[Improvement idea] setuphelpers_windows function installed_users_softwares()

Questions about WAPT Packaging / Requests and help regarding Wapt packages.
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Locked
Welsh
Messages: 15
Registration: December 6, 2022 - 9:44 AM

March 16, 2023 - 10:07

Hello everyone,

First of all, congratulations on the product, which is truly excellent and life-changing. 👏😉
I wanted to give you a little feedback and a request for improvement of setuphelpers_windows.
A brief context:
It has happened several times (with or without wapt) that users did not have administrator rights to perform a software update.
And there are sneaky software programs like Firefox (maybe Thunderbird too?), Mattermost and others I can't remember, which don't block and continue to install directly into APPDATA\local.
With older Microsoft operating systems, the installation stopped there, but since Windows 10 (I think) the program appears in the "Add/Remove Programs" panel.
But the installed_softwares function doesn't retrieve it because it looks in the registry, the node

Code: Select all

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Uninstall
However, these malicious programs are "registered" directly in the node

Code: Select all

HKEY_CURRENT_USER\SOFTWARE\.... et donc pour chacun des users HKEY_USERS\monssid\SOFTWARE\...
Therefore, would it be wise to create a variation of the installed_softwares() function as installed_users_softwares() or to integrate the scanning of HKEY_USERS?
This would help us to have/restore an even cleaner park 😉
Thank you in advance for your feedback.

Good day.

Baptiste
- 1 WAPT 2.5.5.15602 Enterprise server (3000 workstations) + 1 WAPT 2.4.0.14058 Enterprise server (10000 workstations)
- WAPT server OS: Linux REHL 8.7
- Administration/package creation machine OS: Windows Server 2019 v1809
High
User avatar
dcardon
WAPT Expert
Messages: 1932
Registration: June 18, 2014 - 09:58
Location: Saint Sébastien sur Loire
Contact :
Contact dcardon

March 16, 2023 - 12:28

Hi Baptiste,

thanks for the enthusiastic feedback. :-)

Regarding installations in user directories, it's indeed a real pain! The most drastic option is to enable srp/applocker to block executable files, but that can be complicated in a school environment (complicated, but incredibly effective).

As for user hives, the problem is that they're only loaded when a user logs in. We can mount them on the fly as a localsystem account, but it can take some time if there are many user profiles on the machine. We do this for our domain migration/merge services, so it's possible, but I don't know if it's really the best choice for your needs.

Another option is to add a package with a session_setup() and an audit() function that analyzes the current session of the logged-in user and uninstalls the software in question.

The `session_setup()` function runs when the user's session starts, and the `audit()` function (a WAPT Enterprise feature) can be run regularly (with server-side reporting). `session_setup()` performs an initial cleanup, and the audit ensures its continued effectiveness.

A compromise for the `installed_users_softwares()` function could be to restrict its use to the `session_setup` or audit context if a user is already logged in.

Sincerely,

Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
High
Welsh
Messages: 15
Registration: December 6, 2022 - 9:44 AM

March 16, 2023 - 2:20 PM

Hi Denis,
thanks for your reply.
I do manage that with `session_setup()`, I just thought it was a shame not to have this clean functionality directly during package installation. 😉
It was a suggestion, just in case 😇, but I imagine it could be complicated to implement. 😅
Anyway, thanks for your consideration 😉
. Have a good day.
Baptiste
- 1 WAPT 2.5.5.15602 Enterprise server (3000 workstations) + 1 WAPT 2.4.0.14058 Enterprise server (10000 workstations)
- WAPT server OS: Linux REHL 8.7
- Administration/package creation machine OS: Windows Server 2019 v1809
High
Locked

Return to “WAPT Packages”


  • To go further with WAPT