Secunia CSI7
Products
Solutions
Customers
Partner
Resources
Company
Careers
Community

Frequently Asked Questions

Secunia Corporate Software Inspector (CSI) 5.0

Answers to all Frequently Asked Questions for the CSI patch management software.

    General
    Evaluation
    Installation & Installation Requirements
    Scanning
    Reporting
    Technical - General
    Technical - WSUS / GPO / Certificates / Miscellaneous
    General
  1. What is the Secunia CSI?

    The Secunia Corporate Software Inspector (CSI) is an authenticated internal vulnerability scanner, capable of assessing the security state of practically all programs that run on Microsoft Windows PC's and enabling you to fix the vulnerabilities before they are actively exploited.

  2. What is vulnerability scanning?

    A vulnerability scanner is a computer program designed to scan for vulnerabilities that are present within your network.

  3. How long has Secunia and the Secunia CSI been serving the market?

    Secunia was founded in 2002 by its current principals. Secunia is a privately held, financially strong, and profitable company with a strong track record. Today the Secunia community includes leading security experts, system and network administrators, and our own website is visited by more than 5 million unique visitors annually. The Secunia CSI has been a leading vulnerability scanner for the Windows environment since the beginning of 2008.

  4. Is the Secunia CSI a software solution or an appliance?

    The Secunia CSI is a software that has appliance functionality if needed. The agent can be installed in an appliance mode and do remote scans of hosts.

  5. My company already uses firewalls and IDS (intrusion detection systems). Why do I need a vulnerability scanner?

    The Secunia CSI is a proactive solution that can be used in addition to firewalls, IDS and other network security systems. It will help you secure and monitor your network against new threats that otherwise are not monitored.

  6. Is the Secunia CSI using remote or agent-based scans?

    The Secunia CSI can be designed to use either remote scans or agent based scans.

  7. How often are signatures updated?

    The Secunia CSI file signatures is updated and maintained on a daily base.

  8. Is your product CVE compatible?

    Yes. In each advisory presented within the Secunia CSI there will always be a link to the CVE reference.

  9. What type of company is typically in need of the Secunia CSI?

    The Secunia CSI is used across multiple segments, including the Fortune 1000, small to medium businesses, consultants and managed service providers. Regardless of the environment, the scaleable, secure end-to-end solution is unchanged.

  10. What is SPS?

    SPS stands for Secunia Package System and offers increased scope and flexibility in terms of patching and configuring hosts. Customise the language options of packages and thereby patch in multiple languages, or remotely uninstall applications, among many other things.

  11. How can I use the agent to scan my Mac OS X hosts?
  12. Download the agent from with in your Secunia CSI console (available from the 'Download Agent' -menu).

    The Secunia CSI Agent is a small, simple, customisable, and extremely powerful CSI scan engine, that offers a fully featured command line interface (CLI) to the CSI scanning functionality. This allows you to run CSI scans directly on the command line or to embed the Agent in a customised script. Write "./csia.exe -h" for a full list of arguments supported by the CSI Agent

    The most common way to use the agent is in Single Host Mode, you'll need root access to install is successfully.

    Single Host Mode (Install the agent as a local service): ./csia.exe -i -L

    Read more about the agent and other options how to use the agent in the Setup and usage guide.

    NOTE: The "csia.exe" file is a customised executable, unique and private for your account. This means that the CSI Agent automatically links scans to your Secunia CSI account, without you performing any extra actions.

  13. How can I scan App-V applications on my hosts?
  14. By first installing Microsoft Application Virtualization SFT View (http://www.microsoft.com/download/en/details.aspx?id=8897) on the selected host, the Secunia CSI is able to scan the hosts for vulnerabilities in your App-V applications.

  15. Can I create reports for my entire Secunia CSI environment?
  16. By configuring Users and Sub-Users under reporting you are able to create reports for your entire CSI environment.

  17. How can I change the configuration of my connected Secunia PSI hosts in Secunia CSI?
  18. In Secunia PSI Integration you can change auto-update configuration, check-in, scan frequency and also be able to approve updates.

  19. How does SPS work?
  20. By default SPS will execute a selected patch (.exe, .msi or .msp) with silent parameters but you are also able to create your own customized SPS package with multiple files in JavaScript and VBScript or download an already created SPS package from our Community.

  21. How do I delete outdated and duplicate hosts?
  22. By creating a Rule under Database Cleanup you are able to delete hosts that have not been active for a specific amount of days, weeks or months.

  23. Why do I sometimes get Partial scan status in my completed scans?
  24. The Secunia CSI scans consists of 2 parts; the first part is 3rd party applications that the Secunia CSI scans for, the second part is Microsoft patching status that the Secunia CSI gets from the Windows Update Agent (WUA) if this part is not successful you'll get a Partial scan result.

 

    Evaluation
  1. Is it possible to evaluate the Secunia CSI?

    If you wish to evaluate the Secunia CSI, please complete and submit the appropriate form, available by clicking on Request a free trial of the Secunia CSI in the product page.

  2. How do I contact Secunia Customer Support Center?

    Please login to the product and go to Support/Contact Information to find the details.

 

    Installation & Installation Requirements
  1. What are the minimum system requirements for running the Secunia CSI?

    Those can be found here.

  2. On what operating systems does the Secunia CSI run?

    The Secunia CSI supports the following OS: Microsoft Windows XP, 2003, 2008, Vista, and Windows 7.

  3. Does the Secunia CSI run on VMWare?

    Yes.

  4. How do I install the Secunia CSI on Windows?

    Once the Secunia CSI download has completed, start the installer and then start the product. Provide your user name and password that was given by your Secunia representative. When the installation is complete you can start configuring your scans.

  5. How long does a typical scan take?

    Depending on hardware and size of the local disk it varies but usually between one to three minutes if using scan type 2 (all local paths).

  6. How does the Secunia CSI ensure efficient bandwidth utilization?

    The Secunia CSI is a light weight non intrusive scanner that has been optimised to give minimum footprint on network utilisation. With guidance from a Secunia Solution Specialist each customer will be trained in how to optimise the scan process according to their network design and capability.

  7. What ports must be open in my firewalls for the Secunia CSI to function?

    Read the system requirements: http://secunia.com/vulnerability_scanning/corporate/system_requirements/

  8. How do I get the Secunia CSI to start automatically on Windows?

    The Secunia CSI is already configured to start automatically.

  9. How can I check to see if the Secunia CSI license is valid?

    Place the mouse over the username in the bottom of the Secunia CSI user interface.

  10. How do I obtain a new license?

    By contacting your Secunia representative.

  11. Can I use the Secunia CSI if I have an IDS/IPS?

    The Secunia CSI is compatible with any type of security software.

  12. Can I use the Secunia CSI if I have a firewall?

    The Secunia CSI is compatible with any type of security software.

  13. How do I know if the Secunia CSI is using the most recent signature files when conducting a scan?

    An update of the signature files is always conducted as soon as the Secunia CSI starts a scan. If there is a error in fetching the latest signature files you will be prompted with information about this.

 

    Scanning
  1. What types of programs does the Secunia CSI analyze during a scan?

    The Secunia CSI scans for third party applications and Microsoft software to the Windows and Mac OS X platforms. Scaninng Mac OS X is available through agent based scanning (single host agent).

  2. How can I use the agent to scan my hosts ?

    Download the agent from with in your Secunia CSI console (availble from the 'Download Agent' -menu).
    The Secunia CSI Agent is a small, simple, customisable, and extremely powerful CSI scan engine, that offers a fully featured command line interface (CLI) to the CSI scanning functionality. This allows you to run CSI scans directly on the command line or to embed the Agent in a customised script. Write "csia.exe -h" for a full list of arguments supported by the CSI Agent

    The most common way to use the agent is in Single Host Mode.
    Single Host Mode (Install the agent as a local service): csia.exe -i -L

    Read more about the agent and other options how to use the agent in the Setup and usage guide.

    NOTE: The "csia.exe" file is a customised executable, unique and private for your account. This means that the CSI Agent automatically links scans to your Secunia CSI account, without you performing any extra actions.

  3. Will CSI scan external devices?

    Only local hard drives will be scanned for software vulnerabilities.

  4. How many different types of software does the Secunia CSI detect?

    The Secunia CSI is updated with new supported, detected, and analyzed vendors on a daily basis. The file signature database consist of more then 3000 vendors.

  5. How does the Secunia CSI handle false positives and false negatives?

    Since the scan process works by looking at the actual files on the system scanned, the result is extremely reliable as a program obviously cannot be installed on a system without the actual files being present. This in turn means that the Secunia CSI rarely identifies false-positives and thus the result from the Secunia CSI can be used immediately without doing additional data/results mining.

  6. Does the Secunia CSI require credentials to scan a target network?

    All scans that is conducted is done using credentials that has local admin right to the target machine.

 

    Reporting
  1. What types of vulnerability reports are available?

    You can generate Administrative report, Software report or Host level report. Each report will have detailed information about the security level and provide you with verified and accurate intelligence.

  2. Can users receive email alerts of changes in the scan result?

    Yes. Selected personnel can be added to receive a change summary that shows the changes in the network on a daily or weekly basis.

  3. What report file formats can the Secunia CSI generate?

    The Secunia CSI can generate PDF reports, however it is possible to extract custom made reports from the Secunia CSI. See: Is it possible to extract custom made reports from Secunia CSI?

  4. How does the rating map to CVSS?

    The Secunia CSI builds the criticality rating on the CVSS version 2 scoring algorithms.

  5. What do the different severity levels in the Secunia CSI mean?
    • Extremely Critical (5 of 5)
      Typically used for remotely exploitable vulnerabilities that can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild.
      These vulnerabilities can exist in services like FTP, HTTP, and SMTP or in certain client systems like email programs or browsers.
    • Highly Critical (4 of 5)
      Typically used for remotely exploitable vulnerabilities that can lead to system compromise. Successful exploitation does not normally require any interaction but there are no known exploits available at the time of disclosure. Such vulnerabilities can exist in services like FTP, HTTP, and SMTP or in client systems like email programs or browsers.
    • Moderately Critical (3 of 5)
      Typically used for remotely exploitable Denial of Service vulnerabilities against services like FTP, HTTP, and SMTP, and for vulnerabilities that allow system compromises but require user interaction. This rating is also used for vulnerabilities allowing system compromise on LANs in services like SMB, RPC, NFS, LPD and similar services that are not intended for use over the Internet.
    • Less Critical (2 of 5)
      Typically used for cross-site scripting vulnerabilities and privilege escalation vulnerabilities. This rating is also used for vulnerabilities allowing exposure of sensitive data to local users.
    • Not Critical (1 of 5)
      Typically used for very limited privilege escalation vulnerabilities and locally exploitable Denial of Service vulnerabilities. This rating is also used for non-sensitive system information disclosure vulnerabilities (e.g. remote disclosure of installation path of applications).
  6. Is it possible to extract custom made reports from Secunia CSI?

    The Secunia CSI 5.x features a new Local Database Console that allows you to run SQL queries against the local database.

    You can easily access all the information that is currently stored in the local database of the Secunia CSI and use it in many different ways, such as creating custom reports or feeding it into other applications.

    Go to Administration->Secunia CSI API->Local Database Console, right click in a table name to see the data being hold in that table. Type the SQL query under “SQLite Query” window and press “Run”.

    Use the “Export to…” to export the data into the Clipboard or into a .CSV file.

    The local database is in SQLite, and alternatively you can also download a free SQLite console from SQLite.org (or use your favourite sqlite tool).

    This allows you to connect to the actual database file and run queries directly against the results.

    After downloading the console, you need to locate the database file. The database file is placed in the %APPDATA%\Secunia CSI folder of the user running the CSI. The largest file with a random name in this folder should be your local database.

    The following scenario is just one example how to use the local database of Secunia CSI, but can of course be customised to meet other needs.

    First download and unzip the 'sqlite' console from sqlite.org
    If 'sqlite3.exe' is placed on your desktop, the following command should work on a Windows XP system.

    • 1) Open a command console and go to your Desktop folder.
    • 2) Run this command (the sql for query.txt is below):
      sqlite3.exe -header -csv "..\Application Data\Secunia CSI\SqliteLocaldbFile" < query.txt > output.txt
    • 3) 'output.txt' should now contain the CSV content

    Sql for query.txt (Save this content in a file called query.txt in the same directory as sqlite3.exe)

    SELECT host AS Host, langroup as 'Group', product_name as Program, version as Version, path as Path, CASE WHEN eol > 0 THEN 'End-of-Life' ELSE ( CASE WHEN secure = 0 THEN 'Insecure' ELSE 'Patched' END) END AS 'State', 'SA' || vuln_id AS 'SAID', vuln_criticality as Criticality, vuln_create_date as 'SA Issued', vuln_count as Vulnerabilities FROM nsi_devices, nsi_device_software WHERE nsi_devices.nsi_device_id = nsi_device_software.nsi_device_id ORDER BY product_name, path;

 

    Technical - General
  1. How can the Secunia CSI be used to allow scans of customer’s internal networks?
    Using the Secunia CSI you have access to four different scan approaches:
    • On Demand Scanning
      From the CSI GUI you can easily create scan groups manually. The groups can then be configured to do scans based on IP-range, IP- network or Host-name.
    • CSI Agent – Single Mode
      The Secunia CSI Agent is a standalone executable file that can run as a local service. The agent can be configured to scan the system at regular intervals.
    • CSI Agent – Command Line Mode
      The Secunia CSI Agent is a standalone executable file that can run as a command line program trough login scripts.
    • CSI Agent - Network Appliance Mode
      If you prefer not to install agents locally on each PC or use login scripts you can use the agent in Appliance Mode. This enables you to schedule scans from the Appliance Mode agent to selected networks. The scan groups base their scans on IP-range, IP-network or Host-name. All administration will be conducted from the Secunia CSI GUI.
  2. Does the Secunia CSI provide assistance with fixing vulnerabilities?

    Yes. The Secunia CSI 5.x is designed to integrate with Microsoft WSUS/SCCM to deploy security patches that were found missing from the scan results. Through this integration the Secunia CSI 5.x allows network administrators to easily handle the entire vulnerability management life cycle.

  3. Can the Secunia CSI be used to scan removable/network drives?

    No. The Secunia CSI does not scan removable or network drives, such as - USB sticks or other type of removable drives.

  4. How many systems can I scan with the Secunia CSI?

    The number of systems that can be scanned by the Secunia CSI is dependent on the license that you have purchased from Secunia. If you reach your license limit, deleting old systems from the Secunia CSI will release the corresponding number of licenses. If you need additional licenses, please contact your Secunia Sales Representative.

  5. Does the Secunia CSI allow concurrent sessions from the same account?

    Although login of concurrent sessions is possible, the Secunia CSI is designed to allow only one session per account. If a concurrent session from the same account is verified, the Secunia CSI will redirect the user to the account information section.
    If you wish to have several Secunia CSI accounts, please ask your Secunia Sales Representative about the Secunia CSI User Management add-on.

  6. After creating a scan group and placing that group in the queue to be scanned, the Secunia CSI is not able reach the target systems. How can I troubleshoot it?

    It should be taken into consideration that in order to perform remote scans, the target systems must have the right services and ports enabled. Please refer to the system requirements for Agent-less scans.

  7. I would like to re-install the Secunia CSI Graphical User Interface. Where can I find the Installer?

    The Secunia CSI Graphical User Interface can be downloaded from the Secunia website.

  8. I need to reset my Secunia CSI login credentials. How can I do it?

    Please contact the Secunia Customer Support Center at csc@secunia.com.

  9. Which systems can the Secunia CSI scan?

    The Secunia CSI 5.x is capable to scan both Windows and Mac OS X systems.

  10. The Secunia CSI is not detecting some of the software that I am sure is installed. How can I request new software to be added to the Secunia CSI?

    By using the Suggest Software feature available on your Secunia CSI, you can easily request Secunia to start monitoring the missing software. Requests from our customers are highly appreciated and will be promptly addressed.

  11. After launching the Secunia CSI, the solution stalls when checking for network connectivity. How can I troubleshoot it?

    In the Internet Options (Control Panel or under Internet Explorer/Tools), verify that https://csi5.secunia.com is present in the Trusted sites. If not, please add it.

    If your network connection passes through a proxy that needs authentication, please open a command prompt window, go to the path where the Secunia CSI is installed, and launch Secunia CSI with the following command:
    csi.exe -x proxy:port
    If you also need to specify the proxy authentication, launch Secunia CSI with the following command:
    csi.exe -x proxy:port -U username:password

    In order to get a more verbose error message, start Secunia CSI from the command prompt with logging options.
    csi.exe -d debugfile.txt -v
    the logging can also be combined with other options, like this:
    csi.exe -x proxy:port -U username:password -d debugfile.txt -v

  12. Is the communication between the Secunia CSI Agent/Graphical User Interface and Secunia encrypted?

    Yes. All the communication between the Secunia CSI Agent or the Secuina CSI Graphical User Interface and Secunia is made through port 443, and by using SSL protocol with 256 bit encryption.

  13. Why is Windows Update necessary to the Secunia CSI?

    The Secunia CSI is designed to use the built-in Windows Update Agent so that it can check for missing patches from Microsoft. If you have a WSUS server in your network, the Secunia CSI will adapt and retrieve the OS results based on the internal WSUS.

  14. I would like to login to the Secunia CSI with different credentials. How can I set the Secunia CSI to prompt me again for username and password?

    In the Secunia CSI 5.x go to Configuration->Maintenance->Permanent Logout and press the button Logout.

  15. Do I need a server to install and run the Secunia CSI?

    No. Due to its lightweight design, the Secunia CSI is able to run in the most common Windows systems. For more detailed information, please refer to the system requirements for running the Secunia CSI Centralised Dashboard.

  16. I cannot find help in this FAQ. How can I contact Secunia support?

    Please login to the Secunia CSI and go to Support -> Contact Information to reach the Secunia Customer Support Center.

 

    Technical - WSUS / GPO / Certificates / Miscellaneous
  1. How do I connect the Secunia CSI to the WSUS?

    In the Secunia CSI user interface go to: Patch/Configuration, enter the WSUS server name and port. Then press save and connect. If it is the first time you connect, a wizard will guide you through the steps needed to create certificates and the GPO settings that enable deployment of 3rd party patches.

  2. Where can I find more information about WSUS?

    http://technet.microsoft.com/en-us/wsus

  3. What are the system requirements for using the Secunia CSI together with the WSUS?

    A WSUS server needs to be installed on the network. The following requirements need to be in place on the computer that is running the Secunia CSI User Interface:

    • WSUS installer (administration console only)
    • Visual C runtime
    • Microsoft .NET runtime V2.0 SP2
  4. Is WSUS free?

    Yes, WSUS is a no-cost download from Microsoft. However, you must have a valid Windows Server 2003 or 2008 license for the WSUS server itself, as well as Windows Client Access Licenses (CALs) for each machine updated by WSUS. Be sure to discuss your unique licensing needs with a Microsoft Partner or your Microsoft Account Representative.

  5. How do I force the Windows Update Agent to detect and download approved updates from a WSUS Server?

    Run this command from a command prompt:
    wuauclt /detectnow

  6. What GPO settings need to be configured in order to deploy 3rd party applications using the Secunia CSI?

    A Secunia CSI wizard will automatically implement the GPO settings, including certificate distribution necessary to deploy 3rd party applications. Go to the Secunia CSI/Patch/Configuration to enable the wizard.

    If you want to do this manually the settings needed is the following:

    Enable and Set the following values in: Policies/Administrative Templates/Windows Components/Windows Update
    • Specify intranet Microsoft update service location (Your WSUS location)
    • Allow signed updates from an intranet Microsoft update service location
    The 'WSUS Publishers Self-signed' -certificate should be copied to:
    • Policies/Windows Settings/Security Settings/Public Key Policies/Trusted Root Certificate Authorities
    • Policies/Windows Settings/Security Settings/Public Key Policies/Trusted Publishers

    IMPORTANT! On Windows Vista, 7, 2008 you must run Secunia CSI as an administrator (right-click and select “Run as administrator”) when pushing out the certificates.

  7. How do I deploy the certificates to specific Hosts in the domain NOT using GPO?

    In the Secunia CSI menu, go to Patch>Deployment>right-click one or several hosts, and select “Verify and Install Certificate”.

    IMPORTANT! On Windows Vista, 7, 2008 you must run the Secunia CSI as an administrator (right-click and select “Run as administrator”) when pushing out the certificates.

  8. How do I export and install the certificates manually alt Import and create my own GPO?

    If you do not want to use the Secunia CSI wizard, you can export the Certificate from the WSUS Server and import it to the target hosts either manually or through a GPO.

    1. Export the certificate To manually copy the certificate, please do the following:

      On the computer where the certificate is to be installed go to: Start→ run type in mmc and hit enter.

      Go to:
      File/AddRemove Snap-in → Add →Certificates → Add →Computer Account →Next →Another computer
      Type the name of the WSUS Server in the text box and click Finish

      Close the “Add Standalone Snap-in” dialog box. Now you have a link to certificate stores in the mmc UI. The one referring to the WSUS Server will have a “WSUS” certificate store in its root. Select that and click the certificate on it.

      Right click the “WSUS Publishers Self-signed” certificate and select: All Tasks → Export
      Choose all the defaults in the “Certificate Export Wizard” and save the file somewhere on your local file system.
    2. Certificate distribution - using GPO
      The “WSUS Publishers Self-signed“ -certificate must be copied to “Trusted Publishers” and “Trusted Root Certification Authorities” on each client computer that will receive packages from the WSUS Server.

      See the following guide how to copy the certificate using GPO.
      http://technet.microsoft.com/en-us/library/cc782744
      Repeat the same steps to import the certificate to “Trusted Publishers”
    3. Certificate distribution - Manually.
      If you do not want to use GPO to distribute the certificate, you can manually copy the certificate from the WSUS server to the local computer. This require local admin rights.

      On the computer where the certificate will be installed go to: Start→ run type in mmc and hit enter.

      Go to:
      File/AddRemove Snap-in → Add →Certificates → Add →Computer Account →Next → Local computer and click Finish Close the “Add Standalone Snap-in” dialog box.

      Right-click respective folder for “Trusted Root Certification Authorities” and “Trusted Publishers” and import the certificate that you exported in the previously step. All Tasks → Import
      Locate the file you created in step 1. and choose the default options through the “Certificate Import Wizard”.
      This procedure must be repeated on each computer that will create and publish packages, as well as on each computer that should install the packages.

    If you cannot find “Trusted Publishers” on the Windows 2003 server. please do the following:

    1. Open “Group Policy Manager” Under Computer Configuration – Windows Settings – Software Restriction Policies
    2. Right click and create a new SR policy if you haven’t got one already
    3. Under Additional rules, right click and create new “Certificate rule”.
    4. Click browse and select the exported certificate that is being used to sign the updates (.cer file) Change the “Security Level” to Unrestricted otherwise you will stop the computers running any programs!
    5. Exit out of the windows and that should be all.
  9. How to fix the error - Unable to verify and install the certificate to the hosts?

    By default the Remote Registry Service is turned off in Windows Vista and Windows 7. Make sure the Remote Registry Service is started. This can also be done using GPO.

  10. How to handle the error 12045 when I try to install the Secunia CSI?

    Install the latest Microsoft Update for Root Certificates (KB931125)available in here: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=19c4ae49-1127-4537-9e91-35f81d20bce6
    Run the Secunia CSI after installation (you may need to reboot you PC after the installation).

  11. How to address the error - the plugin “clrplugin.dll” could not be loaded?

    1. Make sure you run the Secunia CSI as an administrator (right click select 'Run as administrator')
    2. Make sure the WSUS installer (administration console only) is installed http://www.microsoft.com/downloads/details.aspx?FamilyId=a206ae20-2695-436c-9578-3403a7d46e40&displaylg=en

  12. How to address error 0x800B0109, also known as “I have verified everything, it still does not work”?
    Miscellaneous errors from the c:\Windows\WindowsUpdate.log:
    -WARNING: Download failed, error = 0x800B0109
    -WARNING: Digital Signatures on file C:\WINDOWS\SoftwareDistribution \Download\1234 are not trusted: Error 0x800b0109

    Verify the GPO setting 'Windows Updates/Allow signed updates from an intranet Microsoft update service location' is enabled. In addition, also verify the following on the local host:

    Check the registry on the client computer:
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
    Check that the key AcceptTrustedPublisherCerts is set to 1 (if not,change it to 1)
    Perform these commands, and try again.
    Net stop wuauserv
    Net start wuauserv
    wuauclt /detectnow
    wuauclt /updatenow

  13. What to do when I get prompted with an error message “Invalid Path”, and that I need to add https://csi5.secunia.com to trusted sitest?

    Add https://csi5.secunia.com to trusted sites in (Internet Options>Security>Trusted sites). On Windows 7, Vista, 2008 you need to run Internet Explorer as an administrator (Right click and select Run as administrator), then go to Tools>Internet Options>Security>Trusted sites and add https://csi5.secunia.com

  14. I am running the Secunia CSI on Windows 2003/2008 server, and I can not download the agent-file, csia.exe even though I have added https://csi5.secunia.com to trusted sites. What to do?

    Make sure encrypted pages may be saved on disk.
    Internet Options → Advanced → Scroll to Security → Uncheck 'Do not save encrypted pages to disk'.

  15. How to address problems when trying to print/download/save .PDFreports?

    If you cannot print then please verify that:

  16. What to do when I get a script debugging error while running the Secunia CSI?

    Go to Internet Options → Advanced → Browsing → Check the check box that corresponds to Disable script Debugging (Internet Explorer) and Disable Script Debugging (Other).

  17. Is it possible to run the Secunia CSI in debug mode?

    Login and go to Configuration/Settings and check the checkbox 'Enable logging'. If you want to start the Secunia CSI in debug-mode, start it from the command prompt with the following command:
    csi.exe -d debugfile.txt -v

  18. What to do when I see unexpected behavior while creating packages?

    Make sure the WSUS server and the WSUS administrative console have the same version, or at least match so there is no conflict.

  19. How about the installed programs language options? Could it cause any issues for the Secunia CSI if am using a finnish version from Adobe, for exanple?

    The Secunia CSI does not recognize what language version that is installed. In cases where the Vendor provides different installations based on the language we link to the main download page so that the customer can choose for themselves what language they are using.

  20. What to do when the integrity check fails while starting the Secunia CSI setup file?

    Make sure that you downloaded the CSI Setup file and stored it locally on your system before installing it. If it still gives you this error message, then clear the "Temporary Internet" files for your browser, download the setup file again, and restart the installation process.

  21. I have installed the CSI Agent on a Windows 64 bit system and apparently this doesn't work. What can I do?

    The Secunia CSI Agent service will not work when installed into %SystemRoot%\system32 on a 64 bit system. Although the agent may appear to be correctly installed, it will fail to start. Install the agent in a 32bit compliant directory, and the service will start properly.

  22. I want to install the agent in Network Appliance mode, but with a different account rather than the one currently logged in. How can I do this?

    Because the configuration is stored in the users HKEY_CURRENT_USER\Software\Secunia\csia and that registry hive is not available during the installation of the agent, the installation should be done with the runas.exe thus making sure the registry hive is loaded:
    runas /user:account@company.com "csia -A -i -R account@company.com"

  23. Can I connect to a replica WSUS server, or do I need to connect to the main WSUS server?

    You need to connect to the main WSUS server, however all replicant servers need to have the signing certificates.

  24. When creating a GPO to distribute certificates I'm not able to find "Trusted Publishers" in my server?

    To view the "Trusted publisher" folder do the following:

    • Open "Group Policy Manager"
    • Under Computer Configuration - Windows Settings - Software Restriction Policies
    • Right click and create a new SR policy if you haven't got one already
    • Under Additional rules right click and create new "Certificate rule"
    • Click browse and select the exported certificate that is being used to sign the updates (.cer file)
    • Change the "Security Level" to Unrestricted otherwise you will stop the computers running any programs!
    • Exit out of the windows and that should be all.
  25. Can we use our own signing certificate?

    Yes it is possible, use the "Import Signing Certificate" function in the Secunia CSI (Available under Patch/Configuration). Note that you need to set up the WSUS to use SSL connection.

  26. How can I view and manage the packages in the SCCM console ?

    If you're using Microsoft SCCM, the package created and published with the Secunia CSI will be available in your SCCM console, so it can be managed just like any other update. The package will be available under Computer Management/Software Updates/Update Repository/Security Updates/Vendor, also including the criticality of the vulnerability addressed by that specific update.




 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability