agent / secteer.exe dies when analysing my Office 15.0 (Office 2013) Registry entries



  • agent / secteer.exe v-1.0.6.0 dies when analysing my Office 15.0 (Office 2013) Registry entries

    "dies" means:
    The agent does not display a window. Log file stops after "There are 8 registry rules". When running from Admin-CMD there is a message window (Dr. Watson^^).

    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\15.0]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\15.0\Common]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\15.0\Common\FilesPaths]
    "office.odf"="C:\\PROGRA~2\\COMMON~1\\MICROS~1\\OFFICE15\\Cultures\\OFFICE.ODF"
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\15.0\Common\InstallRoot]
    "Path"="C:\\Program Files (x86)\\Microsoft Office\\Office15\\"
    

    shortest way to reproduce:
    "C:\Program Files (x86)\SecTeer VulnDetect\secteer.exe" --no-filesystem --no-winupdate --no-system --no-msi --immediate

    After (saving as .reg) and deleting the Registry-Tree the registry can scanned successfull with my Win7. Importing the .reg to a Win10 causes also secteer.exe to die.

    Btw: I didn't have Office 2013 installed. Only VisionViewer2013.
    A re-installation with an additional update (KB3178640) do not put back these reg-keys. So I have no idea when and by whom they have been created.


  • VulnDetect Team Member

    @cdqEAW67 That is great news, it was actually quite relevant, we have identified about a handful of others who were affected by this.
    So once again, thank you.



  • After re-importing the reg to my Win7 the 1.0.6.0 is dying again.
    The 1.0.7.0 is continuing the scan and submits the data (checked with agent and --immediate).
    So it's OK now!!👍
    Thx


  • VulnDetect Team Member

    Well, none-the-less, we did make some improvements, because there was a potential issue and we managed to reproduce it one time.

    From our testing we believe that it can't be consistently reproduced.

    Please upgrade to VulnDetect version 1.0.7.0 and do let us know if you see anything similar again.
    https://vulndetect.com/dl/secteerSetup.exe



  • Sorry for confusing ...

    I'm sure I reproduced it on my Win10 before posting,
    but now it's UR (unreproducable) there 😞

    In that case it's not relevant to others (only to my special-Win7).
    So you can mark this as 'closed' ...

    Sorry again!



  • What You see in Code-Window ist the complete reg-file (no Office 2013/365 installed on my side)!
    That's why I thought you may be interested in.


  • VulnDetect Team Member

    I would appreciate to get a hold of that .reg file. I know that there may be some sensitive data in there, such as names, email addresses and perhaps a license key, which you may want to mask before sending it to us.

    You can send it to me on "tom at vulndetect dot com"

    Thank you


  • VulnDetect Team Member

    Well, it shouldn't die regardless of what is in the registry. So we will also have a look at this one.


Log in to reply