This has been a great week. We have achieved a lot in terms of development, testing and generating content / rules.

And we expect to release the first Tech Preview on Tuesday (8th of May).

This is, as I have promised before, a very early stage of the product.

You will be able to install it.

It will scan your system and find around 20 of the most common programs on your Windows desktop.

You should note, that there is no direct communication between the user interface and the agent. This is very unlike the PSI, which was a local program, that talked directly to the agent and could do "live" scans. This will be changed, but it is a low priority and will not be made before later this year.

Also, patching, or auto updating, is not due to be implemented before around August, give or take a bit.

In the first two or three weeks (maybe more), you should not rely on it to provide a reliable reporting of Safe / Unsafe programs.

But we need you to install it anyway, so we get data to generate new rules from. And we will work to improve rules and reporting everyday, from now on.

And remember, we do read all the posts and comments here on https://vulndetect.org - but we are not anywhere near being able to implement all the great ideas and feedback you have provided, yet. (but keep posting)

We are looking for various sources of information about vulns and new security related patches.

We will naturally monitor all relevant vendor websites, but as we all know, the vendors aren't always open and upfront when they fix security related issues, so we need a number of other sources.

And for too long the NVD and CVE has not been up-to-speed, nor do they cover everything.

We are aware of the following open databases:
https://sec.hpi.de/vulndb/
https://vuldb.com/
https://www.securityfocus.com/bid/
https://www.kb.cert.org/vuls/
https://jvn.jp/en/jp/index.html
https://www.exploit-db.com/
http://seclists.org/fulldisclosure/

Please comment on this topic, with links to other sources you may find relevant.

Some users have reported an issue when installing on some (all?) Windows 7 systems. We have identified the cause of this and will soon be releasing a new installer / binary that fixes the issue.

Also, we have some improvements for the UI and the emails in the pipeline.

@olli_s Interesting, thank you
We have updated the product to take beta versions into account.

@gregalexandre Ouch...
Thank you for pointing this out again.
Guess I have to make the instructions for this product more clear

@olli_s But OLLI....

Did you not notice the Internal?

This detection was not yet released to all users

But thank you, I reviewed the product now and corrected it.

The detection is no longer Internal.

@olli_s Thank you, icon added

@gregalexandre Is this from your primary machine? (I checked your result in the backend).

On, what I presume is, your primary machine, it is displayed correctly.

And from all I can tell, that particular release of Office has been displayed correctly since 2nd March (it was released on 1st March).

If this is not from your primary machine, then please send me the username for the other machine in a chat message and I will review the result manually.

We will review and add these requests.

Generally speaking, we will prioritize the efforts based on the number of installations.

Currently, we can only support software which have installers that support silent install parameters, which preserve user settings, and which allows system wide installation.

This means that software which only supports "per user" installations or where the vendor intentionally prevented the installer from doing updates, such as Microsoft Teams, isn't supported.

Earlier today the installer for 3.0.12 was released, and short time ago the security page was updated. However, the actual VideoLAN advisory, is still 404.

Anyway, the rule is updated and a package is available, and the first users and customers has applied the updated version.

Again, thank you for reporting this.

@GregAlexandre Thank you.

It appears that they do have a fix in the pipeline:
https://code.videolan.org/videolan/vlc-3.0/-/commit/ec1f55ee9ace5cc675395a1bc9700d99679e7e8c

For some reason they haven't released 3.0.12 yet.

We have flagged 3.0.11 as Insecure and will closely monitor the release of 3.0.12.

@OLLI_S Since IE is maintained as component of Windows, it isn't regarded as a separate product.

It's state (if anyone still uses it) is reported via the Windows Updates under the Windows operating system in VulnDetect.

@OLLI_S The files you see under "Microsoft\Windows\Containers" belong to one of your virtual machines or containers, thus they shouldn't be bundled with any application on the host machine.
However, we have made a special rule which will hide files from containers or VMs.
I took the liberty of reprocessing your results, so you should see the changes right away.