[Solved] Microsoft Teams - No longer detected (Bug)

OLLI_S · 17 Apr 2022, 14:20

Microsoft Teams was detected in the past but currently it is no longer detected.

Here the information extracted from the EXE file:

File name and path:     C:\Users\melan\AppData\Local\Microsoft\Teams\current\Teams.exe
Product Name:           Microsoft Teams
Internal Name:          Teams
Original Filename:      Teams.exe

File Description:       Microsoft Teams
Company:                Microsoft Corporation
Legal Copyright:        Copyright (C) 2016 Microsoft. All rights reserved.
Legal Trademarks:       
Comments:               

File Version String:    1.5.00.9163
File Version:           1.5.0.9163
Product Version String: 1.5.00.9163
Product Version:        1.5.0.9163

Tom · 18 Apr 2022, 11:29

@OLLI_S I checked your account, there is one installation on a PC under your user.

I can't see any Teams installations on other PCs or for other users.

Can you send a PM with the host name?

Thinking about it, there might be a natural explanation for this, which I can't check in any easy way. In the latest agent versions, we look at active users, and we only show apps that are installed under \Users\<username>\ if the user has been active within the past 7 days.

So if the user you refer to hasn't used the PC for a long time, then the apps for that user will be hidden, even if the PC is online.

Once the user becomes active again, the results are included (and updated) on subsequent inspections.

OLLI_S · 18 Apr 2022, 18:07

@Tom Is this procedure not a possible security risk?
Many apps install themselves in user content and if the user is not online for a week, then admins will never get the info, that there are known vulnerabilities on the machine....
I think this is very risky.

To test this, I logged in on the target machine as the target user (see PMs in the chat).
Then I started a full system scan (twice).

But Microsoft Teams is still not shown!

Tom · 18 Apr 2022, 19:30

@OLLI_S I pushed that host to our "test" inspection processor (SCHME) and analysed the processing logs.

The issue was that there are multiple Teams.exe files, and in rare cases, a temporary file created by the Microsoft Teams updater, got elected as the parent. But another rule set, dictates that all these temporary files should be "discarded", thus this temporary file and all it's "children" vanished.

I've changed the logic of the bundling, so this temporary file always will be a child (if it exists). When the temporary file is discarded by the other rule set, then it won't affect the results that you and other users see.

This was a good "catch".

Thank you!

(this also means that it wasn't related to the user being inactive)

OLLI_S · 22 Apr 2022, 10:28

Microsoft Teams Desktop Client is now shown.
Thank you @Tom for fixing this!