CKs 0 Posted January 13, 2022 Share Posted January 13, 2022 Dear Team, I'm looking the rule to dectect user install new application or user install exe, msi file.... please give me an advice on this situation. Link to comment Share on other sites More sharing options...
Jamil-soc 4 Posted January 18, 2022 Share Posted January 18, 2022 If you have the application details such as Signature, executable name etc. you can create a rule base on this information. Do you have a specific application in mind you want to detect with a rule? Link to comment Share on other sites More sharing options...
Ted Join 0 Posted January 21, 2022 Share Posted January 21, 2022 @Jamil-soc I have the same question, how we can detect if user install the application name "UltraViewer_setup_6.5_vi.exe" Link to comment Share on other sites More sharing options...
Jamil-soc 4 Posted January 22, 2022 Share Posted January 22, 2022 (edited) On 1/21/2022 at 6:05 AM, Ted Join said: @Jamil-soc I have the same question, how we can detect if user install the application name "UltraViewer_setup_6.5_vi.exe" Here you go, a rule to detect UltraViewer: <definition> <process> <operator type="or"> <operator type="AND"> <condition component="FileItem" property="Extension" condition="is" value="exe" /> <condition component="Module" property="SignerName" condition="contains" value="DUC FABULOUS CO.,LTD" /> </operator> <operator type="and"> <condition component="FileItem" property="Extension" condition="is" value="exe" /> <operator type="or"> <condition component="Module" property="InternalName" condition="starts" value="UltraViewer" /> <condition component="Module" property="OriginalFileName" condition="starts" value="UltraViewer" /> <condition component="Module" property="CompanyName" condition="starts" value="DucFabulous" /> <condition component="Module" property="ProductName" condition="starts" value="UltraViewer" /> </operator> </operator> </operator> </process> </definition> Edited January 24, 2022 by Jamil-soc MichalJ 1 Link to comment Share on other sites More sharing options...
schuetzdentalCB 8 Posted February 16, 2022 Share Posted February 16, 2022 maybe helpfull: i'm doing this over the eset protect console with report template which can be shown on the Dasboard: > Reports > And then add: Table Columns Installed software . Application name Installed software . Time of occurrence Installed software . Application vendor Computer . Computer name Computer . Computer description ... And Sort by Installed software . Time of occurrence OR > just sort by application name - So I can see all Software which has got installed on Clients. Link to comment Share on other sites More sharing options...
Jamil-soc 4 Posted March 10, 2022 Share Posted March 10, 2022 On 2/16/2022 at 10:05 PM, schuetzdentalCB said: maybe helpfull: i'm doing this over the eset protect console with report template which can be shown on the Dasboard: > Reports > And then add: Table Columns Installed software . Application name Installed software . Time of occurrence Installed software . Application vendor Computer . Computer name Computer . Computer description ... And Sort by Installed software . Time of occurrence OR > just sort by application name - So I can see all Software which has got installed on Clients. This is indeed also useful, but only assuming that the application is installed on the system. Note that most remote access tools also has a potable version that does not require installation. This report template won't work for those processes Link to comment Share on other sites More sharing options...
schuetzdentalCB 8 Posted April 1, 2022 Share Posted April 1, 2022 On 3/10/2022 at 8:44 PM, Jamil-soc said: This is indeed also useful, but only assuming that the application is installed on the system. Note that most remote access tools also has a potable version that does not require installation. This report template won't work for those processes absolutely right - i'm only using it for checking installs from helpdesk team or to check software/versions which we are using in the company. Link to comment Share on other sites More sharing options...
Recommended Posts