SecTeer VulnDetect Support Forum

    VulnDetect

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Download VulnDetect Installer
    1. Home
    2. Tom
    3. Posts
    T
    • Profile
    • Following 1
    • Followers 1
    • Topics 42
    • Posts 1080
    • Best 25
    • Controversial 0
    • Groups 2

    Posts made by Tom

    • RE: Error in server communication (280,226) : (0x00002ee2) => The operation timed out

      @lammertsm

      I'm happy you found a solution.

      And thank you very much for the detailed explanation, I'm certain other customers can benefit from this.

      posted in Bugs and issues
      T
      Tom
    • RE: Error in server communication (280,226) : (0x00002ee2) => The operation timed out

      @lammertsm

      Hi,

      It appears that we have some outdated documentation, it will be fixed within a day or two. The OCSP / CRT hosts should be:

      • r3.o.lencr.org
      • r3.i.lencr.org

      However, this is most likely not the cause of the issue that you have.

      I can see that the host got registered with the system. This means that the installer managed to contact the backend and get the authToken, that you see in the logfile.

      Since the installer is invoked interactively by the logged in user, it uses the same network / proxy settings as the user that is logged in, when it invokes the Agent to register for a authToken.

      While the Agent runs as the SYSTEM user, after it is installed.

      In some environments, there is restrictions on what the SYSTEM user can do on the network and whether it has access to a proxy.

      I suspect that is what you are seeing here.

      Since I don't know anything about your system configuration, it is hard to advise on the proper cause of action to allow the Agent network access.

      posted in Bugs and issues
      T
      Tom
    • RE: [RELEASE] SecTeer VulnDetect Agent v2.4.2.0 & 3.0.1.0 - 2022-12-19

      VulnDetect Agent 3.0.1.0 is available. We would appreciate if you test and use this on selected systems.

      Please report any and all issues you find with this latest Agent. It is a prerequisite for upcoming features, however, it is expected to be superseded soon, as more functionality will be added.

      posted in Announcements
      T
      Tom
    • [VulnDetect][Custom Software] Microsoft 365 / Office - Updating

      Updating your Microsoft 365 installations using Custom Software is very easy.

      We have made the below simple sample code, which will update it in a safe manner.

      You may want to alter this:
      /update user displaylevel=false forceappshutdown=false

      The displaylevel can be set to true, then the user will see a popup.

      And you would be able to close the apps by changing forceappshutdown to true. Our tests shows that this is safe, as it doesn't close the apps, if people have unsaved documents open. However, please test this on a few hosts, before doing this across the entire company network.

      $path64 = "C:\Program Files\Common Files\microsoft shared\ClickToRun"
      $path32 = "C:\Program Files (x86)\Common Files\microsoft shared\ClickToRun"
      $file = "OfficeC2RClient.exe"
      $arguments = "/update user displaylevel=false forceappshutdown=false"
      function updateOffice ($clicktorun, $arguments) {
          Start-Process -PassThru -FilePath $clicktorun -ArgumentList $arguments
      }
      if (Test-Path -LiteralPath "$path32\$file" -PathType Leaf -ErrorAction SilentlyContinue) {
          updateOffice -clicktorun $path32\$file -arguments $arguments
      }
      elseif (Test-Path -LiteralPath "$path64\$file" -PathType Leaf -ErrorAction SilentlyContinue) {
          updateOffice -clicktorun $path64\$file -arguments $arguments
      }
      else {
          Write-Host "Error: $file not found in default locations, aborting."
      }
      

      Remember to select All files:
      All files.png

      MS 365 Update.png

      posted in [Corporate] Deployment -> Custom Software
      T
      Tom
    • RE: Toolbox for VulnDetect

      @OLLI_S Lots of good ideas.
      The first one, that about excluding drives or folders, is getting a lot closer. I don't have a date yet, but we will soon make the final decision about how it should be implemented in the backend and then it shouldn't be long before there will be a UI component for it too.

      posted in Detection Issues
      T
      Tom
    • RE: Office 2013

      @GregAlexandre Noted. Thank you.
      Btw. depending on your installation, you will be notified via the Windows Update details in VulnDetect about missing updates for old Office versions.

      posted in App Requests
      T
      Tom
    • RE: Cobian Reflector

      Thank you, product added

      posted in App Requests
      T
      Tom
    • RE: Toolbox for VulnDetect

      @GregAlexandre Interesting.

      Luckily, I discussed this with a developer earlier today, and it seems that we can keep the --immediate though technically it will work quite differently.

      Instead of running an inspection, it will signal the service and ask it to run the inspection.

      Only caveat is that it most likely will require Admin privileges to send this signal.

      And then the process will exit immediately, while the service runs in the background.

      The other options will still vanish because they will be incompatible with the new changes.

      posted in Detection Issues
      T
      Tom
    • RE: Toolbox for VulnDetect

      @OLLI_S Just wanted to officially inform about some upcoming and breaking changes to the agent.

      Well, breaking for the Toolbox, but not for anything else, as far as we can tell.

      With the upcoming major release of the agent, it will no longer be possible to run the --immediate in the same as way as before.

      The reason is simple: It doesn't make sense, because the inspection data returned by the agent are wrong, because the agent runs in the wrong context.

      Instead, the --immediate will be changed to send a request for a new inspection task to the backend. Within 1 minute, the agent (the service) should pick up the task and inspect.

      This also means that the following options will be removed from the agent:

      --no-filesystem
      --no-registry
      --no-system
      --no-msi
      --no-winupdate
      --ignore
      --path
      

      The "ignore" and "path" can still be controlled via the registry:
      https://vulndetect.org/topic/2388/

      I don't know how many users use the Toolbox, we use it, because it is a nice way to extract data for new detections, which in turn is posted to some internal sub-categories for documentation purposes.

      But the functionality to inspect is not used by anyone at SecTeer.

      posted in Detection Issues
      T
      Tom
    • RE: Azure SSO

      @jak552 We discussed this a few days ago, it sounds like this is viable to implement in a soon to come UI update.
      With some luck before the end of the year.

      posted in Feature and Functionality Requests
      T
      Tom
    • RE: [Solved] No Photofoltre Icon

      @OLLI_S Yes

      posted in Solved Detection Issues
      T
      Tom
    • RE: [Added] One Commander (Portable) - App-Request

      Thank you, it has now been added and is public.

      posted in Added App Requests
      T
      Tom
    • RE: [Solved] No Photofoltre Icon

      @GregAlexandre Thank you. Icon added, and "testing" flag has been removed from the app - which btw. is surprisingly popular.

      posted in Solved Detection Issues
      T
      Tom
    • RE: [RELEASE] SecTeer VulnDetect Agent v2.4.2.0 & 3.0.1.0 - 2022-12-19

      2.4.2.0 is the latest and Recommended SecTeer VulnDetect Agent release:

      v2.4.2.0 2022-10-16

      • Fix issue with uninstalling agent.
      • Update zlib dependency to latest versions.
      • Update license file.

      (this reply was made to ensure that this thread is at the top)

      posted in Announcements
      T
      Tom
    • RE: [Solved] No Photofoltre Icon

      @GregAlexandre Did you have issues uploading the icon?
      If so, then please email it to me, I believe you have my email addresses already.

      posted in Solved Detection Issues
      T
      Tom
    • RE: Azure SSO

      @jak552 Thank you for the suggestions about SSO and MFA.

      The SSO is sort of on the roadmap, as part of our next larger development tasks.

      We will take the association between groups and sites into consideration, though my impression is that most of our current customers have multiple AD groups per site.

      It sounds like we need to consider how we can be flexible, so one AD could be one site in some cases, and another AD could span multiple sites in other cases.

      Thanks.

      posted in Feature and Functionality Requests
      T
      Tom
    • VirtualBox Guest Additions - Install, Upgrade

      You can install and upgrade VirtualBox Guest Additions on your VirtualBox VM's.

      Download the ISO image (VBox GuestAdditions):
      https://www.oracle.com/virtualization/technologies/vm/downloads/virtualbox-downloads.html

      Note: the link on the above page is not always updated timely, however, you can substitute the version in the link to get the latest iso file:
      https://download.virtualbox.org/virtualbox/6.1.38/VBoxGuestAdditions_6.1.38.iso

      Windows 10/11 will allow you do open the .iso file after displaying a warning, you can now copy the (signed) file called VBoxWindowsAdditions-amd64.exe (or VBoxWindowsAdditions-x86.exe if you have any 32bit guests) to another folder.

      The installation is made silent by /S.

      VirtualBox Guest Additions.PNG

      posted in [Corporate] Deployment -> Custom Software
      T
      Tom
    • Microsoft SQL Server Management Studio - Install

      Installation of Microsoft SQL Server Management Studio is possible using the Custom Software feature.

      You can find it here, we used 18.12.1 for our tests:
      https://learn.microsoft.com/en-us/sql/ssms/download-sql-server-management-studio-ssms?view=sql-server-ver16

      You need to use the /install /quiet or perhaps /install /quiet /norestart arguments:

      SQL Server Manager Studio Install.PNG

      posted in [Corporate] Deployment -> Custom Software
      T
      Tom
    • OBS Studio - Install

      It is possible to install OBS Studio using the Custom Software feature.

      Download the "Full Installer" from:
      https://obsproject.com/download

      We tested with version 28.0.2.

      The silent install parameter is /S, remember capital S.

      OBS Studio installation.PNG

      posted in [Corporate] Deployment -> Custom Software
      T
      Tom