my 'inspection data' is too big and cannot be submitted to server: The time limit for the transaction has been reached.



  • Hello,

    my 'inspection data' cannot be submitted to server:

    My Win7-OS has german language:
    german: Das Zeitlimit für den Vorgang wurde erreicht.
    english: The time limit for the transaction has been reached.

    [2019-04-27 06:50:09.141+0120] Enumerated filesystem in 317.783ms
    [2019-04-27 06:50:09.141+0120] Read file version information in 326.102ms
    [2019-04-27 06:50:09.152+0120] Inspecting registry
    [2019-04-27 06:50:09.342+0120] Inspected registry in 0.189ms
    [2019-04-27 06:50:09.348+0120] Sending inspection data to server
    [2019-04-27 06:50:09.349+0120] Connecting to server: agent.vulndetect.com
    [2019-04-27 06:50:39.352+0120] Error in server communication (290,197) : (0x00002ee2) => Das Zeitlimit f++r den Vorgang wurde erreicht.
    [2019-04-27 06:50:39.352+0120] Failed to submit inspection data:
    [2019-04-27 06:50:39.352+0120] Waiting 10 minutes before retrying

    I guess the (german-OS) message comes from an "http POST command" used by secteer and my 'inspection data' is too big.
    My Win7 is rather old (from July 2009) and has seen a lot (!!) of hardware, software, updates and problems ... .

    Waiting just repeats the error.


    To check if its dependent to one of my files I split the analysis by running secteer with option --immediate in several steps.
    As DriveLetter c:\ is also too big, i split it into 2 parts:
    one step on c:\windows with all other Windows-Checks and a
    second step on Folder C:\SecTeer with Hard-Links/NTFS-Links/NTFS-Junction/... to all 1st-stage-Folders on C:\ except C:\Windows.

    C:\Program Files
    C:\Program Files (x86)
    C:\ProgramData
    C:\Users
    C:\PerfLogs
    ...
    

    All these single steps can now submit the data without errors
    (and i can check results directly after each step)

    "C:\Program Files (x86)\SecTeer VulnDetect\secteer.exe" --path "C:\Windows" --immediate
    pause
    "C:\Program Files (x86)\SecTeer VulnDetect\secteer.exe" --no-winupdate --no-registry --no-system --path "C:\SecTeer" --immediate
    pause
    "C:\Program Files (x86)\SecTeer VulnDetect\secteer.exe" --no-winupdate --no-registry --no-system --path "D:" --immediate
    pause
    ... continuing with other Drive Letters ...

    I have also a Dual-Boot Win10 (not seeing the Win7-drive) where SecTeer has run fine at the beginning.
    After installing MS Visual Studio 2017 CE the data is now also too big and a split is necessary.

    Is there a way on my side to submit the data in one step?

    Thx!


  • VulnDetect Team Member

    @cdqEAW67 That is indeed good news.
    Thank you for verifying this.



  • Hi,
    sorry for delay too.
    I now updated to agent v1.0.6.0 and submission to server is now successful!
    So the problem is fixed.

    Many Thanks!


  • VulnDetect Team Member

    Hi,

    Sorry about the delayed release, but a new version of the agent has been released today. Please do let me know if this fixes the issue.

    https://vulndetect.org/topic/411/release-secteer-vulndetect-agent-v1-0-2-0

    /Tom


  • VulnDetect Team Member

    Thank you again for reporting this.

    After thorough investigation we found that this is not due to your inspections reaching our size limits, but rather the fact that the data submission time exceeds the default timeout in the Windows WinHTTP API, this subsequently leads to our back-end timing out, because the agent / WinHTTP stopped sending data.

    We will be releasing a new version of the agent, which will set a higher timeout value, which we believe will be adequate for all reasonable scenarios.

    I will post again, once we release the new agent.


  • VulnDetect Team Member

    We have increased a size limit today on inspection results. Please try again and report if this has fixed it.


  • VulnDetect Team Member

    Hi,
    Thanks for reporting this. We've just tried increasing the memory limit on the service that receives the data.

    In the log you'll see an auth token:

    authToken : 906097e1-4aed-4025-a651-xxxxxxxxxxxx
    

    Could you send me that via the chat function here on the forum? That will make it easier to troubleshoot on our end.

    Thank you
    Tom