SecTeer VulnDetect Support Forum

    VulnDetect

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Download VulnDetect Installer
    1. Home
    2. Tom
    T
    • Profile
    • Following 1
    • Followers 1
    • Topics 42
    • Posts 1092
    • Best 25
    • Controversial 0
    • Groups 2

    Tom

    @Tom

    VulnDetect Team Member

    Monitoring software for vulnerabilities and new releases to keep your system safer and to keep improving VulnDetect detection and results.

    34
    Reputation
    1973
    Profile views
    1092
    Posts
    1
    Followers
    1
    Following
    Joined Last Online
    Website vulndetect.com Location Copenhagen

    Tom Unfollow Follow
    VulnDetect Team Member Global Moderator

    Best posts made by Tom

    • Secunia PSI Forum

      It seems that the Flexera guys didn't like that we, as a new user, posted about the VulnDetect project, despite them discontinuing the beloved Secunia PSI.

      We would very much appreciate if you would gently the spread the word and a few links to vulndetect.org / https://vulndetect.com/?1, it is much needed, so we have a lot of testers once the alpha is ready.

      We also feel that it is important to invite all the PSI forum users to come here and join the VulnDetect forum.

      We are also very open to creating new Categories and Sub-categories here, where different, related subjects can be discussed and provide moderator privileges to those who want to contribute.

      /Tom

      posted in General Discussion
      T
      Tom
    • [Implemented] Grouping multiple (vulnerable) programs

      group multiple instances of a vulnerable program in the listing and allow me to expand that section when I want

      Suggested by @CTaylor

      posted in Implemented Feature Requests
      T
      Tom
    • Overview of Feature and Functionality Requests

      This thread is a summary of all user contributed suggestions that were posted in this forums.
      It will be updated with links to new suggestions and also reflect the status of suggestions.

      Please make one new thread for each feature suggestion were other users can vote and discuss about the suggested features.
      Thank you for sharing your ideas!

      Notes:

      • At the time of writing (May 2018) the SecTeer Personal CARMA is only in Tech Preview. A beta version is not due before late 2018.

      • Inclusion on this list does not imply that we will implement it, nor does it indicate any sort of priority.

      • We may rewrite suggestions (titles) to fit with the terminology that we intend to use or to fit how we believe that feature should be designed.


      List of Applications:

      • [Work in progress] Download Updates with one click
      • [Work in progress] Bundling Applications - Adjust UI
      • Show Available Version
      • Column-Headers
      • Optional Columns
        • Column "Company"
        • Column "File Path"
        • Column "Users"
        • Column "Last Used"
      • Report Errors
      • Filter Applications
      • Threat Level
      • Show Updates of the VulnDetect-Client on top
      • Overall Score
      • Rename "By" and "Based on"
      • Column "Available Minor Version"
      • Allow to ignore Updates and Apps
      • Allow to Sort the Columns
      • Color Contrast of the Status text
      • Report missing apps
      • Show excluded applications in a "Debug-Mode"
      • New Status values:
        • New Status "Outdated" (for non-security updates)
        • New Status "Under Review"
      • Separate download link for 32-Bit and 64-Bit Apps
      • Show Reason for Unsafe Status
      • Ignore detections
      • Simple program listing
      • Download link / info if no update available
      • Flag auto-updating apps
      • Exclude apps updated by Windows update
      • Hide Apps
      • Show updates immediately without a Scan (Server-Sided)
      • Recommend Deletion of Unsafe Installers
      • Show Counters
      • Show Last Inspection in List of Applications
      • Export List of Applications
      • Expand/Collapse all entries in the List of Applications
      • Show Replacement Application
      • Allow Notes in List of Apps
      • One Application List for all Clients
      • Additional Status for Update Available
      • Suggest apps via the List of Applications
      • Show Changes over time in the List of Apps
      • Mark Windows 10 Store Apps in the List of Apps
      • Mark VulnDetect Updated Apps in the List of Apps
      • Link to Vulnerability ID from the List of Applications
      • List of Applications - Improved UI
      • Different Views in the List of Applications
      • List of Apps - Recommendations could be problematic
      • Update List of Applications after Update immediately
      • Explain the Labels in the List of Applications
      • Inherit Vulnerability Status
      • Show entry "Windows" in the List of Apps
      • Show System Information in the List of Apps
      • Unique display of missing version information
      • Filter by Status
      • New icon for Bundling
      • Link 0-Day Information from the Forums
      • [Implemented] Show full path
      • [Implemented] New Status "End-Of-Life"
      • [Implemented] End of Life Info
      • [Implemented] Increase the width of the Version Number
      • [Implemented] Start scan manually with a button click
      • [Implemented] Add icons to indicate collapse feature
      • [Implemented] Grouping multiple (vulnerable) programs

      Configuration:

      • [Work in progress] Exclude specific drives/folders from scan
      • Allow to rename the computer (Host name)
      • Allow to change the email address
      • Button colours in the Review Agent window
      • Add multiple computers (Family/Companies)
      • Show the online status of each computer
      • Configure CheckIn interval
      • Multi-Language support at the VulnDetect website
      • Show Warning at unsaved changes
      • Allow to set up a Proxy Server
      • Change Language at the Website and VulnDetect Agent
      • Allow to change the order of computers
      • Tooltip Help in Configuration
      • Log of actions / applied updates
      • Optional partial scan
      • Scan Oprions
      • [Implemented] Show hours in configuration with leading zero
      • [Implemented] Show timestamp of the last scan
      • [Implemented] Full scan by default

      Local Agent / app:

      • [Work in progress] Auto-update
      • Show VulnDetect Icon in the System Tray
      • Open the VulnDetect website from the VulnDetect Agent
      • Show Version Information of the VulnDetect Agent
      • Start Full System Scan from the VulnDetect Agent
      • Check for Updates of the VulnDetect Agent
      • Change time in logs to local time
      • Show Scan Status in the VulnDetect Agent
      • VulnDetect Agent should notify Available Updates
      • Pause Inspection
      • Automatically Pause Inspection (Silent Mode)
      • GUI as app, not online
      • Progress Bar
      • Automatic scanning
      • Portable Version of VulnDetect Agent
      • Show "VulnDetect Scan" Desktop Icon
      • Create Log-Folder before Scanning
      • Warn when installing applications with known vulnerabilities
      • New Parameter "--pause"
      • Register Client with other E-Mail without uninstalling
      • VulnDetect Agent - Context Menu
      • [Implemented] Don't store log files in the Windows folder

      Application detection:

      • [Work in progress] Consider installed Language at applications
      • [Work in progress] Hide bundled applications
      • Handling of Beta versions
      • Consider ESR Versions
      • Show updates for Browser-Plugins
      • Show updates for Microsoft Products (not Windows)
      • Show updates for Drivers
      • Show updates for Portable Applications
      • Show updates for Games
      • Comprehensive Detection
      • Show BIOS-Updates and Firmware-Updates
      • Show updates for Windows Store Apps
      • Show Installed .NET Framework Versions
      • [Implemented] Show updates for Microsoft Windows
      • [Implemented] Differentiate between 32-Bit and 64-Bit

      Other:

      • Lookup in database
      • Easier program suggestion
      • Library and easy Installation of popular apps
      • New tab "Recent Apps" in List of Applications
      • Optimize Website for Mobile Devices
      • [Implemented] Two Factor Authentication (2FA)

      Business Users:

      • Gather installed software in the company
      • Send Admin information about available updates
      • Detect Manually Installed Software (in companies)
      • Colour Contrast Issues (Business Edition)
      • Expand Software Versions to see Hosts
      • List of Problematic Apps of all Hosts

      posted in Feature and Functionality Requests
      T
      Tom
    • RE: Nothing to see

      @ted OK, this explains, the agent did not yet do an inspection. With the current schedule it will take 10 hours.
      Btw. you may want to delete / modify the picture / comment, since it displays your IP.

      posted in Bugs and issues
      T
      Tom
    • Passwords, identities and data breaches

      Hi,

      With this post, I’d like to encourage everybody to share and discuss their views on subjects related to IT-security and privacy.

      One thing that I personally have spent a lot of time refining over the past years, is my handling of the ever increasing number of services and apps that I rely on, and the credentials used to authenticate with these.

      I don’t believe that I have the perfect solution, if such a thing ever will exist. However, I’ve aimed for a reasonable compromise between usability and security. Too often, the two don’t go well hand-in-hand, but I am growing increasingly pleased with my own little semi-homegrown solution.

      But before we go on to that, I want to ask you, if you ever checked whether your credentials were exposed somewhere online?

      One good site to check this is (feel free to suggest others):
      https://haveibeenpwned.com/

      The intentions behind the site seems legit and genuine, the guy behind it is Troy Hunt.

      One of my email addresses is currently listed as breached from 3 well known sites.

      Fortunately, I’ve never used any of these three services for anything I deem sensitive, nor did I reuse my credentials, so I am pretty sure that the risk of this having any further impact on me, is very limited.

      One easy way to avoid reusing credentials is to let your browser remember usernames and passwords for the sites you visit.

      Personally, I HATE that concept.

      Why do I hate this?

      Well, I like technology, and I like to be free. If I use one browser to store my credentials, then I am stuck, at least with the browser, perhaps even with both the Operating System and the browser.

      Yes, I do know that most browsers are so nice and offer to share your settings (and credentials) between devices, and today you can even get Edge for Android, Firefox and Chrome (Chromium) is on all platforms I use, so is Opera. Yet, I would risk being stuck with one browser or having to import / export between them. No fun.

      Also, what is the most exposed piece of software on your rig or device? The browser! So not a particularly good place to store all your sensitive passwords IMHO.

      So, what’s the solution then?

      Well, I don’t know what will work for you. But I chose, years ago, to go with a simple old school password manager.

      The one I chose, stores all usernames, URL’s, passwords, comments, and even files, encrypted. It’s Keepass 2 or KeePassXC, depending on the platform I use.

      There is a bunch of plugins and stuff you can use, to make it run on other platforms or integrate with your favorite browser(s). Personally, I use the plain vanilla editions of the two, with no additional tools.

      Because of the encryption, utilized by KeePass, I feel fairly safe, even though I actually share my password database between all my platforms via a (public) cloud drive service.

      I will not go into which cloud drive service is better for this purpose, and you may have to play around to find the one that suits your needs best, as not all cloud drives behave equally well, on all devices.

      One thing you need to ensure, is that the cloud drive is fast at recognizing changes to the password database and sync it with the cloud.

      I’d like to stress one little annoying thing, when it comes to syncing between devices, sometimes you may find that updating on one device overwrites the changes made by another device, if you didn’t load the latest version, before adding a new set of credentials.

      I “solved” this, in a reasonably neat way, using a feature in KeePass 2, called “Synchronize” -> “Synchronize with File”. This allows merging / synchronizing two password databases (that share the same password / keyfile).

      To support this, I have the following structure of files:
      • MyMasterPasswordDatabase.kdbx
      • LaptopPasswordDatabase.kdbx
      • HomeRIGPasswordDatabase.kdbx
      • TabletPasswordDatabase.kdbx

      In other words, I have one database file for each device. This ensures that I never accidentally overwrite changes made on another system. The only thing you need to remember, is to close the password database, when you stop using a device, but that ought to be part of your best practices anyway, no need to let all those passwords float unencrypted in memory, when it isn’t needed.

      Occasionally, I will open the “master” file and sync it with all the other files. Practically, this ends up being something I do once or twice a week.

      Note, you need to sync all of them twice. This way all changes from each file is stored in the master and in turn the changes made in the master is stored in the other files. This operation only takes a few seconds.

      At this point I manage a total of more than 500 sets of credentials. I reckon that around 80-100 are used more or less frequently, the remainder may be purely historical and could probably be deleted, however, given the structure and search features of KeePass, I don’t really feel a need to tidy the contents of my database. And sometimes you happen to revisit a service that you haven’t used for years and then it is a great feeling to still have the credentials.

      For most people, this may seem tedious and troublesome at first, but I find this much better, and more convenient, than having a few fixed credentials that I use everywhere or keeping a spreadsheet or other insecure document with credentials.

      Currently, I remember about 10 sets of credentials, this includes PIN codes, phone screen lock, system passwords, KeePass password, and a few more. These are never stored in my KeePass, because I use them so frequently (that I easily remember them) and I need them to access the systems where I store my KeePass file(s). But the remaining, around 500, they are safely and conveniently stored in my KeePass.

      Once you get going with your password manager, then remember to play with the short cuts, you will find that getting the credentials using autotype and similar features is very convenient.

      A few extra tips for added security

      The default setup is probably good enough for most, and “perfectly” safe, as long as the password you use for your KeePass is unique and fairly strong.

      However, I also chose to add the security of a “Key file / provider”. This is a “secret” file, which you need to keep safe and far away from your cloud drive.

      My “Key file” has never been on any public system, nor has it been sent via any network. It has only been transferred from device to device using an (encrypted) USB stick. But be aware, if you lose this file, then you will NEVER be able to access your password database again, so this measure is not for the faint of heart.

      Another thing I did, was to change the “Key transformation” and increase the number of “Iterations”. This basically means that your password is “hashed” X number of times, before it is used to unlock the master key for the database. The larger the number, the harder it is to brute force your password, but be aware, that if the number is too high, then it will take a long time to open your database. In my opinion, any number that allows the transformation to happen in less than a second is acceptable. In other words, this allows you to have a shorter and more simple password for your database. My password is more than 20 characters long, which may be slightly exaggerated.

      Oh, one last thing, DO NOT USE the “Windows user account” option for unlocking. Read the fine warnings to learn why. No matter how convenient or tempting this may sound, then it is only good and useful in enterprise environments or if you are an expert in Windows networking.

      I’d love to hear how you deal with your credentials, feel free to comment and suggest alternative approaches.

      posted in General Discussion
      T
      Tom
    • RE: [Implemented] Differentiate between 32-Bit and 64-Bit

      The agent already has support for this. How we display this, is decided in each rule. Thus, we may treat this independently for each program, but it seems most likely, that we will report individually, since most programs require separate updates for 32 and 64-bit versions.
      It is something that we will pay attention to and if you see errors in the results, then it should be reported individually for each program.

      posted in Implemented Feature Requests
      T
      Tom
    • RE: [Added] Libre Office - App-Request

      LibreOffice has been added. It has been added as one product, since the vendor doesn't seem to support the individual apps with individual updates.

      posted in Added App Requests
      T
      Tom
    • RE: New Status "Outdated" (for non-security updates)

      Categorize programs that have security vulnerabilities separately from those that are just bug fixes and feature updates. Best would be a simple filter. I could look at just security vulnerabilities normally, but would flip a switch to see bug fixes/ feature updates

      Suggested by @CTaylor

      posted in Feature and Functionality Requests
      T
      Tom
    • Adobe Genuine Service (AGS) app - Uninstall

      In order to uninstall the Adobe Genuine Service (AGS) silently using the Custom Software feature, you need to download the following ZIP file:
      https://helpx.adobe.com/content/dam/help/en/enterprise/using/uninstall-creative-cloud-products/jcr_content/root/content/flex/items/position/position-par/procedure/proc_par/step_0/step_par/download_section/download-1/Win_AdobeGenuineCleaner.zip

      Once extracted, you need one file:
      AdobeGenuineCleaner.exe

      AdobeAGS-Uninstall.PNG

      This requires one argument --UninstallUserDriven

      You are now ready to assign it to one or more hosts in order to uninstall this service.

      posted in [Corporate] Deployment -> Custom Software
      T
      Tom
    • RE: [Added] Nitro PDF Reader Free - App-Request

      Nitro PDF Reader and Nitro Pro has been added.

      You should note that version 5 went End-of-Life long ago and should be considered insecure.

      posted in Added App Requests
      T
      Tom

    Latest posts made by Tom

    • RE: Intel PROSet Wireless Software false positive?

      The driver file is present, so in that sense the software is there. But it appears that the driver also is bundled with other software from Intel.

      I can also see that there is a new version, that will be added soon.

      However, there are some issues with the accuracy of this, that is also why it is released as "Testing".

      It should be clear in the UI of Personal edition with a black "Testing" pill. In the Personal we default to show these "Testing" apps, in order to get this kind of feedback.

      However, in the Corporate, it isn't visible for ordinary accounts, except for Olli, and for our internal test accounts. The issue here, is that you can't see that it is "Testing" in the Corporate UI, so you may be led to believe that it is fully supported. Since Olli is the only external person who can see "Testing" in Corporate, we won't change that any time soon.

      This detection will remain as "Testing", while we await a new backend feature, which should aid us in tracking this in a proper and reliable manner.

      posted in Detection Issues
      T
      Tom
    • RE: [Solved] Norton Security - Detected Version Incorrect (Version incorrect in EXE)

      @OLLI_S Thank you, I've changed the file. Please report if that causes other issues.

      posted in Solved Detection Issues
      T
      Tom
    • RE: [Solved] Ghostscript new recommended version but no download flag

      @OLLI_S Looks like it is fixed.

      posted in Solved Detection Issues
      T
      Tom
    • RE: Acronis Cyber Protect home office recommended version is not available

      @GregAlexandre Version 40278 is available now and I also confirmed it by downloading it.

      posted in Detection Issues
      T
      Tom
    • RE: Acronis Cyber Protect home office recommended version is not available

      @GregAlexandre
      The advisory is still present:
      https://security-advisory.acronis.com/updates/UPD-2302-3bd6-1ff4

      Description
      This update contains fixes for 2 high severity security vulnerabilities and is recommended for all users.
      
      More details will be published soon.
      

      Let's hope they release a new build asap.

      posted in Detection Issues
      T
      Tom
    • RE: Acronis Cyber Protect home office recommended version is not available

      @GregAlexandre If you look at this page, you'll see the latest build referenced:
      https://www.acronis.com/en-us/support/updates/

      However, if you click the link, then you get the older version, also the release notes has been pulled.

      It is curious, as our robot found build 40252 on 21 February, and the update was detected on one or more customer PC's on 22nd, and the update was assigned to a curator who made the rule (on 22nd).

      And there was even a new entry in their advisory database, indicating that build 40252 fixes security issues (albeit, no details were present).

      We will set 40173 as Recommended for now and update as soon as a new build has been released.

      posted in Detection Issues
      T
      Tom
    • RE: Splunk Forwarder Services

      @lammertsm Thank you. Detection has been added as "testing". We will soon release it properly.

      posted in App Requests
      T
      Tom
    • RE: Chocolatey not removed when installing 3.0.x agent

      @GregAlexandre

      Removing chocolatey isn't trivial for all users, since a few already used it or started using after it was installed by VulnDetect.

      We are assessing ways to determine this in a reliable way, so we don't remove it if the user has used it.

      Alternatively, we will release a removal script at some point, so you and others easily can remove it.

      posted in Bugs and issues
      T
      Tom
    • RE: [Added] Pencil - App-Request

      Thank you. The product has been added as "testing". Once we have collected proper rule data, we will release it.

      posted in Added App Requests
      T
      Tom
    • RE: [Solved] Ghostscript new recommended version but no download flag

      @GregAlexandre Interesting, I have no record of why it should have disappeared. Do let me know if it happens again.

      And thank you.

      posted in Solved Detection Issues
      T
      Tom