Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Rescan Program doesn't work, if the program's installation direct...

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
mmo Rescan Program doesn't work, if the program's installation directory is gone.
Member 13th Jun, 2011 22:18
Ranking: 0
Posts: 19
User Since: 28th Apr, 2009
System Score: N/A
Location: CH
What I find somewhat annoying about PSI is, that if it signalled me an old program version and I then reinstall a new version plus delete the old version's installation directory (as is e.g. necessary with Google Chrome, since it's installer leaves the old version on disk) and I then select "Rescan program" to get rid of the alert, then PSI obviously does NOT rescan but leaves the alert in the list, even though the file (and even the directory) that it signalled as problematic doesn't exist any more.
Why does it not clear those alerts? It then always takes quite a while until PSI obviously does some internal rescan or cleanup and the alert finally disappears. I would, however, like to see that alert disappear as soon as the issue is fixed!

Michael

ruirib RE: Rescan Program doesn't work, if the program's installation directory is gone.
Member 14th Jun, 2011 01:24
Score: 2
Posts: 2
User Since: 20th Dec 2007
System Score: N/A
Location: N/A
Hi,

Actually choosing rescan usually worked perfectly. Today, after being alerted to some vulnerabilities, I found rescan no longer works. You need a full blown scan to have the reported threats removed. This is a major loss of usuability that is very hard to accept. I feel like removing the whole thing.
Was this reply relevant?
+0
-0
Midnight_Voice RE: Rescan Program doesn't work, if the program's installation directory is gone.
Member 16th Jun, 2011 15:53
Score: 42
Posts: 82
User Since: 1st Oct 2010
System Score: 96%
Location: UK
I've just had this problem with Google Chrome. I had 12.0.125.1 (or something like that) and PSI today determined (correctly, but about 3 days late despite a full scan yesterday) that this had a vuln now fixed in 12.0.142.1 (or something like that), and wanted me to 'Install Solution'.

But I had already installed the Dev version 13.0.782.24, which PSI did not see (and at present, still does not see).

Looking in the folder, the files for the '12' version were still there, albeit inactive. I know this causes PSI to report the program, but it should have been seeing 13 as an update to Chrome, and so the 12 as a probable zombie. But it wasn't.

Doing a Rescan caused PSI to look for "Chrome 12.0", and I think this is the problem. I suspect that PSI does not realize that Chrome 13 is a replacement for Chrome 12, and for all it knows, it may be some completely different program.

However, it still ought to see Chrome 13; it can't have it both ways.

Several Rescans still brought up Chrome 12 as vuln, even though the folder was gone; first to the Recycle Bin, and then deleted altogether, but PSI was oblivious to this.

I even humoured it, and did an 'Install Solution'. The Chrome installer downloaded it, ran for a bit, and then announced I already had a later Chrome (my 13).

But PSI still 'saw' that 12 there, even after that.

However, ten minutes later, the '12' had at least gone, and I was back to 100% score, though the Chrome 13 still hasn't shown up yet on the PSI Scan results.

Even after another complete scan. Hmmm. Looks like PSI can't see Chrome 13 at all. That would explain some of the above; but it's still not right.



--
A computer program can do anything the user doesn't know is impossible for it to do.

XP Home 32-bit - Compaq Presario V2000 Celeron 1.4GHz
Vista Ultimate 32-bit - Toshiba Equium A100 Centrino Duo 1.7GHz
Windows 7 Ultimate 64-bit - Dell Studio XPS 1645 Core i7-720 Quad 1.6-2.4GHz
(Also running Windows XP Mode 32-bit)
Was this reply relevant?
+0
-0
Anthony Wells RE: Rescan Program doesn't work, if the program's installation directory is gone.
Expert Contributor 16th Jun, 2011 21:06
Score: 2371
Posts: 3,277
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 16th Jun, 2011 21:11
Hi ,

@mmo , Michael ,

The individual rescan has never - in my experience - been very effective , if it works at all ; it is better in 2.0 .x , where it seems to work right away or after some (considerable) time delay and it might be influenced by whether you have "Show detailed program changes" selected in the PSI's "settings" module .

A full manual scan is/has always been the only sure way to get "instant gratification" - with or without reboot - and is quite essential for M$ updates to register with the PSI .

Secunia are aware that there can be some (c) delay ; whether they can improve it only time will tell .

@M_V ,

You are hijacking a thread of which matter you should know better ; Whilst it is open , I will say that :-

Chrome version 12.0.742.100 is the latest Stable and Beta version of both the Browser and Chrome Frame . You do not give the "detected installation" pathway so I do not know which you have/had .

Version 13.0.782.24 is the latest Dev Channel version and Canary is flying high at version 14.0.794.0 ; the PSI only tracks and displays the "Stable" version(s) of any software , with rare exceptions , none of the others and you can only have (in the broad sense) one of Stable , Beata or Dev plus the bird per user account .

You can see latest versions here :-

http://googlechromereleases.blogspot.com/

Platform 13.x is not a replacement for platform 12.x - both are supported ; platform 12.x replaced 11.x - no longer supported - and the PSI will show it (11.x) as "EOL" and needs manual removal as would an "insecure" version of 12.x . You can find extra detail in my post to this thread :-

http://secunia.com/community/forum/thread/show/963...

The Dev installer should have removed it's Stable/Beta counterpart , but as you don't say exactly the pathway which the PSI displayed (to it) , who knows !! Changing a channel might need a reboot and full manual scan to register for both the Chrome installation and the PSI ; again your timeline is not too specific .

Take care

Anthony

PS : the PSI compares the latest meta data it finds to the "previous/last" scan data it holds on the Secunia servers , this can be subject to delays etc - depending also on settings - so that's why a new full manual scan works better - a reboot may be neede to ditch some old files ; at least it no longer scans the garbage .


--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
Midnight_Voice RE: Rescan Program doesn't work, if the program's installation directory is gone.
Member 17th Jun, 2011 01:36
Score: 42
Posts: 82
User Since: 1st Oct 2010
System Score: 96%
Location: UK
on 16th Jun, 2011 21:06, Anthony Wells wrote:
Hi ,

<snip>

@M_V ,

You are hijacking a thread of which matter you should know better ; Whilst it is open , I will say that :-

Chrome version 12.0.742.100 is the latest Stable and Beta version of both the Browser and Chrome Frame . You do not give the "detected installation" pathway so I do not know which you have/had .

Version 13.0.782.24 is the latest Dev Channel version and Canary is flying high at version 14.0.794.0 ; the PSI only tracks and displays the "Stable" version(s) of any software , with rare exceptions , none of the others and you can only have (in the broad sense) one of Stable , Beta or Dev plus the bird per user account .

You can see latest versions here :-

http://googlechromereleases.blogspot.com/

Platform 13.x is not a replacement for platform 12.x - both are supported ; platform 12.x replaced 11.x - no longer supported - and the PSI will show it (11.x) as "EOL" and needs manual removal as would an "insecure" version of 12.x . You can find extra detail in my post to this thread :-

http://secunia.com/community/forum/thread/show/963...

The Dev installer should have removed it's Stable/Beta counterpart , but as you don't say exactly the pathway which the PSI displayed (to it) , who knows !! Changing a channel might need a reboot and full manual scan to register for both the Chrome installation and the PSI ; again your timeline is not too specific .

Take care

Anthony

PS : the PSI compares the latest meta data it finds to the "previous/last" scan data it holds on the Secunia servers , this can be subject to delays etc - depending also on settings - so that's why a new full manual scan works better - a reboot may be needed to ditch some old files ; at least it no longer scans the garbage .


Hi Anthony

Firstly, apologies if I hijacked a thread; that was never my intention. In any forum, I always prefer to add to an existing thread, rather than start a new one which might be a duplicate.

And the central problem I had, the one where I thought PSI was being most heinously wrong, was that even after I had deleted the folder for 12.0.725.1 (I think that's what it was), PSI still kept referring to it as an out of date version.

And that is precisely the topic of this thread, and why I chose it to add to.

OTOH, there was more to my problem than that, and I don't believe in telling only half the story, so I described the rest of it here, rather than elsewhere.

Do you see my dilemma, and so why I posted as I did, and where I did?

But suggestions how to do it better in future (new thread with a back-reference to the original, etc.) welcomed for the future.

And I now see what the issue is with Google Chrome, sort of, and it is indeed a bit different.

But I'm very confused, even though I have carefully read the other thread you mention, and followed the blogspot URL :-(

I never chose any 'Channel' for Google Chrome; I just update it when FileHippo tells me there's a new version. And FileHippo has only ever offered me 'Betas' - never a Stable version, and it has never explained that the Betas it has been offering me are actually Dev versions.

So; is there something in Google Chrome that knows what 'Channel' I'm in that affects what FileHippo shows me, or is FileHippo at fault here, do we think? I've emailed them on this, but had no reply.

As regards PSI not showing Chrome Betas, 12.0.725.1 was offered to me as a Beta by FileHippo (though it may well have been a Dev at the time), and AFAIK has never been a Stable, but PSI still showed it to me; go figure.

I suspect that when there is a Stable 12, PSI will then see earlier 12s. I can't recall if I've seen this Chrome in the PSI display; I think so, but I can't be sure.

But the main thing I am taking away from what you have said is that 'Rescan' only fits where it touches, and if it works, it's bonus; if not, a full scan is needed (and that can take an hour on this laptop!)

The other thing I'm taking away is that earlier threads have indicated that a 13 won't remove a 12 (contrary, I think, to what you say above), and this is indeed what I saw happen here. Though there were only the two Chrome folders on the machine, so something (not me) has been removing older ones. Unless Chrome has been 12 for quite a while?

You can have your thread back now :-)

M_V
,

--
A computer program can do anything the user doesn't know is impossible for it to do.

XP Home 32-bit - Compaq Presario V2000 Celeron 1.4GHz
Vista Ultimate 32-bit - Toshiba Equium A100 Centrino Duo 1.7GHz
Windows 7 Ultimate 64-bit - Dell Studio XPS 1645 Core i7-720 Quad 1.6-2.4GHz
(Also running Windows XP Mode 32-bit)
Was this reply relevant?
+0
-0
Anthony Wells RE: Rescan Program doesn't work, if the program's installation directory is gone.
Expert Contributor 17th Jun, 2011 14:07
Score: 2371
Posts: 3,277
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello M_V ,

It's not actually my thread , it's Michael's . As for "tag-on" posts , they can be (very) helpful if they add to the answer - as in the C++ thread - equally they can ask for extra help/info that moves away from the original question , as here . In general , if in doubt start your own thread ; that will allow a helper to airily point you to an existing thread . You can then explain that it doesn't answer all your points , etc .

While Michael allows , I can add the following :-

My PS in my earlier post may be better understood as that the GUI you are looking at in the PSI is showing you the scan results of your last full scan +/- noted changes and as kept on Secunia's servers ; depending on your PSI settings you may get pop ups from the tray icon showing real time changes on your computer as programmes are updated or whatever . The timing of the PSI's reaction to a change may or may not be influenced using the individual programme's "Rescan" option and can take minutes or hours sometimes days (see below) .

In some cases , for example , Adobe Acrobat/Reader and Chrome browser , then there can be considerable delays (several days even) before Support update the detection rules ; in such cases even a full manual scan may not detect any change and "anxious" threads abound . This problem regularly occurs with the Chrome browser's detection at platform change and when Stable and Beta versions overlap . As I said , it is widely debated in various threads which I tried to summarise recently in the thread I linked you to . If you need more understanding look here :-

http://secunia.com/community/forum/?forum=2&vendor...

FileHippo has never in recent history been able to differentiate between Chrome version and channels and I (personally) think it is to be avoided for all things Chrome , as it causes considerable confusion ; you really should know which channel you choose and why before you download(ed) a critical piece of software ; I suggest you read right through this :-

http://www.chromium.org/getting-involved/dev-chann...

Click the "spanner" icon on the top right of any Chrome tab and select "About Google Chrome" ; in the splash window you will see top left your version number and channel . Chrome "auto silent updates" you , if it is late you can check for updates and be advised of progress along the bottom of the window .

An internal/silent update always leaves the last/older version behind and removes the earlier one and when going from 12.x to 13.x and today Chrome Dev is at 14.x like the Canary , then the same rules apply . Running a full installer from Google or Filehippo should remove all previous/older channels , versions , etc (like my summary says - supposedly :)) .

Thank you Michael .

Anthony



--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability