• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Download VulnDetect Installer
  • Login
SecTeer VulnDetect & PatchPro Support Forum VulnDetect
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Download VulnDetect Installer
  • Login

[Solved] OpenSSH - Why is this found?

Scheduled Pinned Locked Moved Solved Detection Issues
app-detection
7 Posts 2 Posters 2.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • O Offline
    OLLI_S Community Moderator
    last edited by OLLI_S 3 Jul 2018, 20:03

    VulnDetect found OpenSSH twice on my system:

    • C:\Windows\System32\OpenSSH\ssh.exe
    • C:\Windows\WinSxS\amd64_openssh-client-components-onecore_31bf3856ad364e35_10.0.17134.1_none_e57dc8a085c8dd4a\ssh.exe

    This is a Windows System Component so this should be ignored because the user must not update this product in this folder!
    So, do you plan to show also Windows components?

    1 Reply Last reply Reply Quote 1
    • T Offline
      Tom VulnDetect Team Member
      last edited by 4 Jul 2018, 11:43

      This is detected because it also is an independent program, which you may download and install.
      We will not detect system components that are not accessible as standalone programs.
      But I suppose we need to add OpenSSH to the list of products that needs contextual rules, so only the user managed versions will be reported and not the one managed by Windows.
      Thank you for highlighting this.

      /Tom
      Download the latest SecTeer VulnDetect agent here:
      https://vulndetect.com/dl/secteerSetup.exe

      1 Reply Last reply Reply Quote 1
      • O Offline
        OLLI_S Community Moderator
        last edited by OLLI_S 7 May 2018, 21:04 4 Jul 2018, 15:38

        I have an other App for your Special Treatment list: Flash Player
        Found 7 times in the following folders:

        1) C:\Windows\System32\Macromed\Flash\Flash.ocx
        2) C:\Windows\SysWOW64\Macromed\Flash\Flash.ocx
        3) C:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_10.0.17134.109_none_0d7973b1bf7e4a2c\Flash.ocx
        4) C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_10.0.17134.109_none_17ce1e03f3df0c27\Flash.ocx

        5) C:\Users\OLLI\AppData\Local\Google\Chrome\User Data\PepperFlash\30.0.0.113\pepflashplayer.dll
        6) D:\ _Bakup_Profile_C-Laufwerk\OLLI\AppData\Local\Google\Chrome\User Data\PepperFlash\30.0.0.113\pepflashplayer.dll
        7) D:\PortableApps\PortableApps\GoogleChromePortable\Data\profile\PepperFlash\30.0.0.113\pepflashplayer.dll

        At 6) I had to add a blank between "D:" and the "_".

        Number 1), 2), 3) and 4) are in the Windows 10 system folder so this must not be updated by the user
        Number 5) is bundled with Google Chrome
        Number 7) is bundled with Google Chrome Portable
        Number 6) is a backup of 5)

        1 Reply Last reply Reply Quote 0
        • O Offline
          OLLI_S Community Moderator
          last edited by OLLI_S 7 May 2018, 21:04 4 Jul 2018, 16:17

          I have an other App for your Special Treatment list: Silverlight
          Found 2 times in the following folders:

          1) C:\Program Files\Microsoft Silverlight\sllauncher.exe
          2) C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe

          Both are in the Windows 10 system folder so this must not be updated by the user

          1 Reply Last reply Reply Quote 0
          • O Offline
            OLLI_S Community Moderator
            last edited by OLLI_S 7 May 2018, 21:04 5 Jul 2018, 21:01

            I have an other App for your Special Treatment list: curl
            Found 2 times in the following folders:

            1) C:\Windows\System32\curl.exe
            2) C:\Windows\WinSxS\amd64_curl_31bf3856ad364e35_10.0.17134.1_none_63ec3c6686553e29\curl.exe

            Both are in the Windows 10 system folder so this must not be updated by the user

            1 Reply Last reply Reply Quote 1
            • O Offline
              OLLI_S Community Moderator
              last edited by 7 Jul 2018, 21:33

              In my VM curl is found twice:
              1) C:\Windows\System32\curl.exe
              2) C:\Windows\WinSxS\amd64_curl_31bf3856ad364e35_10.0.17134.1_none_63ec3c6686553e29\curl.exe

              Both versions are shown as Unsave although the user must not update these versions (OS-Related).
              So you have to find a solution for system related apps.

              1 Reply Last reply Reply Quote 1
              • O Offline
                OLLI_S Community Moderator
                last edited by 15 Dec 2018, 16:51

                This is bundled with windows and we have the suggestion [Work in progress] Hide bundled applications
                So I mark the issue as solved.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Download SecTeer Personal VulnDetect - an alternative to the long lost Secunia PSI

                Please see our Privacy and Data Processing Policy
                Sponsored and operated by SecTeer | VulnDetect is a replacement for the EoL Secunia PSI
                Forum software by NodeBB