SecTeer VulnDetect Support Forum

    VulnDetect

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Download VulnDetect Installer
    1. Home
    2. Tom
    3. Posts
    T
    • Profile
    • Following 1
    • Followers 1
    • Topics 29
    • Posts 1023
    • Best 23
    • Controversial 0
    • Groups 2

    Posts made by Tom

    • Custom Software

      The purpose of this category is to demonstrate and document how to use the Custom Software feature in VulnDetect.

      This feature is still under development, and some of the examples are considered experimental.

      Please write comments to the individual posts or write to support. Support will then update the posts as applicable.

      posted in [Corporate] Deployment -> Custom Software
      T
      Tom
    • RE: [Added] Sandboxie-Plus - App-Request

      @OLLI_S I can see that it is detected, and I can see that Sandboxie is approx 33% more popular than the "Plus".
      So it is fine.

      posted in Added App Requests
      T
      Tom
    • RE: Colour Contrast Analyser (CCA) - App-Request

      @OLLI_S I believe this has been detected for a few months.

      posted in App Requests
      T
      Tom
    • RE: [Added] Sandboxie-Plus - App-Request

      @OLLI_S I believe this has been detected for a while, probably based on this posting.

      posted in Added App Requests
      T
      Tom
    • RE: [Added] Q-Dir - App-Request

      @OLLI_S Detection added, the version will be displayed correctly on Monday, after a curator has added the rules.

      posted in Added App Requests
      T
      Tom
    • [VulnDetect][Custom Software] Install / Upgrade Adobe Creative Cloud

      With the new Deployment -> Custom Software feature it is now possible to deploy and update Adobe Creative Cloud applications.

      Note: Support for this is considered experimental at this point, so your mileage may vary.

      Go to:
      https://adminconsole.adobe.com/
      Click Packages in the top menu.

      AdobeAdminConsolePackages.PNG

      On this page you can update an existing package or create a new.

      AdobeCreateUpdatePackage-Name.PNG

      Please prefix the package name with "Adobe". Currently the package script assumes that all ZIP archives are structured like the Adobe CC ZIP, but this may change in the future and it might base the "detection" of the source of the ZIP archive on the filename e.g. adobe*.zip.

      AdobeAdminConsoleUpdatePackage.PNG

      Change the above as required.

      After downloading the new or updated package you can upload it to VulnDetect.

      Adobe-AllApps-Uploading.PNG

      You should give the Custom Deployment a meaningful Name, so it is easy to identify the hosts or groups it should be applied to, but also so it is easy to find the deployment and replace the correct ZIP file next time there is an update.

      Note: If you apply the wrong package, it will install "missing" apps and it won't update the apps you intended to update. Choosing the right package for the right host is very important.

      For Adobe CC ZIP archives the Installer Arguments must be: --silent

      Uploading the 19GB ZIP took 57 minutes on my coax connection (approx. 500Mbps upstream).

      Note that there may be issues with uploading very large files (>5GB) on "slow" connections. I experienced some issues on the 500Mbps asymmetric coax connection, whereas there were no issues on a 1/1Gbps full duplex / symmetric connection.

      We've changed the limit for uploads, so you now can upload files up to 32GB.

      After uploading the file, you need to select the groups or hosts to which you wish to deploy the package / updates.

      Note that the package will apply a few minutes after any inspection. If you deploy to a large number of hosts and inspect all, you should consider if you have bandwidth enough to accommodate multiple 20GB downloads at the same time. Else let the scheduled inspection handle it, as it will ensure that it is distributed over your "Inspect and update window", which usually spans several hours. Downloading, unzipping and installing also took considerable time on the small VMs we used for testing and had a notable performance impact. It is also worth noting that Custom Software doesn't know which apps are being deployed/updated, so it can't check if any of them are running.

      posted in [Corporate] Deployment -> Custom Software
      T
      Tom
    • [VulnDetect][Custom Software] Upgrading Foxit PhantomPDF to Foxit PDF Editor

      The EoL version of Foxit PhantomPDF can be upgraded using the Custom Software feature in VulnDetect - Corporate:
      https://corporate.vulndetect.com/#/deployment/custom-create-job

      To upgrade Foxit PhantomPDF do the following:

      • Click Create New Custom Deployment Configuration
      • Enter a title e.g. "Foxit PDF Editor upgrade of PhantomPDF"
      • Select the MSI installer: FoxitPDFEditor1122_L10N_Setup.msi
      • Enter Installer Arguments: /qn

      Foxit Phantom2PDFEditor.PNG

      Optionally configure the installation using an MST:

      • Enter Installer Arguments: /qn TRANSFORMS="mycustom.mst"
      • Select "+Add file"
      • Select the MST file: mycustom.mst

      Foxit Phantom2PDFEditor-MST.PNG

      And then click "Save".

      The dialogue will now upload the files to the VulnDetect backend.

      After saving the Job, you can now select to deploy it to groups or hosts (with the old PhantomPDF).

      Remember to inspect the host or group, if you want the job to run right away, else it'll apply after the next scheduled inspection.

      After the Job is "Completed" on a host, VulnDetect will automatically conduct a new inspection and update the results for each host:
      https://corporate.vulndetect.com/#/deployment/activity

      And you should be able to find the updated results on the hosts or applications page moments later.

      posted in [Corporate] Deployment -> Custom Software
      T
      Tom
    • RE: [Added] SignalRgb - App-Request

      @OLLI_S Product added

      posted in Added App Requests
      T
      Tom
    • RE: [Solved] Xinorbis - Is it really EOL?

      Now we have passed two years with no updates, I think EoL is appropriate. If it changes, then we can alter the state.

      posted in Solved Detection Issues
      T
      Tom
    • RE: [Solved] Videolan VLC 3.0.16 or 3.0.17

      Finally 3.0.17.4 has been officially released (some days ago).

      posted in Solved Detection Issues
      T
      Tom
    • RE: [Solved] Lazarus IDE - Alter Version Number

      @OLLI_S That is because there is two different 2.2.0, so we made it like that to ensure that they are distinct. But I altered the version a bit.

      posted in Solved Detection Issues
      T
      Tom
    • RE: [Solved] Recuva - No longer detected (Bug)

      @OLLI_S Thank you, fixed

      posted in Solved Detection Issues
      T
      Tom
    • RE: [Solved] 1Password for Windows - No longer detected (Bug)

      @OLLI_S Thank you, fixed

      posted in Solved Detection Issues
      T
      Tom
    • RE: [Solved] Microsoft Teams - No longer detected (Bug)

      @OLLI_S I pushed that host to our "test" inspection processor (SCHME) and analysed the processing logs.

      The issue was that there are multiple Teams.exe files, and in rare cases, a temporary file created by the Microsoft Teams updater, got elected as the parent. But another rule set, dictates that all these temporary files should be "discarded", thus this temporary file and all it's "children" vanished.

      I've changed the logic of the bundling, so this temporary file always will be a child (if it exists). When the temporary file is discarded by the other rule set, then it won't affect the results that you and other users see.

      This was a good "catch".

      Thank you!

      (this also means that it wasn't related to the user being inactive)

      posted in Solved Detection Issues
      T
      Tom
    • RE: [Solved] Microsoft Teams - No longer detected (Bug)

      @OLLI_S I checked your account, there is one installation on a PC under your user.

      I can't see any Teams installations on other PCs or for other users.

      Can you send a PM with the host name?

      Thinking about it, there might be a natural explanation for this, which I can't check in any easy way. In the latest agent versions, we look at active users, and we only show apps that are installed under \Users\<username>\ if the user has been active within the past 7 days.

      So if the user you refer to hasn't used the PC for a long time, then the apps for that user will be hidden, even if the PC is online.

      Once the user becomes active again, the results are included (and updated) on subsequent inspections.

      posted in Solved Detection Issues
      T
      Tom
    • RE: [Solved] Signal - No longer detected (Bug)

      @OLLI_S No probs 😉 And thanks for reporting it.

      posted in Solved Detection Issues
      T
      Tom
    • Planned Maintenance - 1st to 3rd April 2022

      The systems will undergo maintenance during the coming weekend.

      Amongst other things, we will be consolidating our use of cloud providers.

      Some updates and changes to databases and data storage is also planned, as a precaution we will bring the systems offline, at least for one or more brief periods while conducting this work.

      The maintenance will not affect the forum, only services on *.vulndetect.com are affected.

      We will update this post or post new comments when there is new information.

      posted in Announcements
      T
      Tom
    • RE: [Solved] IrfanView - No longer detected (Bug)

      @OLLI_S Already fixed 😉
      Made the lookup dynamic, so when Win12 or whatever comes out, it won't break again.
      Thank you.

      posted in Solved Detection Issues
      T
      Tom
    • RE: [Solved] Videolan VLC 3.0.16 or 3.0.17

      @GregAlexandre Yes, so I noticed, we will review it later today.

      posted in Solved Detection Issues
      T
      Tom
    • RE: [Solved] Videolan VLC 3.0.16 or 3.0.17

      From what I can tell, a new version (3.0.17.2) is in the making, which fixes some bugs, but I can't see that critical bugs has been reported for 3.0.17, but nothing is very clear.

      posted in Solved Detection Issues
      T
      Tom