Jump to content

Detect user install new application


Recommended Posts

Dear Team,

I'm looking the rule to dectect user install new application or user install exe, msi file....

please give me an advice on this situation.

Link to comment
Share on other sites

If you have the application details such as Signature, executable name etc. you can create a rule base on this information.

Do you have a specific application in mind you want to detect with a rule?

Link to comment
Share on other sites

On 1/21/2022 at 6:05 AM, Ted Join said:

@Jamil-soc I have the same question, how we can detect if user install the application name "UltraViewer_setup_6.5_vi.exe" 

Here you go, a rule to detect UltraViewer:

        <definition>
            <process>
                <operator type="or">
                    <operator type="AND">
                        <condition component="FileItem" property="Extension" condition="is" value="exe" />
                        <condition component="Module" property="SignerName" condition="contains" value="DUC FABULOUS CO.,LTD" />
                    </operator>
                    <operator type="and">
                        <condition component="FileItem" property="Extension" condition="is" value="exe" />
                        <operator type="or">
                            <condition component="Module" property="InternalName" condition="starts" value="UltraViewer" />
                            <condition component="Module" property="OriginalFileName" condition="starts" value="UltraViewer" />
                            <condition component="Module" property="CompanyName" condition="starts" value="DucFabulous" />
                            <condition component="Module" property="ProductName" condition="starts" value="UltraViewer" />
                        </operator>
                    </operator>
                </operator>
            </process>
        </definition>

 

Edited by Jamil-soc
Link to comment
Share on other sites

  • 4 weeks later...

maybe helpfull:

i'm doing this over the eset protect console with report template which can be shown on the Dasboard:

> Reports > And then add:

Table Columns
Installed software . Application name
Installed software . Time of occurrence
Installed software . Application vendor
Computer . Computer name
Computer . Computer description
...

And Sort by
Installed software . Time of occurrence  OR >  just sort by application name

- So I can see all Software which has got installed on Clients.

Link to comment
Share on other sites

  • 3 weeks later...
On 2/16/2022 at 10:05 PM, schuetzdentalCB said:

maybe helpfull:

i'm doing this over the eset protect console with report template which can be shown on the Dasboard:

> Reports > And then add:

Table Columns
Installed software . Application name
Installed software . Time of occurrence
Installed software . Application vendor
Computer . Computer name
Computer . Computer description
...

And Sort by
Installed software . Time of occurrence  OR >  just sort by application name

- So I can see all Software which has got installed on Clients.

This is indeed also useful, but only  assuming that the application is installed on the system. Note that most remote access tools also has a potable version that does not require installation. This report template won't work for those processes :)

Link to comment
Share on other sites

  • 3 weeks later...
On 3/10/2022 at 8:44 PM, Jamil-soc said:

This is indeed also useful, but only  assuming that the application is installed on the system. Note that most remote access tools also has a potable version that does not require installation. This report template won't work for those processes :)

absolutely right - i'm only using it for checking installs from helpdesk team or to check software/versions which we are using in the company.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...