SecTeer VulnDetect & PatchPro Support Forum VulnDetect
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Download VulnDetect Installer
    • Login

    [Solved] OpenSSH - Why is this found?

    Scheduled Pinned Locked Moved Solved Detection Issues
    app-detection
    7 Posts 2 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • OLLI_SO Offline
      OLLI_S Community Moderator
      last edited by OLLI_S

      VulnDetect found OpenSSH twice on my system:

      • C:\Windows\System32\OpenSSH\ssh.exe
      • C:\Windows\WinSxS\amd64_openssh-client-components-onecore_31bf3856ad364e35_10.0.17134.1_none_e57dc8a085c8dd4a\ssh.exe

      This is a Windows System Component so this should be ignored because the user must not update this product in this folder!
      So, do you plan to show also Windows components?

      1 Reply Last reply Reply Quote 1
      • T Offline
        Tom VulnDetect Team Member
        last edited by

        This is detected because it also is an independent program, which you may download and install.
        We will not detect system components that are not accessible as standalone programs.
        But I suppose we need to add OpenSSH to the list of products that needs contextual rules, so only the user managed versions will be reported and not the one managed by Windows.
        Thank you for highlighting this.

        /Tom
        Download the latest SecTeer VulnDetect agent here:
        https://vulndetect.com/dl/secteerSetup.exe

        1 Reply Last reply Reply Quote 1
        • OLLI_SO Offline
          OLLI_S Community Moderator
          last edited by OLLI_S

          I have an other App for your Special Treatment list: Flash Player
          Found 7 times in the following folders:

          1) C:\Windows\System32\Macromed\Flash\Flash.ocx
          2) C:\Windows\SysWOW64\Macromed\Flash\Flash.ocx
          3) C:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_10.0.17134.109_none_0d7973b1bf7e4a2c\Flash.ocx
          4) C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_10.0.17134.109_none_17ce1e03f3df0c27\Flash.ocx

          5) C:\Users\OLLI\AppData\Local\Google\Chrome\User Data\PepperFlash\30.0.0.113\pepflashplayer.dll
          6) D:\ _Bakup_Profile_C-Laufwerk\OLLI\AppData\Local\Google\Chrome\User Data\PepperFlash\30.0.0.113\pepflashplayer.dll
          7) D:\PortableApps\PortableApps\GoogleChromePortable\Data\profile\PepperFlash\30.0.0.113\pepflashplayer.dll

          At 6) I had to add a blank between "D:" and the "_".

          Number 1), 2), 3) and 4) are in the Windows 10 system folder so this must not be updated by the user
          Number 5) is bundled with Google Chrome
          Number 7) is bundled with Google Chrome Portable
          Number 6) is a backup of 5)

          1 Reply Last reply Reply Quote 0
          • OLLI_SO Offline
            OLLI_S Community Moderator
            last edited by OLLI_S

            I have an other App for your Special Treatment list: Silverlight
            Found 2 times in the following folders:

            1) C:\Program Files\Microsoft Silverlight\sllauncher.exe
            2) C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe

            Both are in the Windows 10 system folder so this must not be updated by the user

            1 Reply Last reply Reply Quote 0
            • OLLI_SO Offline
              OLLI_S Community Moderator
              last edited by OLLI_S

              I have an other App for your Special Treatment list: curl
              Found 2 times in the following folders:

              1) C:\Windows\System32\curl.exe
              2) C:\Windows\WinSxS\amd64_curl_31bf3856ad364e35_10.0.17134.1_none_63ec3c6686553e29\curl.exe

              Both are in the Windows 10 system folder so this must not be updated by the user

              1 Reply Last reply Reply Quote 1
              • OLLI_SO Offline
                OLLI_S Community Moderator
                last edited by

                In my VM curl is found twice:
                1) C:\Windows\System32\curl.exe
                2) C:\Windows\WinSxS\amd64_curl_31bf3856ad364e35_10.0.17134.1_none_63ec3c6686553e29\curl.exe

                Both versions are shown as Unsave although the user must not update these versions (OS-Related).
                So you have to find a solution for system related apps.

                1 Reply Last reply Reply Quote 1
                • OLLI_SO Offline
                  OLLI_S Community Moderator
                  last edited by

                  This is bundled with windows and we have the suggestion [Work in progress] Hide bundled applications
                  So I mark the issue as solved.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Download SecTeer Personal VulnDetect - an alternative to the long lost Secunia PSI

                  Please see our Privacy and Data Processing Policy
                  Sponsored and operated by SecTeer | VulnDetect is a replacement for the EoL Secunia PSI
                  Forum software by NodeBB