use.

                                  T 2 Replies Last reply Reply Quote 0
                                  • S
                                    scottsan @Tom last edited by

                                    @Tom My E: drive is one of 3 storage partitions (D:, E:. and F:) on a Western Digital 1 GB spinning hard drive....nothing special. I let the software run for about for 4 hours and it just sits at Enumerating 'e:' . See results below

                                    C:\Program Files (x86)\SecTeer VulnDetect>secteer.exe --immediate --path=e:
                                    [2019-01-05 00:14:39.814-0360] SecTeer Agent v0.10.11.0 starting in immediate mode
                                    [2019-01-05 00:14:39.814-0360] Starting SecTeer Agent in immediate mode
                                    [2019-01-05 00:14:39.817-0360] Running immediate inspection
                                    [2019-01-05 00:14:39.817-0360] Configuration:
                                    version:: 0.10.11.0
                                    authToken : cfc90742-f4ea-45d8-8bc8-xxxxxxxxxxxx
                                    server : agent.vulndetect.com
                                    guid1::
                                    guid2::
                                    guid3::
                                    checkInInterval:: 3600 seconds
                                    checkInRetryDelay:: 360 seconds
                                    maxCheckInRetryCount:: 10
                                    dataRetryDelay:: 1800 seconds
                                    inspectionWindow:: 21600 seconds
                                    timezoneOffset : -360 minutes
                                    checkInNow:: false
                                    inspectNow : true
                                    inspectionPath : e:
                                    noFilesystem:: false
                                    noRegistry:: false
                                    noWinUpdate:: false
                                    noSystem:: false
                                    noPackage:: true
                                    [2019-01-05 00:14:39.817-0360] Starting system inspection
                                    [2019-01-05 00:14:39.817-0360] Fetching inspection rules from server
                                    [2019-01-05 00:14:39.843-0360] Connecting to server: agent.vulndetect.com
                                    [2019-01-05 00:14:40.620-0360] Server returned 200 => OK
                                    [2019-01-05 00:14:40.624-0360] Found 'computerName' = 'LIVERNUGGET'
                                    [2019-01-05 00:14:40.679-0360] Enumerating Win32_OperatingSystem
                                    [2019-01-05 00:14:40.750-0360] Enumerating Win32_Bios
                                    [2019-01-05 00:14:40.781-0360] Searching updates: IsInstalled=0
                                    [2019-01-05 00:15:05.867-0360] Found 1 updates
                                    [2019-01-05 00:15:05.872-0360] Searching updates: IsInstalled=1
                                    [2019-01-05 00:15:17.961-0360] Found 70 updates
                                    [2019-01-05 00:15:18.132-0360] Filesystem redirection status: Redirection disabled
                                    [2019-01-05 00:15:18.132-0360] Enumerating 'e:'
                                    ^C
                                    C:\Program Files (x86)\SecTeer VulnDetect>secteer.exe --immediate --path=e:
                                    [2019-01-05 04:31:50.170-0360] SecTeer Agent v0.10.11.0 starting in immediate mode
                                    [2019-01-05 04:31:50.170-0360] Starting SecTeer Agent in immediate mode
                                    [2019-01-05 04:31:50.174-0360] Running immediate inspection
                                    [2019-01-05 04:31:50.174-0360] Configuration:
                                    version:: 0.10.11.0
                                    authToken : cfc90742-f4ea-45d8-8bc8-xxxxxxxxxxxx
                                    server : agent.vulndetect.com
                                    guid1::
                                    guid2::
                                    guid3::
                                    checkInInterval:: 3600 seconds
                                    checkInRetryDelay:: 360 seconds
                                    maxCheckInRetryCount:: 10
                                    dataRetryDelay:: 1800 seconds
                                    inspectionWindow:: 21600 seconds
                                    timezoneOffset : -360 minutes
                                    checkInNow:: false
                                    inspectNow : true
                                    inspectionPath : e:
                                    noFilesystem:: false
                                    noRegistry:: false
                                    noWinUpdate:: false
                                    noSystem:: false
                                    noPackage:: true
                                    [2019-01-05 04:31:50.174-0360] Starting system inspection
                                    [2019-01-05 04:31:50.174-0360] Fetching inspection rules from server
                                    [2019-01-05 04:31:50.205-0360] Connecting to server: agent.vulndetect.com
                                    [2019-01-05 04:31:51.040-0360] Server returned 200 => OK
                                    [2019-01-05 04:31:51.044-0360] Found 'computerName' = 'LIVERNUGGET'
                                    [2019-01-05 04:31:51.099-0360] Enumerating Win32_OperatingSystem
                                    [2019-01-05 04:31:51.171-0360] Enumerating Win32_Bios
                                    [2019-01-05 04:31:51.194-0360] Searching updates: IsInstalled=0
                                    [2019-01-05 04:32:15.667-0360] Found 1 updates
                                    [2019-01-05 04:32:15.672-0360] Searching updates: IsInstalled=1
                                    ^C
                                    C:\Program Files (x86)\SecTeer VulnDetect>

                                    1 Reply Last reply Reply Quote 1
                                    • T
                                      Tom VulnDetect Team Member @scottsan last edited by

                                      @scottsan
                                      What kind of drive is the E drive?
                                      Could you try to leave it running for hours and use
                                      secteer.exe --immedate --path=e:\
                                      without the " as I wrongly suggested initially.

                                      At the moment we don't have very good options for debugging this. But we do have plans to improve the inspection and the debugging / logging of what is going on, so we can troubleshoot this better. But we have another task that we need to complete first. And then I believe this is the highest priority.

                                      /Tom
                                      Download the latest SecTeer VulnDetect agent here:
                                      https://vulndetect.com/dl/secteerSetup.exe

                                      S 2 Replies Last reply Reply Quote 0
                                      • S
                                        scottsan @Tom last edited by

                                        @Tom Hi...I have tried scanning my e: drive by itself and the program stalls. Any ideas?

                                        T 1 Reply Last reply Reply Quote 0
                                        • S
                                          scottsan @Tom last edited by

                                          @Tom Tried the command and the program stalls when enumerating e:\ drive. See results below.

                                          C:\Program Files (x86)\SecTeer VulnDetect>secteer -v --immediate --path e:
                                          [2019-01-01 16:25:09.635-0360] SecTeer Agent v0.10.11.0 starting in immediate mode
                                          [2019-01-01 16:25:09.635-0360] Starting SecTeer Agent in immediate mode
                                          [2019-01-01 16:25:09.637-0360] Running immediate inspection
                                          [2019-01-01 16:25:09.637-0360] Configuration:
                                          version:: 0.10.11.0
                                          authToken : ba0b2e67-f4ec-4b88-80ae-xxxxxxxxxxxx
                                          server : agent.vulndetect.com
                                          guid1::
                                          guid2::
                                          guid3::
                                          checkInInterval:: 3600 seconds
                                          checkInRetryDelay:: 360 seconds
                                          maxCheckInRetryCount:: 10
                                          dataRetryDelay:: 1800 seconds
                                          inspectionWindow:: 21600 seconds
                                          timezoneOffset : -360 minutes
                                          checkInNow:: false
                                          inspectNow : true
                                          inspectionPath : e:
                                          noFilesystem:: false
                                          noRegistry:: false
                                          noWinUpdate:: false
                                          noSystem:: false
                                          noPackage:: true
                                          [2019-01-01 16:25:09.637-0360] Starting system inspection
                                          [2019-01-01 16:25:09.637-0360] Fetching inspection rules from server
                                          [2019-01-01 16:25:09.669-0360] Connecting to server: agent.vulndetect.com
                                          [2019-01-01 16:25:10.542-0360] Server returned 200 => OK
                                          [2019-01-01 16:25:10.547-0360] Found 'computerName' = 'LIVERNUGGET'
                                          [2019-01-01 16:25:10.609-0360] Enumerating Win32_OperatingSystem
                                          [2019-01-01 16:25:10.668-0360] Enumerating Win32_Bios
                                          [2019-01-01 16:25:10.700-0360] Searching updates: IsInstalled=0
                                          [2019-01-01 16:25:29.020-0360] Found 1 updates
                                          [2019-01-01 16:25:29.026-0360] Searching updates: IsInstalled=1
                                          [2019-01-01 16:25:40.697-0360] Found 70 updates
                                          [2019-01-01 16:25:40.892-0360] Filesystem redirection status: Redirection disabled
                                          [2019-01-01 16:25:40.892-0360] Enumerating 'e:'

                                          1 Reply Last reply Reply Quote 0
                                          • T
                                            Tom VulnDetect Team Member last edited by

                                            Thank you.

                                            Could you try to do a:

                                            secteer -v --immediate --path e:\
                                            

                                            If it reveals path and filenames that you don't want to share on the forum, then you are welcome to send the log via email to tom [at] vulndetect [dot] com

                                            /Tom
                                            Download the latest SecTeer VulnDetect agent here:
                                            https://vulndetect.com/dl/secteerSetup.exe

                                            S 2 Replies Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Download SecTeer Personal VulnDetect - an alternative to the long lost Secunia PSI

                                            Please see our Privacy and Data Processing Policy
                                            Sponsored and operated by SecTeer | VulnDetect is a replacement for the EoL Secunia PSI
                                            Forum software by NodeBB