• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Download VulnDetect Installer
  • Login
SecTeer VulnDetect & PatchPro Support Forum VulnDetect
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Download VulnDetect Installer
  • Login

[Solved] Microsoft Teams - No longer detected (Bug)

Scheduled Pinned Locked Moved Solved Detection Issues
app-detectionbug
5 Posts 2 Posters 694 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • O Offline
    OLLI_S Community Moderator
    last edited by OLLI_S 17 Apr 2022, 14:20

    Microsoft Teams was detected in the past but currently it is no longer detected.


    Here the information extracted from the EXE file:

    File name and path:     C:\Users\melan\AppData\Local\Microsoft\Teams\current\Teams.exe
    Product Name:           Microsoft Teams
    Internal Name:          Teams
    Original Filename:      Teams.exe
    
    File Description:       Microsoft Teams
    Company:                Microsoft Corporation
    Legal Copyright:        Copyright (C) 2016 Microsoft. All rights reserved.
    Legal Trademarks:       
    Comments:               
    
    File Version String:    1.5.00.9163
    File Version:           1.5.0.9163
    Product Version String: 1.5.00.9163
    Product Version:        1.5.0.9163
    
    T 1 Reply Last reply 18 Apr 2022, 11:29 Reply Quote 0
    • T Offline
      Tom VulnDetect Team Member @OLLI_S
      last edited by 18 Apr 2022, 11:29

      @OLLI_S I checked your account, there is one installation on a PC under your user.

      I can't see any Teams installations on other PCs or for other users.

      Can you send a PM with the host name?

      Thinking about it, there might be a natural explanation for this, which I can't check in any easy way. In the latest agent versions, we look at active users, and we only show apps that are installed under \Users\<username>\ if the user has been active within the past 7 days.

      So if the user you refer to hasn't used the PC for a long time, then the apps for that user will be hidden, even if the PC is online.

      Once the user becomes active again, the results are included (and updated) on subsequent inspections.

      /Tom
      Download the latest SecTeer VulnDetect agent here:
      https://vulndetect.com/dl/secteerSetup.exe

      O 1 Reply Last reply 18 Apr 2022, 18:07 Reply Quote 0
      • O Offline
        OLLI_S Community Moderator @Tom
        last edited by 18 Apr 2022, 18:07

        @Tom Is this procedure not a possible security risk?
        Many apps install themselves in user content and if the user is not online for a week, then admins will never get the info, that there are known vulnerabilities on the machine....
        I think this is very risky.

        To test this, I logged in on the target machine as the target user (see PMs in the chat).
        Then I started a full system scan (twice).

        But Microsoft Teams is still not shown!

        T 1 Reply Last reply 18 Apr 2022, 19:30 Reply Quote 0
        • T Offline
          Tom VulnDetect Team Member @OLLI_S
          last edited by Tom 18 Apr 2022, 19:30

          @OLLI_S I pushed that host to our "test" inspection processor (SCHME) and analysed the processing logs.

          The issue was that there are multiple Teams.exe files, and in rare cases, a temporary file created by the Microsoft Teams updater, got elected as the parent. But another rule set, dictates that all these temporary files should be "discarded", thus this temporary file and all it's "children" vanished.

          I've changed the logic of the bundling, so this temporary file always will be a child (if it exists). When the temporary file is discarded by the other rule set, then it won't affect the results that you and other users see.

          This was a good "catch".

          Thank you!

          (this also means that it wasn't related to the user being inactive)

          /Tom
          Download the latest SecTeer VulnDetect agent here:
          https://vulndetect.com/dl/secteerSetup.exe

          1 Reply Last reply Reply Quote 0
          • O Offline
            OLLI_S Community Moderator
            last edited by 22 Apr 2022, 10:28

            Microsoft Teams Desktop Client is now shown.
            Thank you @Tom for fixing this!

            1 Reply Last reply Reply Quote 0
            • O OLLI_S moved this topic from Detection Issues on 22 Apr 2022, 10:30
            4 out of 5
            • First post
              4/5
              Last post
            Download SecTeer Personal VulnDetect - an alternative to the long lost Secunia PSI

            Please see our Privacy and Data Processing Policy
            Sponsored and operated by SecTeer | VulnDetect is a replacement for the EoL Secunia PSI
            Forum software by NodeBB