navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: programs that will not update

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
Jeff_B programs that will not update
Member 1st Jul, 2013 02:12
Ranking: 1
Posts: 3
User Since: 30th Jun, 2013
System Score: N/A
Location: US
I have 4 programs that show out of date versions. I have not been successful finding any help about these in the forum here. Let's just start with a simple? one. Python 2.7.x is listed. I don't have it installed directly, so I assume it is part of another program. The only thing I can find even remotely possible after searching the registry for Python, is something to do with VirtualBox though that is not even clear to me.

Where is PSI finding it in my system scan?
How do I see this info?

I am trying this software out for the first time, and am not too impressed with the update situation. The log file is large, and I didn't see any clues there.

Partial log file:
[06/30 11:49:20.448] Determine 'Microsoft Windows 7': determining
[06/30 11:49:20.449] Setting state of 'Microsoft Windows 7' to: 'wua' from 'determining'
[06/30 11:49:20.450] updateUI: 829656f49481ad591f8fee0f557f3d3630534b51 with message: wua
[06/30 11:49:20.450] Determine 'Skype for Windows 5.x': determining
[06/30 11:49:20.451] Setting state of 'Skype for Windows 5.x' to: 'manual' from 'determining'
[06/30 11:49:20.451] updateUI: 6ed4ab62188d386f85aafee596f561b14acb6e08 with message: manual
[06/30 11:49:20.452] Determine 'Python 2.7.x': determining
[06/30 11:49:20.453] Setting state of 'Python 2.7.x' to: 'manual' from 'determining'
[06/30 11:49:20.454] updateUI: bee316a273b727b303d8a70b9e6c7c538c4e2b7d with message: manual
[06/30 11:49:20.454] Determine 'Microsoft XML Core Services (MSXML) 4.x': determining
[06/30 11:49:20.455] Setting state of 'Microsoft XML Core Services (MSXML) 4.x' to: 'manual' from 'determining'

Jeff

--
Why am I troubleshooting the software that troubleshoots? I guess I must not be very busy enough already!

mogs RE: programs that will not update
Expert Contributor 1st Jul, 2013 11:03
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hello.
The strange thing is that Python 2.7 is not shown in the Secunia Advisory as vulnerable. See here :-
http://secunia.com/advisories/product/34806/
Most Critical Unpatched
There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..

Have you tried the following item from the FAQ......
The Secunia PSI has detected a program somewhere on my computer, but where?

To locate a detected program via the Secunia PSI, please do the following.

Secunia PSI 3.x
Right-click on the software you want to check. Select "Show details". Double-click the file location.

Secunia PSI 2.x
Go to "Scan Results" and click the “+” character next to the relevant program. Then click the yellow “Open folder” icon.

Secunia PSI 1.x
In the upper right corner click "Advanced" and "Ok" to the message box. Go to the tab where the relevant program is currently showing up. Click the “+” character next to the relevant program and then click “Open Folder”.

If you have followed the steps above you should now see the folder on your computer where the detected program is located. The Secunia PSI has also showed you the exact installation path and the name of the detected file. To examine the file you can right-click on it and choose Properties. The tabs should now show you the same information that the PSI is detecting including product name, product version etc.


Hope it helps........regards.......mogs

--
Was this reply relevant?
+3
-0
Jeff_B RE: programs that will not update
Member 1st Jul, 2013 22:41
Score: 1
Posts: 3
User Since: 30th Jun 2013
System Score: N/A
Location: US
I right-clicked, selected show details... and now I see it is in:
C:\Users\Jeff\Appdata\Roaming\TorrentStream\engine \updater\python27.dll
where the detection is triggered. I did try searching, but my search "programs that will not update" came up blank.
Thanks for the pointers, good job.
Jeff

--
Why am I troubleshooting the software that troubleshoots? I guess I must not be very busy enough already!
Was this reply relevant?
+1
-0
ddmarshall RE: programs that will not update
Dedicated Contributor 1st Jul, 2013 23:23
Score: 1212
Posts: 968
User Since: 8th Nov 2008
System Score: 98%
Location: UK
When you just have a Python runtime as part of another program Secunia usually update their rules to ignore it if they notice your post. There's not usually a problem in having a down-level version. You can also check if there is a later version of the containing program (TorrentStream) that has been compiled with a later version of Python.

You also have MSXML 4.0 in your log. This nearly always requires downloading of Service Pack 3 from http://www.microsoft.com/en-us/download/details.as... . That's assuming that PSI is finding it in C:\Windows\System32. If it's in another program's file, there are a number of ways to deal with it. You will need to run Windows Update to bring MSXML 4.0 SP3 up to date.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+3
-0
E.Jeppesen RE: programs that will not update
Secunia Official 2nd Jul, 2013 10:31
Score: 220
Posts: 618
User Since: 24th Nov 2008
System Score: N/A
Location: Copenhagen, DK
As shown in the installation path this instance of Python 2.7.x is bundled with another program and should therefore not be detected by the PSI. We have now excluded it from detection when “TorrentStream” is a part of the installation path. After a rescan it should no longer be detected.
Jeff_B RE: programs that will not update
Member 3rd Jul, 2013 07:26
Score: 1
Posts: 3
User Since: 30th Jun 2013
System Score: N/A
Location: US
Thanks for your comment about MSXML 4.0 in my log. This one is also a pain to deal with, as the file is in the winsxs folder, and Microsoft update to MSXML 4.0 SP3 FAILS. They really suck at updates.
I just renamed the offending file to make it ignored by PSI scans. Not ideal, but I am tired of updates that fail, and spinning my wheels trying to resolve it. My understanding of the winsxs is for compatibility of versions, and I apparently don't need the version flagged as out of date.
Jeff

--
Why am I troubleshooting the software that troubleshoots? I guess I must not be very busy enough already!
Was this reply relevant?
+0
-0
Maurice Joyce RE: programs that will not update
Handling Contributor 3rd Jul, 2013 09:58
Score: 11830
Posts: 9,072
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Jeff,
MSXML 4 was not included with Windows 7 or 8. You or an old programme you have installed have installed it therefore you do have something on your PC that is dependant on it. By default you have hidden (ignored) a vulnerability that has critical updates available from MS. Although a matter for you it is easy to fix. Just follow this script.

MSXML ISSUES

The release note for MSXML 4 are here:
http://download.microsoft.com/download/A/2/D/A2D85...

Please note this SP was released before Windows 7 & 8 was produced therefore there is no mention of compatibility or support once installed - it works flawlessly with Windows 7 on both 32 & 64 Bit systems. I have NOT tested it on my Windows 8 PC because I have no old legacy programmes that require it to be installed.

Firstly, it is important to note the VERSION NUMBER currently installed which PSI gives in the vulnerability report because there are three possible solutions.

Solution 1
If PSI gives a version number starting 4.2 or 4.1 that indicates that the very old MSXML 4 SP2 or even older SP1 is installed which must be MANUALLY upgraded to MSXML 4 SP3 as follows:

Click this link: (please note that the system requirements for this download do state that Windows 7 is supported unlike the release notes)

http://www.microsoft.com/en-us/download/details.as...

Once open activate the clearly marked download link called MSXML.MSI - 2.3 MB.

Once installed run & rerun Windows Update - there are some additional patches for MSXML 4 SP3.

On completion PSI will show MSXML 4 as secure with version 4.30.2117.0. like this:

https://1ncuig.bn1.livefilestore.com/y1p234rvSc7mV...


Solution 2
If PSI reveals the path to be 4.3 that almost certainly indicates that the latest Windows Update patch is not installed correctly. Run a Windows Update scan - if that reveals nothing try a manual update using this link:

http://www.microsoft.com/en-us/download/details.as...

Solution 3

If MSXML 4 SP3 BETA is installed ensure it is fully removed prior to using Solution 1. The Release Notes referred.

Hope this helps.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+