Skip navigation
1019 Views 2 Replies Latest reply: Feb 8, 2012 8:50 AM by mrspike RSS
Dave Holland SupportEmployee 801 posts since
Jan 8, 2008

Has received 9 of 9 achievements.
Currently Being Moderated

Feb 7, 2012 1:09 PM

Application paths in vulnerability definitions

I have been asked how a definition works if simply a file name is put into the File Detection logic for a definition.

 

Where does vulscan look if no path is specified?

 

Some applications register themselves in the following registry key:

 

HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths

 

Vulscan checks this key first when scanning for files without a path.

 

In fact, vulscan itself is registered in this key. This is how you can type "vulscan" from the Run or Search line in Windows and it will find it, even though it is not listed in the environment variables.   Other programs register themselves a well... look for yourself in that key.

 

If vulscan does not find it in the HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths key it will look in the current working directory for Vulscan.

 

If run as the SYSTEM account that working directory should be WINDOWS\SYSTEM32.

 

If run as the user it really could be anywhere         

More Like This

  • Retrieving data ...

Bookmarked By (0)

LANDESK Community powered by Jive SBS® 4.5.7.1  |  Legal Notices  |  Privacy Policy  |  Icon 

TweeterOn Twitter  |  Icon FacebookOn Facebook © 2007 LANDESK Software