Posts made by Tom

Thank you, added.

Thank you for reporting that, I shall report that to the developer.

However, if you enable "Allow VulnDetect to update applications", then you can use the "Update" button" in the applications list.

You can also download the latest agent here:
https://vulndetect.com/dl/secteerSetup.exe

Hi,
Our Office rules does need a bit of a brush up, but they are up-to-date for Office 365 / the subscription licensed releases. We do not currently maintain rules for the perpetually licensed Microsoft Office (the one updated via Windows Update / Microsoft Update).

In short, Office ClickToRun is the new "modern" way of updating Office. ClickToRun is always part of the Office 365 subscription service.

However, ClickToRun is also used in the perpetually licensed Office 2019, and there also is some perpetually licensed Office 2016 releases and even some Office 2013 and Office 2010 installations. Though most perpetually licensed Office 2016 / 2013 / 2010 still use the "old" Windows / Microsoft Update mechanism.

There is also a third version of Office, you appear to have one of those files, your Excel in the WindowsApps folder. This is updated and maintained via the Microsoft Store. We do not currently support apps from Microsoft Store (though there is a few exceptions).

Usually Office 365 / ClickToRun will update itself. However, this can take a prolonged time if you have Outlook or other apps open. To speed up the update process, you can go to "File -> Office Account -> Office Updates".

I can see that you are in the "Monthly Channel" so the recommended version for you is currently Version 1904 Build 11601.20204 (just as stated by VulnDetect). You should be aware that there can be multiple updates for Office during a month, in April there was 6 independent updates, in May there has only been 2 so far. Usually only 1 of these are security related. The latest one is a security update.

I would consider uninstalling the Excel from WindowsApps, since you already have a fully licensed Office 365 installation.

/Tom

Hi,

Sorry about the delayed release, but a new version of the agent has been released today. Please do let me know if this fixes the issue.

https://vulndetect.org/topic/411/release-secteer-vulndetect-agent-v1-0-2-0

/Tom

The version is the same story as usual about the vendor using a different way of displaying it on the website:
https://www.cpuid.com/softwares/cpu-z.html#version-history

I've updated the bundling, so 64bit now bundles 32bit.

Thank you again for reporting this.

After thorough investigation we found that this is not due to your inspections reaching our size limits, but rather the fact that the data submission time exceeds the default timeout in the Windows WinHTTP API, this subsequently leads to our back-end timing out, because the agent / WinHTTP stopped sending data.

We will be releasing a new version of the agent, which will set a higher timeout value, which we believe will be adequate for all reasonable scenarios.

I will post again, once we release the new agent.

We have increased a size limit today on inspection results. Please try again and report if this has fixed it.

Hi,
Thanks for reporting this. We've just tried increasing the memory limit on the service that receives the data.

In the log you'll see an auth token:

authToken : 906097e1-4aed-4025-a651-xxxxxxxxxxxx

Could you send me that via the chat function here on the forum? That will make it easier to troubleshoot on our end.

Thank you
Tom

We tested all stable releases since 9.0a and they are all detected and displayed correctly.

@GregAlexandre This has now been split into different channels, so we will add new channels as they make new annual releases.

@OLLI_S This looks promising, but so far you are the only one with this version (and the new way of writing version numbers). So I will wait a bit with making proper support for GeForce Now, since we are also developing another improvement of the agent which may help with this.

@Anselm
That is true.
However, it is still the responsibility of the parent program to report this and fix it. You are likely to break many programs if you just replace the DLL.
We will keep an eye out for this and add detection for DLLs when we become aware of programs that bundle vulnerable versions and "provide" a vector to exploit it (very often Java and AIR vulnerabilities can't be exploited, because there is no feasible vector, the same is the case for many DLLs).

@OLLI_S No it is fine, I think there is other users of the product

@Anselm Currently, we will limit it to the products that we already detect.

The detection of libraries / DLLs is not within our current scope. Though we may create a few exceptions, when there is major issues like with "unacev2.dll".

The UI has been updated two days ago, to support bundled applications. This means that most bundled applications can be viewed in the UI.

Any feedback on bundling is welcome.

When you see detections of e.g. 7-Zip, curl, Java and so on, that are actually part of other programs, please post it, send it via email or in the chat and we will create both the parent product and create the bundling specification that relates the two pieces of software.

Updated icon

Created separate channel for beta releases

Thank you, added

Thank you, added

@Anselm Thank you, added