agent / secteer.exe dies when analysing my Office 15.0 (Office 2013) Registry entries
agent / secteer.exe v-220.127.116.11 dies when analysing my Office 15.0 (Office 2013) Registry entries
The agent does not display a window. Log file stops after "There are 8 registry rules". When running from Admin-CMD there is a message window (Dr. Watson^^).
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\15.0] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\15.0\Common] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\15.0\Common\FilesPaths] "office.odf"="C:\\PROGRA~2\\COMMON~1\\MICROS~1\\OFFICE15\\Cultures\\OFFICE.ODF" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\15.0\Common\InstallRoot] "Path"="C:\\Program Files (x86)\\Microsoft Office\\Office15\\"
shortest way to reproduce:
"C:\Program Files (x86)\SecTeer VulnDetect\secteer.exe" --no-filesystem --no-winupdate --no-system --no-msi --immediate
After (saving as .reg) and deleting the Registry-Tree the registry can scanned successfull with my Win7. Importing the .reg to a Win10 causes also secteer.exe to die.
Btw: I didn't have Office 2013 installed. Only VisionViewer2013.
A re-installation with an additional update (KB3178640) do not put back these reg-keys. So I have no idea when and by whom they have been created.
Well, it shouldn't die regardless of what is in the registry. So we will also have a look at this one.
I would appreciate to get a hold of that .reg file. I know that there may be some sensitive data in there, such as names, email addresses and perhaps a license key, which you may want to mask before sending it to us.
You can send it to me on "tom at vulndetect dot com"
What You see in Code-Window ist the complete reg-file (no Office 2013/365 installed on my side)!
That's why I thought you may be interested in.
Sorry for confusing ...
I'm sure I reproduced it on my Win10 before posting,
but now it's UR (unreproducable) there
In that case it's not relevant to others (only to my special-Win7).
So you can mark this as 'closed' ...
Well, none-the-less, we did make some improvements, because there was a potential issue and we managed to reproduce it one time.
From our testing we believe that it can't be consistently reproduced.
Please upgrade to VulnDetect version 18.104.22.168 and do let us know if you see anything similar again.
After re-importing the reg to my Win7 the 22.214.171.124 is dying again.
The 126.96.36.199 is continuing the scan and submits the data (checked with agent and --immediate).
So it's OK now!!
@cdqEAW67 That is great news, it was actually quite relevant, we have identified about a handful of others who were affected by this.
So once again, thank you.