scottsan

scottsan

I have no detected applications when I logon at:
https://personal.vulndetect.com/#/applications

I tried the command "secteer --immediate" at an administrator command prompt. It enumerates my and d: drives, but when it gets to my e: drive the program hangs and does nothing. I have let it wait a good while a few times. Any ideas? Below is text from administrator command prompt:

C:\Program Files (x86)\SecTeer VulnDetect>secteer --check-in --immediate
[2018-12-31 04:20:57.625-0360] SecTeer Agent v0.10.11.0 starting in immediate mode
[2018-12-31 04:20:57.625-0360] Starting SecTeer Agent in immediate mode
[2018-12-31 04:20:57.627-0360] Running immediate inspection
[2018-12-31 04:20:57.628-0360] Configuration:
version:: 0.10.11.0
authToken : ba0b2e67-f4ec-4b88-80ae-xxxxxxxxxxxx
server : agent.vulndetect.com
guid1::
guid2::
guid3::
checkInInterval:: 3600 seconds
checkInRetryDelay:: 360 seconds
maxCheckInRetryCount:: 10
dataRetryDelay:: 1800 seconds
inspectionWindow:: 21600 seconds
timezoneOffset : -360 minutes
checkInNow : true
inspectNow : true
noFilesystem:: false
noRegistry:: false
noWinUpdate:: false
noSystem:: false
noPackage:: true
[2018-12-31 04:20:57.628-0360] Starting system inspection
[2018-12-31 04:20:57.628-0360] Fetching inspection rules from server
[2018-12-31 04:20:57.672-0360] Connecting to server: agent.vulndetect.com
[2018-12-31 04:20:58.451-0360] Server returned 200 => OK
[2018-12-31 04:20:58.455-0360] Found 'computerName' = 'LIVERNUGGET'
[2018-12-31 04:20:58.511-0360] Enumerating Win32_OperatingSystem
[2018-12-31 04:20:58.642-0360] Enumerating Win32_Bios
[2018-12-31 04:20:58.666-0360] Searching updates: IsInstalled=0
[2018-12-31 04:21:17.827-0360] Found 1 updates
[2018-12-31 04:21:17.832-0360] Searching updates: IsInstalled=1
[2018-12-31 04:21:30.659-0360] Found 70 updates
[2018-12-31 04:21:30.897-0360] Filesystem redirection status: Redirection disabled
[2018-12-31 04:21:30.897-0360] Enumerating 'C:'
[2018-12-31 04:21:30.932-0360] Skipping 'C:$WINDOWS.~BT', since it is blacklisted
[2018-12-31 04:21:30.932-0360] Skipping 'C:$Windows.~WS', since it is blacklisted
[2018-12-31 04:21:33.787-0360] Skipping 'C:\System Volume Information', since it is blacklisted
[2018-12-31 04:21:36.586-0360] Skipping 'C:\Windows\InfusedApps', since it is blacklisted
[2018-12-31 04:21:36.588-0360] Skipping 'C:\Windows\Installer', since it is blacklisted
[2018-12-31 04:21:39.447-0360] Skipping 'C:\Windows\WinSxS', since it is blacklisted
[2018-12-31 04:21:39.455-0360] Enumerating 'D:'
[2018-12-31 04:21:40.257-0360] Enumerating 'E:'

scottsan

@Tom My E: drive is one of 3 storage partitions (D:, E:. and F:) on a Western Digital 1 GB spinning hard drive....nothing special. I let the software run for about for 4 hours and it just sits at Enumerating 'e:' . See results below

C:\Program Files (x86)\SecTeer VulnDetect>secteer.exe --immediate --path=e:
[2019-01-05 00:14:39.814-0360] SecTeer Agent v0.10.11.0 starting in immediate mode
[2019-01-05 00:14:39.814-0360] Starting SecTeer Agent in immediate mode
[2019-01-05 00:14:39.817-0360] Running immediate inspection
[2019-01-05 00:14:39.817-0360] Configuration:
version:: 0.10.11.0
authToken : cfc90742-f4ea-45d8-8bc8-xxxxxxxxxxxx
server : agent.vulndetect.com
guid1::
guid2::
guid3::
checkInInterval:: 3600 seconds
checkInRetryDelay:: 360 seconds
maxCheckInRetryCount:: 10
dataRetryDelay:: 1800 seconds
inspectionWindow:: 21600 seconds
timezoneOffset : -360 minutes
checkInNow:: false
inspectNow : true
inspectionPath : e:
noFilesystem:: false
noRegistry:: false
noWinUpdate:: false
noSystem:: false
noPackage:: true
[2019-01-05 00:14:39.817-0360] Starting system inspection
[2019-01-05 00:14:39.817-0360] Fetching inspection rules from server
[2019-01-05 00:14:39.843-0360] Connecting to server: agent.vulndetect.com
[2019-01-05 00:14:40.620-0360] Server returned 200 => OK
[2019-01-05 00:14:40.624-0360] Found 'computerName' = 'LIVERNUGGET'
[2019-01-05 00:14:40.679-0360] Enumerating Win32_OperatingSystem
[2019-01-05 00:14:40.750-0360] Enumerating Win32_Bios
[2019-01-05 00:14:40.781-0360] Searching updates: IsInstalled=0
[2019-01-05 00:15:05.867-0360] Found 1 updates
[2019-01-05 00:15:05.872-0360] Searching updates: IsInstalled=1
[2019-01-05 00:15:17.961-0360] Found 70 updates
[2019-01-05 00:15:18.132-0360] Filesystem redirection status: Redirection disabled
[2019-01-05 00:15:18.132-0360] Enumerating 'e:'
^C
C:\Program Files (x86)\SecTeer VulnDetect>secteer.exe --immediate --path=e:
[2019-01-05 04:31:50.170-0360] SecTeer Agent v0.10.11.0 starting in immediate mode
[2019-01-05 04:31:50.170-0360] Starting SecTeer Agent in immediate mode
[2019-01-05 04:31:50.174-0360] Running immediate inspection
[2019-01-05 04:31:50.174-0360] Configuration:
version:: 0.10.11.0
authToken : cfc90742-f4ea-45d8-8bc8-xxxxxxxxxxxx
server : agent.vulndetect.com
guid1::
guid2::
guid3::
checkInInterval:: 3600 seconds
checkInRetryDelay:: 360 seconds
maxCheckInRetryCount:: 10
dataRetryDelay:: 1800 seconds
inspectionWindow:: 21600 seconds
timezoneOffset : -360 minutes
checkInNow:: false
inspectNow : true
inspectionPath : e:
noFilesystem:: false
noRegistry:: false
noWinUpdate:: false
noSystem:: false
noPackage:: true
[2019-01-05 04:31:50.174-0360] Starting system inspection
[2019-01-05 04:31:50.174-0360] Fetching inspection rules from server
[2019-01-05 04:31:50.205-0360] Connecting to server: agent.vulndetect.com
[2019-01-05 04:31:51.040-0360] Server returned 200 => OK
[2019-01-05 04:31:51.044-0360] Found 'computerName' = 'LIVERNUGGET'
[2019-01-05 04:31:51.099-0360] Enumerating Win32_OperatingSystem
[2019-01-05 04:31:51.171-0360] Enumerating Win32_Bios
[2019-01-05 04:31:51.194-0360] Searching updates: IsInstalled=0
[2019-01-05 04:32:15.667-0360] Found 1 updates
[2019-01-05 04:32:15.672-0360] Searching updates: IsInstalled=1
^C
C:\Program Files (x86)\SecTeer VulnDetect>

scottsan

@Tom Hi Tom....it looks like things are working ok now. Thanks.

scottsan

@Anselm I have a zipped PML file that is 1.5MB. How do I get it to you?

scottsan

@Tom I ran procmon as instructed and have a .csv file of when the secteer command was started. The file is about 6MB. How can I send this to you?

Here is some info from the file:

![0_1549303710471_9b918d37-215f-43a0-9ea3-b45c0b5c3844-image.png](Uploading 100%)
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 15320 CreateFile C:\Windows SUCCESS Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 15320 CreateFile C:\Windows\System32\wow64log.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 15320 CreateFile C:\Windows SUCCESS Desired Access: Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 15320 QueryNameInformationFile C:\Windows SUCCESS Name: \Windows
46:27.7 secteer.exe 15320 CloseFile C:\Windows SUCCESS
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 15320 CreateFile C:\Program Files (x86)\SecTeer VulnDetect SUCCESS Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 15320 CreateFile C:\Windows\SysWOW64\apphelp.dll SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 15320 QueryBasicInformationFile C:\Windows\SysWOW64\apphelp.dll SUCCESS CreationTime: 2019-01-22 8:49:48 PM, LastAccessTime: 2019-01-22 8:49:48 PM, LastWriteTime: 2019-01-22 8:49:48 PM, ChangeTime: 2019-01-22 9:06:55 PM, FileAttributes: A
46:27.7 secteer.exe 15320 CloseFile C:\Windows\SysWOW64\apphelp.dll SUCCESS
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 15320 CreateFile C:\Windows\SysWOW64\apphelp.dll SUCCESS Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 15320 CreateFileMapping C:\Windows\SysWOW64\apphelp.dll FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE|PAGE_NOCACHE
46:27.7 secteer.exe 15320 CreateFileMapping C:\Windows\SysWOW64\apphelp.dll SUCCESS SyncType: SyncTypeOther
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES
46:27.7 secteer.exe 15320 CloseFile C:\Windows\SysWOW64\apphelp.dll SUCCESS
46:27.7 secteer.exe 10620 QueryDirectory E:\ NO MORE FILES

scottsan

@Tom I tried the latest version of the agent and there is no change. I let it run for several hours and it just sits at Enumerating 'E:'. See details below.

C:\Program Files (x86)\SecTeer VulnDetect>secteer --immediate
[2019-02-01 03:17:14.122-0360] SecTeer Agent v1.0.0.0 starting in immediate mode
[2019-02-01 03:17:14.122-0360] Starting SecTeer Agent in immediate mode
[2019-02-01 03:17:14.126-0360] Running immediate inspection
[2019-02-01 03:17:14.126-0360] Configuration:
version:: 1.0.0.0
authToken : 5cafb66c-fb52-4ad2-bd72-xxxxxxxxxxxx
server : agent.vulndetect.com
guid1::
guid2::
guid3::
checkInInterval:: 600 seconds
checkInRetryDelay:: 60 seconds
maxCheckInRetryCount:: 10
dataRetryDelay:: 1800 seconds
inspectionWindow:: 21600 seconds
timezoneOffset : -360 minutes
currentTime:: 2019-01-31 21:17:14 (local time)
checkInNow:: false
inspectNow : true
noFilesystem:: false
noRegistry:: false
noWinUpdate:: false
noSystem:: false
noPackage:: true
inspectRemote:: false
[2019-02-01 03:17:14.126-0360] Starting system inspection
[2019-02-01 03:17:14.126-0360] Fetching inspection rules from server
[2019-02-01 03:17:14.161-0360] Connecting to server: agent.vulndetect.com
[2019-02-01 03:17:14.955-0360] Server returned 200 => OK
[2019-02-01 03:17:14.958-0360] Found 'computerName' = 'LIVERNUGGET'
[2019-02-01 03:17:15.030-0360] Enumerating Win32_OperatingSystem
[2019-02-01 03:17:15.120-0360] Enumerating Win32_Bios
[2019-02-01 03:17:15.153-0360] Searching updates: IsInstalled=0
[2019-02-01 03:17:38.605-0360] Found 1 updates
[2019-02-01 03:17:38.610-0360] Searching updates: IsInstalled=1
[2019-02-01 03:17:53.877-0360] Found 71 updates
[2019-02-01 03:17:54.112-0360] Filesystem redirection status: Redirection disabled
[2019-02-01 03:17:54.112-0360] Enumerating 'C:'
[2019-02-01 03:17:54.151-0360] Skipping 'C:$Windows.~WS', since it is blacklisted
[2019-02-01 03:17:59.775-0360] Skipping 'C:\System Volume Information', since it is blacklisted
[2019-02-01 03:18:03.357-0360] Skipping 'C:\Windows\InfusedApps', since it is blacklisted
[2019-02-01 03:18:03.360-0360] Skipping 'C:\Windows\Installer', since it is blacklisted
[2019-02-01 03:18:06.513-0360] Skipping 'C:\Windows\WinSxS', since it is blacklisted
[2019-02-01 03:18:06.520-0360] Enumerating 'D:'
[2019-02-01 03:18:10.193-0360] Enumerating 'E:'

scottsan

@Tom Any progress on my issue? The SecTeer VulnDetect software flat out does not work for me now. It did work fine for me a few months back. So meanwhile I have installed SUMo Software Update Monitor at https://kcsoftwares.com/files/sumo_lite.exe . It just works and even though it is a little more complicated to use.

scottsan

@Tom My E: drive is one of 3 storage partitions (D:, E:. and F:) on a Western Digital 1 GB spinning hard drive....nothing special. I let the software run for about for 4 hours and it just sits at Enumerating 'e:' . See results below

C:\Program Files (x86)\SecTeer VulnDetect>secteer.exe --immediate --path=e:
[2019-01-05 00:14:39.814-0360] SecTeer Agent v0.10.11.0 starting in immediate mode
[2019-01-05 00:14:39.814-0360] Starting SecTeer Agent in immediate mode
[2019-01-05 00:14:39.817-0360] Running immediate inspection
[2019-01-05 00:14:39.817-0360] Configuration:
version:: 0.10.11.0
authToken : cfc90742-f4ea-45d8-8bc8-xxxxxxxxxxxx
server : agent.vulndetect.com
guid1::
guid2::
guid3::
checkInInterval:: 3600 seconds
checkInRetryDelay:: 360 seconds
maxCheckInRetryCount:: 10
dataRetryDelay:: 1800 seconds
inspectionWindow:: 21600 seconds
timezoneOffset : -360 minutes
checkInNow:: false
inspectNow : true
inspectionPath : e:
noFilesystem:: false
noRegistry:: false
noWinUpdate:: false
noSystem:: false
noPackage:: true
[2019-01-05 00:14:39.817-0360] Starting system inspection
[2019-01-05 00:14:39.817-0360] Fetching inspection rules from server
[2019-01-05 00:14:39.843-0360] Connecting to server: agent.vulndetect.com
[2019-01-05 00:14:40.620-0360] Server returned 200 => OK
[2019-01-05 00:14:40.624-0360] Found 'computerName' = 'LIVERNUGGET'
[2019-01-05 00:14:40.679-0360] Enumerating Win32_OperatingSystem
[2019-01-05 00:14:40.750-0360] Enumerating Win32_Bios
[2019-01-05 00:14:40.781-0360] Searching updates: IsInstalled=0
[2019-01-05 00:15:05.867-0360] Found 1 updates
[2019-01-05 00:15:05.872-0360] Searching updates: IsInstalled=1
[2019-01-05 00:15:17.961-0360] Found 70 updates
[2019-01-05 00:15:18.132-0360] Filesystem redirection status: Redirection disabled
[2019-01-05 00:15:18.132-0360] Enumerating 'e:'
^C
C:\Program Files (x86)\SecTeer VulnDetect>secteer.exe --immediate --path=e:
[2019-01-05 04:31:50.170-0360] SecTeer Agent v0.10.11.0 starting in immediate mode
[2019-01-05 04:31:50.170-0360] Starting SecTeer Agent in immediate mode
[2019-01-05 04:31:50.174-0360] Running immediate inspection
[2019-01-05 04:31:50.174-0360] Configuration:
version:: 0.10.11.0
authToken : cfc90742-f4ea-45d8-8bc8-xxxxxxxxxxxx
server : agent.vulndetect.com
guid1::
guid2::
guid3::
checkInInterval:: 3600 seconds
checkInRetryDelay:: 360 seconds
maxCheckInRetryCount:: 10
dataRetryDelay:: 1800 seconds
inspectionWindow:: 21600 seconds
timezoneOffset : -360 minutes
checkInNow:: false
inspectNow : true
inspectionPath : e:
noFilesystem:: false
noRegistry:: false
noWinUpdate:: false
noSystem:: false
noPackage:: true
[2019-01-05 04:31:50.174-0360] Starting system inspection
[2019-01-05 04:31:50.174-0360] Fetching inspection rules from server
[2019-01-05 04:31:50.205-0360] Connecting to server: agent.vulndetect.com
[2019-01-05 04:31:51.040-0360] Server returned 200 => OK
[2019-01-05 04:31:51.044-0360] Found 'computerName' = 'LIVERNUGGET'
[2019-01-05 04:31:51.099-0360] Enumerating Win32_OperatingSystem
[2019-01-05 04:31:51.171-0360] Enumerating Win32_Bios
[2019-01-05 04:31:51.194-0360] Searching updates: IsInstalled=0
[2019-01-05 04:32:15.667-0360] Found 1 updates
[2019-01-05 04:32:15.672-0360] Searching updates: IsInstalled=1
^C
C:\Program Files (x86)\SecTeer VulnDetect>

scottsan

@Tom Hi...I have tried scanning my e: drive by itself and the program stalls. Any ideas?

scottsan

@Tom Tried the command and the program stalls when enumerating e:\ drive. See results below.

C:\Program Files (x86)\SecTeer VulnDetect>secteer -v --immediate --path e:
[2019-01-01 16:25:09.635-0360] SecTeer Agent v0.10.11.0 starting in immediate mode
[2019-01-01 16:25:09.635-0360] Starting SecTeer Agent in immediate mode
[2019-01-01 16:25:09.637-0360] Running immediate inspection
[2019-01-01 16:25:09.637-0360] Configuration:
version:: 0.10.11.0
authToken : ba0b2e67-f4ec-4b88-80ae-xxxxxxxxxxxx
server : agent.vulndetect.com
guid1::
guid2::
guid3::
checkInInterval:: 3600 seconds
checkInRetryDelay:: 360 seconds
maxCheckInRetryCount:: 10
dataRetryDelay:: 1800 seconds
inspectionWindow:: 21600 seconds
timezoneOffset : -360 minutes
checkInNow:: false
inspectNow : true
inspectionPath : e:
noFilesystem:: false
noRegistry:: false
noWinUpdate:: false
noSystem:: false
noPackage:: true
[2019-01-01 16:25:09.637-0360] Starting system inspection
[2019-01-01 16:25:09.637-0360] Fetching inspection rules from server
[2019-01-01 16:25:09.669-0360] Connecting to server: agent.vulndetect.com
[2019-01-01 16:25:10.542-0360] Server returned 200 => OK
[2019-01-01 16:25:10.547-0360] Found 'computerName' = 'LIVERNUGGET'
[2019-01-01 16:25:10.609-0360] Enumerating Win32_OperatingSystem
[2019-01-01 16:25:10.668-0360] Enumerating Win32_Bios
[2019-01-01 16:25:10.700-0360] Searching updates: IsInstalled=0
[2019-01-01 16:25:29.020-0360] Found 1 updates
[2019-01-01 16:25:29.026-0360] Searching updates: IsInstalled=1
[2019-01-01 16:25:40.697-0360] Found 70 updates
[2019-01-01 16:25:40.892-0360] Filesystem redirection status: Redirection disabled
[2019-01-01 16:25:40.892-0360] Enumerating 'e:'

scottsan

I also tried the command C:\Program Files (x86)\SecTeer VulnDetect>secteer --check-in --immediate and monitored the memory usage when it got the e: drive. It did not change at all.

scottsan

@Tom said in No Detected Applications & Enumerating Drive Stall:

secteer.exe --immediate --path="c:"

Hi Tom,

C drive is my system drive. I tried your command and it scanned for less than a minute. Below are the results.

C:\Program Files (x86)\SecTeer VulnDetect>secteer.exe --immediate --path="c:"
[2019-01-01 03:22:00.423-0360] SecTeer Agent v0.10.11.0 starting in immediate mode
[2019-01-01 03:22:00.423-0360] Starting SecTeer Agent in immediate mode
[2019-01-01 03:22:00.426-0360] Running immediate inspection
[2019-01-01 03:22:00.426-0360] Configuration:
version:: 0.10.11.0
authToken : ba0b2e67-f4ec-4b88-80ae-xxxxxxxxxxxx
server : agent.vulndetect.com
guid1::
guid2::
guid3::
checkInInterval:: 3600 seconds
checkInRetryDelay:: 360 seconds
maxCheckInRetryCount:: 10
dataRetryDelay:: 1800 seconds
inspectionWindow:: 21600 seconds
timezoneOffset : -360 minutes
checkInNow:: false
inspectNow : true
inspectionPath : c:"
noFilesystem:: false
noRegistry:: false
noWinUpdate:: false
noSystem:: false
noPackage:: true
[2019-01-01 03:22:00.426-0360] Starting system inspection
[2019-01-01 03:22:00.426-0360] Fetching inspection rules from server
[2019-01-01 03:22:00.478-0360] Connecting to server: agent.vulndetect.com
[2019-01-01 03:22:01.271-0360] Server returned 200 => OK
[2019-01-01 03:22:01.276-0360] Found 'computerName' = 'LIVERNUGGET'
[2019-01-01 03:22:01.340-0360] Enumerating Win32_OperatingSystem
[2019-01-01 03:22:01.419-0360] Enumerating Win32_Bios
[2019-01-01 03:22:01.457-0360] Searching updates: IsInstalled=0
[2019-01-01 03:22:14.714-0360] Found 1 updates
[2019-01-01 03:22:14.718-0360] Searching updates: IsInstalled=1
[2019-01-01 03:22:26.621-0360] Found 70 updates
[2019-01-01 03:22:26.828-0360] Filesystem redirection status: Redirection disabled
[2019-01-01 03:22:26.828-0360] Examining file 'c:"'
[2019-01-01 03:22:26.828-0360] Skipping file 'c:"' because it is not interesting
[2019-01-01 03:22:26.828-0360] Finished enumerating filesystem, found 0 interesting files
[2019-01-01 03:22:26.828-0360] Inspecting interesting files
[2019-01-01 03:22:26.828-0360] Enumerated filesystem in 0.000ms
[2019-01-01 03:22:26.828-0360] Read file version information in 0.000ms
[2019-01-01 03:22:26.828-0360] Inspecting registry
[2019-01-01 03:22:26.968-0360] Inspected registry in 0.139ms
[2019-01-01 03:22:26.968-0360] Sending inspection data to server
[2019-01-01 03:22:26.974-0360] Connecting to server: agent.vulndetect.com
[2019-01-01 03:22:27.360-0360] Server returned 202 => Accepted
[2019-01-01 03:22:27.365-0360] SecTeer Agent exiting

scottsan

@scottsan

Best posts made by scottsan

Latest posts made by scottsan