It seems that the Flexera guys didn't like that we, as a new user, posted about the VulnDetect project, despite them discontinuing the beloved Secunia PSI.

We would very much appreciate if you would gently the spread the word and a few links to vulndetect.org / https://vulndetect.com/?1, it is much needed, so we have a lot of testers once the alpha is ready.

We also feel that it is important to invite all the PSI forum users to come here and join the VulnDetect forum.

We are also very open to creating new Categories and Sub-categories here, where different, related subjects can be discussed and provide moderator privileges to those who want to contribute.

/Tom

group multiple instances of a vulnerable program in the listing and allow me to expand that section when I want

Suggested by @CTaylor

At this point, we believe that we have developed approx. 80% of the core functionality, this includes:

• Binary to collect data on the client system
• Scheduling of the binary
• Data collection and parsing from the binary
• Authentication and account management
• Backend for curating data about software and vulnerabilities
• Infrastructure

ToDo:

• Processing of the collected data / matching with the curated data
• UI
• Optimisation and testing of the binary
• Curating data

And loads of more stuff, but first we need to finish the above and get an alpha version out to you.

/Tom

LibreOffice has been added. It has been added as one product, since the vendor doesn't seem to support the individual apps with individual updates.

@ted OK, this explains, the agent did not yet do an inspection. With the current schedule it will take 10 hours.
Btw. you may want to delete / modify the picture / comment, since it displays your IP.

The agent already has support for this. How we display this, is decided in each rule. Thus, we may treat this independently for each program, but it seems most likely, that we will report individually, since most programs require separate updates for 32 and 64-bit versions.
It is something that we will pay attention to and if you see errors in the results, then it should be reported individually for each program.

Hi Ascendor,

Did you read this, we do link to this during installation:
https://secteer.com/privacy-policy-personal-carma/

SecTeer will collect the following information for CARMA consumer accounts:

Name (optional)
Email / Username (mandatory)
Password (mandatory)
Other personal information is not required to use the product, but you may be encouraged to supply this
IP addresses used to log in and submit data

The SecTeer CARMA products will collect the following information from your PC or device:

Program file names (NOT data files)
Meta data of program files, including, but not limited to size, version information, date, hashes, digital signatures, and other header / meta information
Directory structure i.e location of program files
Registry information related to installed software
Hostname or other unique identifier, to ensure correct correlation in reporting

Unfortunately, we do not offer a way around this nor do we have any plans to offer a different way of detected this and providing the results.

If you are concerned about this, then you can achieve a bit more anonymity, by registering using an alternative email address and perhaps send your data via a VPN (we do not support a proxy yet, but that may be implemented at a later stage).

And, soon, we will start anonymizing the data further i.e. by using placeholders for usernames in e.g. "c:\Users<yourusername>". However, this has NOT been implemented yet.

We've also planned another feature, which will allow you to exclude certain folders or drives.

Nitro PDF Reader and Nitro Pro has been added.

You should note that version 5 went End-of-Life long ago and should be considered insecure.

UI should be GUI not line

Suggested by @Alex-Connolly

In order to uninstall the Adobe Genuine Service (AGS) silently using the Custom Software feature, you need to download the following ZIP file:
https://helpx.adobe.com/content/dam/help/en/enterprise/using/uninstall-creative-cloud-products/jcr_content/root/content/flex/items/position/position-par/procedure/proc_par/step_0/step_par/download_section/download-1/Win_AdobeGenuineCleaner.zip

Once extracted, you need one file:
AdobeGenuineCleaner.exe

This requires one argument --UninstallUserDriven

You are now ready to assign it to one or more hosts in order to uninstall this service.

@OLLI_S This should have been solved on 2nd December, can you confirm?

And thank you for reporting it.

During testing of the Google Chrome 131.0.6778.109 MSI package, we found that it was broken, resulting in Exit Code 1603 after attempting to spawn a UAC prompt as the SYSTEM user.

This issue occurs both when upgrading via VulnDetect and Intune. In some cases, it even breaks the existing installation during rollback of the failed update.

As a result, we pulled the update before releasing it to customers.

Once Google has fixed the Enterprise "ready" MSI installer, we will update the package and make it available after thorough testing.

Please "upvote" the following post by Mikhail Gurin if you are affected by this and have a Google account. Hopefully, this will help make Google prioritize the fix: https://support.google.com/chrome/thread/311347547

For reference, we use the following installers:

https://dl.google.com/tag/s/dl/chrome/install/googlechromestandaloneenterprise.msi
https://dl.google.com/tag/s/dl/chrome/install/googlechromestandaloneenterprise64.msi

We also tested the EXE-based installers for offline deployment but found that these are incompatible with MSI-based installations.

It should be noted that the MSI works if launched interactively as a regular user who can approve the UAC prompt.

Can I uninstall the Agent using the Agent and Custom Software?

Yes, that is doable, although you won't be able to see the correct state in the Job Activity, because the system won't be able to report back to the backend.

Here is a PowerShell script that does that:

# Set environment variables for 32-bit and 64-bit Windows
$ProgramData = $env:ProgramData
$SecTeer = "SecTeer VulnDetect"
$myTaskPath = "\$SecTeer\"

if ($env:PROCESSOR_ARCHITECTURE -eq "x86") {
    $agentRegPath = 'Registry::HKLM\Software\SecTeer\Agent'
    $appRegPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*"
    $ProgramFiles = "${env:ProgramFiles}"
} else {
    $agentRegPath = 'Registry::HKLM\Software\WOW6432Node\SecTeer\Agent'
    $appRegPath = "SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*"
    $ProgramFiles = "${env:ProgramFiles(x86)}"
}

$SecTeerPath = Join-Path -Path $ProgramFiles -ChildPath $SecTeer

# Determine the uninstall method - prefer EXE uninstaller if available
$command = if (Test-Path -Path "$SecTeerPath\unins000.exe") {
    Join-Path -Path $SecTeerPath -ChildPath "unins000.exe"
} elseif (Test-Path -Path "$SecTeerPath\unins001.exe") {
    Join-Path -Path $SecTeerPath -ChildPath "unins001.exe"
} else {
    $null
}

# Launch the uninstaller if found, attempt MSI removal otherwise
if ($command) {
    try {
        $processSpecs = New-Object System.Diagnostics.ProcessStartInfo
        $processSpecs.FileName = $command
        $processSpecs.RedirectStandardError = $True
        $processSpecs.RedirectStandardOutput = $True
        $processSpecs.UseShellExecute = $False
        $processSpecs.Arguments = "/VERYSILENT /SUPPRESSMSGBOXES /FORCECLOSEAPPLICATIONS /NOCANCEL"
        $process = [System.Diagnostics.Process]::Start($processSpecs)
        $process.WaitForExit()
    } catch {
        Write-Warning "Failed to start the uninstaller process: $_"
    }
} else {
    try {
        Uninstall-Package -Name "$SecTeer" -Force -ErrorAction SilentlyContinue
    } catch {
        Write-Warning "Failed to uninstall the package: $_"
    }
}

# Remove all scheduled tasks related to SecTeer VulnDetect
$scheduleTasks = @(
    "SecTeer VulnDetect*",
    "SecTeerVulnDetectAgentStateMonitoring",
    "SecTeerVulnDetectMaintenance*"
)

foreach ($taskName in $scheduleTasks) {
    try {
        Get-ScheduledTask -TaskName $taskName -TaskPath "\" -ErrorAction SilentlyContinue | Unregister-ScheduledTask -Confirm:$false
    } catch {
        Write-Warning "Failed to unregister task $taskName: $_"
    }
}

# Clear registry remnants in Add/Remove Programs
try {
    Get-ItemProperty "HKLM:\$appRegPath" | Where-Object { $_.DisplayName -like "$SecTeer*" } | Remove-Item -Force -ErrorAction SilentlyContinue
} catch {
    Write-Warning "Failed to remove registry remnants: $_"
}

# Purge leftover files and folders
try {
    $folderToRemove = Join-Path -Path $ProgramData -ChildPath $SecTeer
    Remove-Item -Path $folderToRemove -Recurse -Force -ErrorAction SilentlyContinue
} catch {
    Write-Warning "Failed to remove folder $folderToRemove: $_"
}

Write-Output "$SecTeer has been successfully removed."

Thank you for reporting this. I believe it is fixed now. But I failed to find an account that belongs to you with this app, so I didn't double check that it works.

Note that it requires a new inspection.

Version 3.4.0.0 is the latest Stable release.

It can be downloaded from here:
https://vulndetect.com/dl/agents/secteerSetup-3.4.0.0.exe
https://vulndetect.com/dl/agents/secteerSetup-3.4.0.0.msi

Based on customer requests we've examined ways to update Portable Apps, like apps form the SysInternals bundle.

There are many ways to achieve this, but we wanted one that works well with the Custom Software feature in VulnDetect.

We also wanted to avoid making one Config per App in the SysInternals bundle.

And, since these files can live in various places, including folders that are writable by non-privileged users, we wanted to be careful not to overwrite the wrong files or follow symbolic links.

The script will not overwrite files unless they have the company name specified in the $companyNameToCheck variable, it will also not touch files in the $excludedDirs.

The combination of Custom Software and this script assumes that you add a ZIP archive as an Additonal File and that the ZIP archive contains a folder called "files" with all the SysInternal files you want to replace, e.g. the entire SysInternals bundle.

You can also edit the $sourceDir variable if you want to use a different layout in your ZIP archive.

The below script was created by ChatGPT (by OpenAI). It was created based on the above requirements and it has been reviewed and tested by SecTeer.

Note: This script is intended to run in an automated fashion and with a sub folder of known trusted files. Executing this in the wrong location and altering variables and conditions may have unforeseen consequences, because the script overwrites files recursively.

# Define the company name to check for
$companyNameToCheck = "Sysinternals - www.sysinternals.com"

# Get the current working directory and set the source directory to the "files" subfolder
$sourceDir = Join-Path -Path (Get-Location) -ChildPath "files"
$drive = "C:\"

# List of directories to exclude (common shim file locations)
$excludedDirs = @(
    "$env:SystemRoot\AppPatch",
    "$env:SystemRoot\System32\ShimCache"
)

# Function to get the latest file from a directory
function Get-LatestFile {
    param (
        [string]$directory,
        [string]$fileName
    )
    $files = Get-ChildItem -Path $directory -Filter $fileName
    $latestFile = $files | Sort-Object LastWriteTime -Descending | Select-Object -First 1
    return $latestFile
}

# Function to check the "Company Name" and "Product Name" properties of a file
function Get-FileProperties {
    param (
        [string]$filePath
    )
    $properties = Get-ItemProperty -Path $filePath -Name 'VersionInfo'
    return @{
        CompanyName = $properties.VersionInfo.CompanyName
        ProductName = $properties.VersionInfo.ProductName
    }
}

# Function to recursively replace files in the target directory with the latest from the source directory
function Replace-Files {
    param (
        [string]$sourceDir,
        [string]$drive,
        [string]$companyNameToCheck
    )

    # Get the list of files in the source directory
    $sourceFiles = Get-ChildItem -Path $sourceDir

    # Iterate over each file in the source directory
    foreach ($sourceFile in $sourceFiles) {
        # Get the latest version of the source file
        $latestSourceFile = Get-LatestFile -directory $sourceDir -fileName $sourceFile.Name

        # Find matching files in the drive recursively, excluding the source directory and excluded directories
        $matchingFiles = Get-ChildItem -Path $drive -Filter $sourceFile.Name -Recurse -ErrorAction SilentlyContinue | Where-Object {
            $_.FullName -notlike "$sourceDir*" -and
            $excludedDirs -notcontains $_.DirectoryName
        }

        # Replace each matching file with the latest source file if the company name matches and it is not a Chocolatey shim file
        foreach ($targetFile in $matchingFiles) {
            $properties = Get-FileProperties -filePath $targetFile.FullName
            if ($properties.CompanyName -eq $companyNameToCheck -and $properties.ProductName -notlike "*Chocolatey Shim*") {
                Copy-Item -Path $latestSourceFile.FullName -Destination $targetFile.FullName -Force
                Write-Output "Replaced $($targetFile.FullName) with $($latestSourceFile.FullName)"
            } else {
                Write-Output "Skipped $($targetFile.FullName) as it is either not from '$companyNameToCheck' or it is a Chocolatey shim file"
            }
        }
    }
}

# Call the function to replace files
Replace-Files -sourceDir $sourceDir -drive $drive -companyNameToCheck $companyNameToCheck

@OLLI_S There are a few users, yes.

The website doesn't really state anything at all:
https://pcmanager.microsoft.com/en-us

I'll leave it as Untracked and Pre-release for now, do let me know if you see some official statement that I can link to and then we'll flag the EXE edition as EoL.

@OLLI_S From what I can see, then detection of Rufus and SumatraPDf is working as expected. As you know, part of our detection relies on the original filenames, so when an app or user renames EXE files, it easily (and intentionally) bypasses our detection.

Is FileZilla a standard sub application of Cygwin?

Perhaps we should bundle it?

@OLLI_S We actually stopped bundling it a long time ago. When I look at your results, then I see all the 365 Apps.

There are two reasons we stopped bundling it. One is that Microsoft frequently releases unknown builds to a subset of systems, this breaks some logic that we rely upon. The other is that the Suite system doesn't support packages, so in order to support updating 365 Apps, we had to stop using the Suite bundle.

We may change this eventually, but it's not on the roadmap at the moment.

Btw. if some of your 365 Apps disappear, then it may be because you ran into one of those Unknown builds, please ping me directly, next time you only see some of them, then I can verify whether this is the reason.