[Work in progress] Exclude specific drives/folders from scan
-
@OLLI_S No, command line arguments are NOT stored.
-
I found a little issue:
For testing I wanted to exclude my C drive and changed my batch file:"C:\Program Files (x86)\SecTeer VulnDetect\secteer.exe" --immediate --ignore="C:\"
But when I do a full system scan then the drive C:\ is not ignored!
When I start the scan then I see In the command line the following line:ignorePaths : D:\_Bakup_Profile_C-Laufwerk, C:"
The " at the end looks a bit strange.
So I removed the \ at the end of the line:"C:\Program Files (x86)\SecTeer VulnDetect\secteer.exe" --immediate --ignore="C:"
But when I do a full system scan then the drive C:\ is NOW ignored!
So you should accept in the command line both variants (with the \ at the end and without it).
-
@Tom Cool feature!
I set the topic as "[Work in progress]".@Tom said in Exclude specific drives/folders from scan:
You should also pay attention to the fact that it is merged with the registry entries.
Does this mean that the paths I enter at --ignore are stored in the registry?
-
Those running secteer.exe directly like this:
secteer.exe --immediate
May appreciate to know that this new feature also applies to the command line:
secteer.exe --immediate --ignore="c:\windows" --ignore="c:\Program Files" --ignore="c:\Program Files (x86)" --path="c:\scanthis" --path="c:\andthis"
Notice that --path and --ignore can be supplied multiple times.
You should also pay attention to the fact that it is merged with the registry entries.
-
The agent that we expect to release officially tomorrow (version 1.0.0.0) includes a hidden "feature".
You may download the new version from here:
https://test.vulndetect.com/dl/secteerSetup.exeYou can now ignore folders / drives by editing the registry.
First you need to import the below entries by storing it as a ".reg" file and import it (double click it).
.reg file:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\SecTeer\Agent] "inspectionPaths"=hex(7):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,20,00,28,00,78,00,38,00,36,00,29,00,00,00,00,00 "ignorePaths"=hex(7):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,64,00,6f,00,74,00,6e,00,65,00,74,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,00,00,00,00
After importing this you can open regedt32 or regedit and go to:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\SecTeer\AgentNow you can edit it in clear text.
-
@Ascendor I merged your topic with the existing topic, because it is the same suggestion.
Thank you for suggesting this! -
Hey,
I hold some backups on my system. These files are outdated and will stay outdated. Since I cannot explicitly select which folders to scan, those files will pollute my results list.
Please add a function to restrict folders to be scanned.Thanks!
-
You also should add a parameter in your secteer.exe that excludes files and folders.
For example the parameter --exclude. -
@tom said in Exclude specific drives/folders from scan:
So in short, the agent already supports this, but the feature has not been enabled yet.
Cool!
-
@olli_s This feature is planned and will be implemented once we go from Tech Preview to Beta. We are also aware that in particular German companies have to exclude the scanning of certain user folders due to privacy concerns. So in short, the agent already supports this, but the feature has not been enabled yet.