SecTeer VulnDetect Support Forum

    VulnDetect

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Download VulnDetect Installer

    Detected Applications - There is no data to display.

    Bugs and issues
    2
    21
    7846
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      Tom VulnDetect Team Member last edited by

      For some reason there is an issue in that folder, that cause the structure to recurse / loop endlessly.

      We are looking at approaches to avoid following such loops (in a generic way, rather than excluding that specific folder). Due to the holidays a solution is not right around the corner, but it is on the high priority list and we will address it soon.

      /Tom
      Download the latest SecTeer VulnDetect agent here:
      https://vulndetect.com/dl/secteerSetup.exe

      K 1 Reply Last reply Reply Quote 0
      • K
        KI108 @KI108 last edited by

        For the time being I ran Secteer immediate for path C:\Program files and again with C:\Program Files (x86) to see if any software was not latest and I found two.
        After Secunia PSI went away, I have been using PatchMyPC, SUMO, Heimdal Pro to see what needs updating. Unlike Secunia which used to show almost everything, these 3 give bits and pieces and that is why I was looking for a better option.
        Thanks for looking into this.
        Like Secteer excludes scanning Recycle Bin, similarly this directory structure of Containers needs to be excluded also.
        C:\ProgramData\Microsoft\Windows
        and
        C:\Users\All Users\Microsoft\Windows
        That's my thought.
        @Tom Once again appreciate your time and patience in resolving these issues.

        1 Reply Last reply Reply Quote 0
        • K
          KI108 @KI108 last edited by

          C:\ProgramData\Microsoft\Windows\Containers

          Directory of C:\ProgramData\Microsoft\Windows\Containers

          10/02/2018 11:00 PM <DIR> .
          10/02/2018 11:00 PM <DIR> ..
          12/21/2018 06:47 PM <DIR> BaseImages
          12/22/2018 11:54 AM <DIR> Dumps
          12/21/2018 08:20 PM <DIR> Sandboxes
          12/21/2018 08:20 PM <DIR> Zygotes
          0 File(s) 0 bytes
          6 Dir(s) 230,609,969,152 bytes free

          Directory of C:\ProgramData\Microsoft\Windows\Containers\BaseImages

          12/21/2018 06:47 PM <DIR> .
          12/21/2018 06:47 PM <DIR> ..
          12/21/2018 06:47 PM <DIR> 81d3cadc-05e5-4680-9e82-e479c73896b6
          0 File(s) 0 bytes

          Directory of C:\ProgramData\Microsoft\Windows\Containers\BaseImages\81d3cadc-05e5-4680-9e82-e479c73896b6

          12/21/2018 06:47 PM <DIR> .
          12/21/2018 06:47 PM <DIR> ..
          12/21/2018 06:46 PM <DIR> Files
          12/21/2018 06:47 PM <DIR> Snapshot
          12/21/2018 06:46 PM 4,194,304 SystemTemplate.vhdx
          12/21/2018 06:46 PM 75,497,472 SystemTemplateBase.vhdx
          2 File(s) 79,691,776 bytes
          4 Dir(s) 230,609,874,944 bytes free

          File folder

          C:\ProgramData\Microsoft\Windows

          3.23 GB (3,469,314,133 bytes)

          10,497 Files, 1,134 Folders

          Read-only (Only applies to files in folder)

          These were Containers Properties under C:\ProgramData\Microsoft\Windows

          K 1 Reply Last reply Reply Quote 0
          • K
            KI108 @KI108 last edited by

            Basically it starts of with 34% memory and slowly increased around 80%, before it quit with bad allocation. The Secteer itself starts of around 2 MB or so and slowly went past 2000 MB or so.

            Mostly it was c:\ProgramData\Microsoft\Windows... or \Users\All Users\Microsoft\Windows\Containers\BaseImages\e5ee5788-c3b5-420c-9baa-16c0eee19a9e\ which was doing recursively inside up to 23 times in one path like below

            [2018-12-21 18:10:58.180-0360] Error (a) enumerating directory 'c:\Users\All Users\Microsoft\Windows\Containers\BaseImages\e5ee5788-c3b5-420c-9baa-16c0eee19a9e\Files
            \Users\All Users\Microsoft\Windows\Containers\BaseImages\e5ee5788-c3b5-420c-9baa-16c0eee19a9e\Files
            \Users\All Users\Microsoft\Windows\Containers\BaseImages\e5ee5788-c3b5-420c-9baa-16c0eee19a9e\Files
            \Users\All Users\Microsoft\Windows\Containers\BaseImages\e5ee5788-c3b5-420c-9baa-16c0eee19a9e\Files
            \Users\All Users\Microsoft\Windows\Containers\BaseImages\e5ee5788-c3b5-420c-9baa-16c0eee19a9e\Files
            \Users\All Users\Microsoft\Windows\Containers\BaseImages\e5ee5788-c3b5-420c-9baa-16c0eee19a9e\Files
            \Users\All Users\Microsoft\Windows\Containers\BaseImages\e5ee5788-c3b5-420c-9baa-16c0eee19a9e\Files
            \Users\All Users\Microsoft\Windows\Containers\BaseImages\e5ee5788-c3b5-420c-9baa-16c0eee19a9e\Files
            \Users\All Users\Microsoft\Windows\Containers\BaseImages\e5ee5788-c3b5-420c-9baa-16c0eee19a9e\Files

            \Users\All Users\Microsoft\Windows\Containers\BaseImages\e5ee5788-c3b5-420c-9baa-16c0eee19a9e\Files
            \Users\All Users\Microsoft\Windows\Containers\BaseImages\e5ee5788-c3b5-420c-9baa-16c0eee19a9e\Files
            \Users\All Users\Microsoft\Windows\Containers\BaseImages\e5ee5788-c3b5-420c-9baa-16c0eee19a9e\Files
            \Users\All Users\Microsoft\Windows\Containers\BaseImages\e5ee5788-c3b5-420c-9baa-16c0eee19a9e\Files
            \Users\All Users\Microsoft\Windows\Containers\BaseImages\e5ee5788-c3b5-420c-9baa-16c0eee19a9e\Files
            \Users\All Users\Microsoft\Windows\Containers\BaseImages\e5ee5788-c3b5-420c-9baa-16c0eee19a9e\Files
            \Users\All Users\Microsoft\Windows\Containers\BaseImages\e5ee5788-c3b5-420c-9baa-16c0eee19a9e\Files
            \Users\All Users\Microsoft\Windows\Containers\BaseImages\e5ee5788-c3b5-420c-9baa-16c0eee19a9e\Files
            \Users\All Users\Microsoft\Windows\Containers\BaseImages\e5ee5788-c3b5-420c-9baa-16c0eee19a9e\Files
            \Users\All Users\Microsoft\Windows\Containers\BaseImages\e5ee5788-c3b5-420c-9baa-16c0eee19a9e\Files

            \Users\All Users\Microsoft\Windows\Containers\BaseImages\e5ee5788-c3b5-420c-9baa-16c0eee19a9e\Files
            \Users\All Users\Microsoft\Windows\Containers\BaseImages\e5ee5788-c3b5-420c-9baa-16c0eee19a9e\Files
            \Users\All Users\Microsoft\Windows\Containers\BaseImages\e5ee5788-c3b5-420c-9baa-16c0eee19a9e\Files
            \Users\All Users\Microsoft\Windows\Containers\BaseImages\e5ee5788-c3b5-420c-9baa-16c0eee19a9e\Files
            \Users\WDAGUtilityAccount\AppData\Local\Application Data' : 0x00000005 => Access is denied.

            K 1 Reply Last reply Reply Quote 0
            • K
              KI108 @Tom last edited by

              @Tom
              As mentioned in chat
              Running immediate
              with "C:" gave

              [2018-12-21 18:05:10.392-0360] Enumerating 'c:'
              [2018-12-21 18:05:10.419-0360] Recycle Bin: c:$Recycle.Bin
              [2018-12-21 18:05:10.421-0360] Skipping 'c:$Recycle.Bin', since it is a Recycle Bin
              [2018-12-21 18:05:10.442-0360] Error (a) enumerating directory 'c:\Documents and Settings' : 0x00000005 => Access is denied.
              [2018-12-21 18:05:21.171-0360] Error (a) enumerating directory 'c:\ProgramData\Application Data' : 0x00000005 => Access is denied.
              [2018-12-21 18:05:21.173-0360] Error (a) enumerating directory 'c:\ProgramData\Desktop' : 0x00000005 => Access is denied.
              [2018-12-21 18:05:21.174-0360] Error (a) enumerating directory 'c:\ProgramData\Documents' : 0x00000005 => Access is denied.
              [2018-12-21 18:05:21.768-0360] Error (a) enumerating directory 'c:\ProgramData\Microsoft\Diagnosis\FeedbackHub' : 0x00000005 => Access is denied.
              Error (a) enumerating directory 'c:\ProgramData\Microsoft\Diagnosis\TenantStorage\P-ARIA' : 0x00000005 => Access is denied.
              [2018-12-21 18:05:21.769-0360] Error (a) enumerating directory 'c:\ProgramData\Microsoft\Diagnosis\TimeTravelDebuggingStorage' : 0x00000005 => Access is denied.
              [2018-12-21 18:05:21.968-0360] Error (a) enumerating directory 'c:\ProgramData\Microsoft\Windows\Containers\BaseImages\e5ee5788-c3b5-420c-9baa-16c0eee19a9e\Files\Documents and Settings' : 0x00000005 => Access is denied.
              [2018-12-21 18:05:22.381-0360] Error (a) enumerating directory 'c:\ProgramData\Microsoft\Windows\Containers\BaseImages\e5ee5788-c3b5-420c-9baa-16c0eee19a9e\Files\ProgramData\Application Data' : 0x00000005 => Access is denied.
              [2018-12-21 18:05:22.381-0360]

              K 1 Reply Last reply Reply Quote 0
              • T
                Tom VulnDetect Team Member last edited by

                Just for the record, this answer was sent in the private chat to @KI108 :

                The "Error => bad allocation" you see in the log, that is due to the agent not being able to allocate memory.

                This puzzles us as it doesn't use more than 40MB on any of our test boxes, we have really done a lot to limit the memory footprint.

                But, this lead us to look at another thing, it is spending around 10 minutes enumerating your filesystem, this usually takes less than a minute, depending on type of drive, system load and number of apps and AV products. Regardless, 10 minutes seems to be a very long time compared to what we normally see.

                We suspect there may be a "looping path issue" or multiple symlinks to directories with a lot of files. But this is guess work.

                I would appreciate is you could do two things:

                • Monitor the RAM usage in task manager while running the "secteer.exe --immediate"

                • Run

                secteer.exe --immediate --path="c:\program files"
                

                or

                secteer.exe --immediate --path="c:\program files\mozilla firefox"
                

                or something else specifc

                /Tom
                Download the latest SecTeer VulnDetect agent here:
                https://vulndetect.com/dl/secteerSetup.exe

                K 1 Reply Last reply Reply Quote 0
                • K
                  KI108 @Tom last edited by

                  @Tom
                  Sent. Thanks for looking into my issue. I appreciate your time and patience to try and resolve it.

                  1 Reply Last reply Reply Quote 0
                  • T
                    Tom VulnDetect Team Member @KI108 last edited by

                    @KI108 Could you send me your hostname in the chat, then I will go see what we get in the server logs

                    /Tom
                    Download the latest SecTeer VulnDetect agent here:
                    https://vulndetect.com/dl/secteerSetup.exe

                    K 1 Reply Last reply Reply Quote 0
                    • K
                      KI108 @Tom last edited by

                      @Tom
                      Yes there is authToken in there. I had removed it for posting to the website. But in configuration it just lists

                      Last Agent IP Address
                      I removed it here

                      Last CheckIn
                      a minute ago

                      Last Inspection
                      2 days ago

                      Next CheckIn
                      in an hour

                      Next Inspection
                      in a day

                      Host name
                      I removed it here

                      Days of week to run inspections
                      Monday
                      Tuesday
                      Wednesday
                      Thursday
                      Friday
                      Saturday
                      Sunday
                      Hour of day to run inspections
                      : 15:45 --> I have changed it multiple times and tried
                      Inspections will run at this time each selected day.

                      I have changed the Hour of day to run the inspections multiple times to the nearest increment , Installed secteersetup.exe multiple times etc. . but still the same.
                      I don't see anything in Configurations to setup.

                      Per one of the notes i had run -- immediate command and it said it sent it to vulndetect yesterday. But still nothing happens.
                      Thanks for the any help.

                      T 1 Reply Last reply Reply Quote 0
                      • T
                        Tom VulnDetect Team Member last edited by

                        Don't you see the "authToken" in the log file?

                        [2018-12-20 21:25:41.529+0000] Current configuration:
                                     version:: 0.10.11.0
                                   authToken : aef31e67-721a-4d04-bcca-xxxxxxxxxxxx
                                      server : agent.vulndetect.com
                        

                        If you don't, then you agent isn't registered properly.

                        In Configuration you should see a "review" agent or similar.

                        If you don't, then you have to uninstall and install again.

                        /Tom
                        Download the latest SecTeer VulnDetect agent here:
                        https://vulndetect.com/dl/secteerSetup.exe

                        K 1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Download SecTeer Personal VulnDetect - an alternative to the long lost Secunia PSI

                        Please see our Privacy and Data Processing Policy
                        Sponsored and operated by SecTeer | VulnDetect is a replacement for the EoL Secunia PSI
                        Forum software by NodeBB