navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Does PSI scan registry...or just drives

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
tridom Does PSI scan registry...or just drives
Member 27th Nov, 2008 17:56
Ranking: 0
Posts: 20
User Since: 26th Nov, 2008
System Score: N/A
Location: N/A
Last edited on 27th Nov, 2008 17:57

The reason I ask....

I have an old system drive I use as a slave and it is detecting programs on that drive as being insecure. I can't update these programs because they are not active (newer versions are installed on my OS drive). When ever I install a patch, it installs, or detects a previous installation, against the version on my OS drive, which does show up under "patched".

So I was wondering if PSI just deteacts that the program exists on the drive, or actually finds it in the registry.


BigDave_39 RE: Does PSI scan registry...or just drives
Member 27th Nov, 2008 18:07
Score: 0
Posts: 177
User Since: 26th Nov 2008
System Score: N/A
Location: Washington, DC, US
on 27th Nov, 2008 17:56, tridom wrote:
The reason I ask....

I have an old system drive I use as a slave and it is detecting programs on that drive as being insecure. I can't update these programs because they are not active (newer versions are installed on my OS drive). When ever I install a patch, it installs, or detects a previous installation, against the version on my OS drive, which does show up under "patched".

So I was wondering if PSI just deteacts that the program exists on the drive, or actually finds it in the registry.




I'm pretty sure that the PSI scans the actual files rather than the registry... but don't kill me if i'm wrong :)

--
Big Dave
Was this reply relevant?
+0
-0
tridom01 RE: Does PSI scan registry...or just drives
Member 27th Nov, 2008 19:14
Score: 0
Posts: 4
User Since: 27th Nov 2008
System Score: N/A
Location: N/A
on 27th Nov, 2008 18:07, BigDave_39 wrote:
I'm pretty sure that the PSI scans the actual files rather than the registry... but don't kill me if i'm wrong :)


BANG!....you're dead! (J/K)

Thanks for replying. I think you're right, but I'd like to find out for sure.
Was this reply relevant?
+0
-0
E.Jeppesen RE: Does PSI scan registry...or just drives
Secunia Official 28th Nov, 2008 10:04
Score: 220
Posts: 618
User Since: 24th Nov 2008
System Score: N/A
Location: Copenhagen, DK
on 27th Nov, 2008 18:07, BigDave_39 wrote:
I'm pretty sure that the PSI scans the actual files rather than the registry... but don't kill me if i'm wrong :)


That is correct. The Secunia PSI looks at what is actually on the drive, not just what the registry says. That is a more reliable detection method as the registry can often be wrong.
tridom RE: Does PSI scan registry...or just drives
Member 28th Nov, 2008 20:49
Score: 0
Posts: 20
User Since: 26th Nov 2008
System Score: N/A
Location: N/A
on 28th Nov, 2008 10:04, E.Jeppesen wrote:
That is correct. The Secunia PSI looks at what is actually on the drive, not just what the registry says. That is a more reliable detection method as the registry can often be wrong.


Thank you, sir. That is what I wanted to know.

So I guess its safe to exclude those particular files.
Was this reply relevant?
+0
-0
RenoBill RE: Does PSI scan registry...or just drives
Member 29th Nov, 2008 02:42
Score: 0
Posts: 1
User Since: 29th Nov 2008
System Score: N/A
Location: N/A
I have two drives, both partitioned. I place nearly all my programs on the 2nd (non OS) HD. Does PSI look in all drives and partitions, or just the OS partition? I realize that many programs, even if installed in some other location, place hooks into the OS. But not all of them do that, and I'm wondering if PSI is able to examine them.
Was this reply relevant?
+0
-0
BigDave_39 RE: Does PSI scan registry...or just drives
Member 29th Nov, 2008 10:01
Score: 0
Posts: 177
User Since: 26th Nov 2008
System Score: N/A
Location: Washington, DC, US
on 29th Nov, 2008 02:42, RenoBill wrote:
I have two drives, both partitioned. I place nearly all my programs on the 2nd (non OS) HD. Does PSI look in all drives and partitions, or just the OS partition? I realize that many programs, even if installed in some other location, place hooks into the OS. But not all of them do that, and I'm wondering if PSI is able to examine them.


I'm pretty sure it does. I have 3 HDs and the psi detected various programs on all of them

--
Big Dave
Was this reply relevant?
+0
-0
tridom RE: Does PSI scan registry...or just drives
Member 29th Nov, 2008 20:51
Score: 0
Posts: 20
User Since: 26th Nov 2008
System Score: N/A
Location: N/A
Same here. The programs I refer to are actually on partitions on a physically seperate drive from the OS and PSI detects them.
Was this reply relevant?
+0
-0
x_nix RE: Does PSI scan registry...or just drives
Member 6th Dec, 2008 08:34
Score: 0
Posts: 4
User Since: 4th Dec 2008
System Score: N/A
Location: US
I have a Dell machine which has a partition intended for re-install, and is never used by me at all, and it gets scanned. I set up a rule to ignore D:\windows\system32 because I do not want to fool around with it, but at least I am aware that if I ever did restore (which since I have gone from Vista 1.0 to service pack 1, I probably cannot anyway) that I would have an insecure system which would require fixing.

If you look at the directories where the complaints reside, they may well be in obsolete software, or in installation packages, rather than in code which would actually be executed. Unfortunately, there is no absolute guarantee that no program could be executing the old code unless you take action against it.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+