[Implemented] Don't store log files in the Windows folder

OLLI_S · 10 Apr 2018, 10:21

Currently the log file is stored in the Windows folder C:\Windows
Please use the official Windows Log folder for your logging output.

GregAlexandre · 6 Feb 2018, 10:20

As suggested for local time vs UTC, using the Windows eventlog format would resolve this.

Tom · 27 Sept 2018, 17:01

The VulnDetect uses the "official" log folder under Windows now.

OLLI_S · 27 Sept 2018, 20:47

Perfect, now the log files are placed in C:\Windows\Logs\SecTeer

OLLI_S · 3 Oct 2018, 20:34

I recognized that the log files are only stored in the folder C:\Windows\Logs\SecTeer when I start the scan batch with Administrator rights.
When I start the scan batch without Administrator rights then no log files will be created.

So I suggest that you store the log files in a folder where you don't need Administrator rights.

Tom · 4 Oct 2018, 05:40

VulnDetect is intended to be run in an automated manner, using the scheduling. When it runs in this manner, it has the required privileges to store log files (and read all applicable files).

If you run VulnDetect as a "normal" user, which works fine for most, you should be aware that there is a number of potential issues, since VulnDetect doesn't necessarily have the privileges to read all relevant files on the system.

This also goes for the logging, so if you want log details, while running VulnDetect as a "normal" user, you should either view directly on the console (so no -q) or you should specify "-l c:\users\myuser\mylogfile.log" and again, no "-q" since it also makes logging quiet.

So, all in all, if you want correct (complete) results, you should either only use the scheduled inspection or run "secteer.exe" as an administrative user. Running "secteer.exe" directly should only be used for a quick update of your results or for testing.

On another, but related, note, we will soon be launching a new feature in VulnDetect, which also will require higher privileges, so again, running "secteer.exe" directly is only for quick troubleshooting or testing of newly added rules / apps.

OLLI_S · 4 Oct 2018, 08:44

@tom said in Don't store log files in the Windows folder:

On another, but related, note, we will soon be launching a new feature in VulnDetect, which also will require higher privileges, so again, running "secteer.exe" directly is only for quick troubleshooting or testing of newly added rules / apps.

OK, so I have to run secteer.exe with administrator rights.
Is this enough for the future changes?

VulnDetect · 4 Oct 2018, 09:26

@olli_s It should be. But again, we can't guarantee that it will work exactly the same way, when you run it in a console, as when it runs as a Windows Service.

OLLI_S · 4 Oct 2018, 10:21

So that needs to be tested...
I set the topic to Implemented.