The purpose of this category is to demonstrate and document how to use the Custom Software feature in VulnDetect.
This feature is still under development, and some of the examples are considered experimental.
Please write comments to the individual posts or write to support. Support will then update the posts as applicable.
@OLLI_S I can see that it is detected, and I can see that Sandboxie is approx 33% more popular than the "Plus".
So it is fine.
@OLLI_S I believe this has been detected for a few months.
@OLLI_S I believe this has been detected for a while, probably based on this posting.
@OLLI_S Detection added, the version will be displayed correctly on Monday, after a curator has added the rules.
With the new Deployment -> Custom Software feature it is now possible to deploy and update Adobe Creative Cloud applications.
Note: Support for this is considered experimental at this point, so your mileage may vary.
Go to:
https://adminconsole.adobe.com/
Click Packages in the top menu.
On this page you can update an existing package or create a new.
Please prefix the package name with "Adobe". Currently the package script assumes that all ZIP archives are structured like the Adobe CC ZIP, but this may change in the future and it might base the "detection" of the source of the ZIP archive on the filename e.g. adobe*.zip.
Change the above as required.
After downloading the new or updated package you can upload it to VulnDetect.
You should give the Custom Deployment a meaningful Name, so it is easy to identify the hosts or groups it should be applied to, but also so it is easy to find the deployment and replace the correct ZIP file next time there is an update.
Note: If you apply the wrong package, it will install "missing" apps and it won't update the apps you intended to update. Choosing the right package for the right host is very important.
For Adobe CC ZIP archives the Installer Arguments must be: --silent
Uploading the 19GB ZIP took 57 minutes on my coax connection (approx. 500Mbps upstream).
Note that there may be issues with uploading very large files (>5GB) on "slow" connections. I experienced some issues on the 500Mbps asymmetric coax connection, whereas there were no issues on a 1/1Gbps full duplex / symmetric connection.
We've changed the limit for uploads, so you now can upload files up to 32GB.
After uploading the file, you need to select the groups or hosts to which you wish to deploy the package / updates.
Note that the package will apply a few minutes after any inspection. If you deploy to a large number of hosts and inspect all, you should consider if you have bandwidth enough to accommodate multiple 20GB downloads at the same time. Else let the scheduled inspection handle it, as it will ensure that it is distributed over your "Inspect and update window", which usually spans several hours. Downloading, unzipping and installing also took considerable time on the small VMs we used for testing and had a notable performance impact. It is also worth noting that Custom Software doesn't know which apps are being deployed/updated, so it can't check if any of them are running.
The EoL version of Foxit PhantomPDF can be upgraded using the Custom Software feature in VulnDetect - Corporate:
https://corporate.vulndetect.com/#/deployment/custom-create-job
To upgrade Foxit PhantomPDF do the following:
Optionally configure the installation using an MST:
And then click "Save".
The dialogue will now upload the files to the VulnDetect backend.
After saving the Job, you can now select to deploy it to groups or hosts (with the old PhantomPDF).
Remember to inspect the host or group, if you want the job to run right away, else it'll apply after the next scheduled inspection.
After the Job is "Completed" on a host, VulnDetect will automatically conduct a new inspection and update the results for each host:
https://corporate.vulndetect.com/#/deployment/activity
And you should be able to find the updated results on the hosts or applications page moments later.
Now we have passed two years with no updates, I think EoL is appropriate. If it changes, then we can alter the state.
Finally 3.0.17.4 has been officially released (some days ago).
@OLLI_S That is because there is two different 2.2.0, so we made it like that to ensure that they are distinct. But I altered the version a bit.
@OLLI_S I pushed that host to our "test" inspection processor (SCHME) and analysed the processing logs.
The issue was that there are multiple Teams.exe files, and in rare cases, a temporary file created by the Microsoft Teams updater, got elected as the parent. But another rule set, dictates that all these temporary files should be "discarded", thus this temporary file and all it's "children" vanished.
I've changed the logic of the bundling, so this temporary file always will be a child (if it exists). When the temporary file is discarded by the other rule set, then it won't affect the results that you and other users see.
This was a good "catch".
Thank you!
(this also means that it wasn't related to the user being inactive)
@OLLI_S I checked your account, there is one installation on a PC under your user.
I can't see any Teams installations on other PCs or for other users.
Can you send a PM with the host name?
Thinking about it, there might be a natural explanation for this, which I can't check in any easy way. In the latest agent versions, we look at active users, and we only show apps that are installed under \Users\<username>\ if the user has been active within the past 7 days.
So if the user you refer to hasn't used the PC for a long time, then the apps for that user will be hidden, even if the PC is online.
Once the user becomes active again, the results are included (and updated) on subsequent inspections.
@OLLI_S No probs 
And thanks for reporting it.
The systems will undergo maintenance during the coming weekend.
Amongst other things, we will be consolidating our use of cloud providers.
Some updates and changes to databases and data storage is also planned, as a precaution we will bring the systems offline, at least for one or more brief periods while conducting this work.
The maintenance will not affect the forum, only services on *.vulndetect.com are affected.
We will update this post or post new comments when there is new information.
@OLLI_S Already fixed
Made the lookup dynamic, so when Win12 or whatever comes out, it won't break again.
Thank you.
@GregAlexandre Yes, so I noticed, we will review it later today.
From what I can tell, a new version (3.0.17.2) is in the making, which fixes some bugs, but I can't see that critical bugs has been reported for 3.0.17, but nothing is very clear.