[Implemented] Don't store log files in the Windows folder

Reply to [Implemented] Don't store log files in the Windows folder on Thu, 04 Oct 2018 10:21:11 GMT

OLLI_S — Thu, 04 Oct 2018 10:21:11 GMT

So that needs to be tested...
I set the topic to Implemented.

Reply to [Implemented] Don't store log files in the Windows folder on Thu, 04 Oct 2018 09:26:29 GMT

VulnDetect — Thu, 04 Oct 2018 09:26:29 GMT

@olli_s It should be. But again, we can't guarantee that it will work exactly the same way, when you run it in a console, as when it runs as a Windows Service.

Reply to [Implemented] Don't store log files in the Windows folder on Thu, 04 Oct 2018 08:44:12 GMT

OLLI_S — Thu, 04 Oct 2018 08:44:12 GMT

@tom said in Don't store log files in the Windows folder:

On another, but related, note, we will soon be launching a new feature in VulnDetect, which also will require higher privileges, so again, running "secteer.exe" directly is only for quick troubleshooting or testing of newly added rules / apps.

OK, so I have to run secteer.exe with administrator rights.
Is this enough for the future changes?

Reply to [Implemented] Don't store log files in the Windows folder on Thu, 04 Oct 2018 05:40:29 GMT

Tom — Thu, 04 Oct 2018 05:40:29 GMT

VulnDetect is intended to be run in an automated manner, using the scheduling. When it runs in this manner, it has the required privileges to store log files (and read all applicable files).

If you run VulnDetect as a "normal" user, which works fine for most, you should be aware that there is a number of potential issues, since VulnDetect doesn't necessarily have the privileges to read all relevant files on the system.

This also goes for the logging, so if you want log details, while running VulnDetect as a "normal" user, you should either view directly on the console (so no -q) or you should specify "-l c:\users\myuser\mylogfile.log" and again, no "-q" since it also makes logging quiet.

So, all in all, if you want correct (complete) results, you should either only use the scheduled inspection or run "secteer.exe" as an administrative user. Running "secteer.exe" directly should only be used for a quick update of your results or for testing.

On another, but related, note, we will soon be launching a new feature in VulnDetect, which also will require higher privileges, so again, running "secteer.exe" directly is only for quick troubleshooting or testing of newly added rules / apps.

Reply to [Implemented] Don't store log files in the Windows folder on Wed, 03 Oct 2018 20:34:14 GMT

OLLI_S — Wed, 03 Oct 2018 20:34:14 GMT

I recognized that the log files are only stored in the folder C:\Windows\Logs\SecTeer when I start the scan batch with Administrator rights.
When I start the scan batch without Administrator rights then no log files will be created.

So I suggest that you store the log files in a folder where you don't need Administrator rights.

Reply to [Implemented] Don't store log files in the Windows folder on Thu, 27 Sep 2018 20:47:59 GMT

OLLI_S — Thu, 27 Sep 2018 20:47:59 GMT

Perfect, now the log files are placed in C:\Windows\Logs\SecTeer

Reply to [Implemented] Don't store log files in the Windows folder on Thu, 27 Sep 2018 17:01:48 GMT

Tom — Thu, 27 Sep 2018 17:01:48 GMT

The VulnDetect uses the "official" log folder under Windows now.

Reply to [Implemented] Don't store log files in the Windows folder on Sat, 02 Jun 2018 10:20:20 GMT

GregAlexandre — Sat, 02 Jun 2018 10:20:20 GMT

As suggested for local time vs UTC, using the Windows eventlog format would resolve this.