Morning All, I've been wrestling with a problem with our installer for a couple of days. It is a Basic MSI project, and for every build we change the Package Code, leaving the product code and version untouched (thus making this a 'Small Update' in installer parlance, I believe).

The vulnerability scan performed by the network agent is reporting objects found in C: Windows Installer $PatchCache$. For example, here's one for Adobe Acrobat 9: C: Windows Installer $PatchCache$ Managed 68AB67CA0040 9.0.0 nppdf32.dll According to the referenced advisory ( ), this vulnerability affects Adobe Acrobat versions 9.4.6 and prior for Windows. We have Acrobat Pro 9.5.5 installed. The only detected instance of this vulnerability on the computers is under $PatchCache$. Is there any way to get to get KE to recognize that the computers actually do have a non-vulnerable version installed?

KES 10 MR1 Network Agent 10.1.249. Here is a screen shot showing the vulnerabilities listed for the computer I submitted the GIS for. The first 5 involve Adobe Acrobat. From what I see in the referenced advisories, they do not exist in the version that is installed on the computer (Acrobat Pro 9.5.5). The last one involves Adobe Reader.

The referenced advisory indicates that it exists in 11.04 and was fixed in 11.05. Reader 11.05 is installed on the computer. Name Severity Type Manufacturer Application Protection technology URL SA47133 Critical Third-party developer Adobe Systems Adobe Reader SA48733 Critical Third-party developer Adobe Systems Adobe Reader SA52196 Critical Third-party developer Adobe Systems Adobe Reader SA51791 High Third-party developer Adobe Systems Adobe Reader SA53420 High Third-party developer Adobe Systems Adobe Reader SA54754 Warning Third-party developer Adobe Systems Adobe Reader XI. Here is a screen shot showing the vulnerabilities listed for the computer I submitted the GIS for. The first 5 involve Adobe Acrobat.

From what I see in the referenced advisories, they do not exist in the version that is installed on the computer (Acrobat Pro 9.5.5). The last one involves Adobe Reader. The referenced advisory indicates that it exists in 11.04 and was fixed in 11.05. Reader 11.05 is installed on the computer.

Name Severity Type Manufacturer Application Protection technology URL SA47133 Critical Third-party developer Adobe Systems Adobe Reader SA48733 Critical Third-party developer Adobe Systems Adobe Reader SA52196 Critical Third-party developer Adobe Systems Adobe Reader SA51791 High Third-party developer Adobe Systems Adobe Reader SA53420 High Third-party developer Adobe Systems Adobe Reader SA54754 Warning Third-party developer Adobe Systems Adobe Reader XI Thank You for the information provided, it will be analyzed. We will reply to you then. Here is a screen shot showing the vulnerabilities listed for the computer I submitted the GIS for.

The first 5 involve Adobe Acrobat. From what I see in the referenced advisories, they do not exist in the version that is installed on the computer (Acrobat Pro 9.5.5). The last one involves Adobe Reader. The referenced advisory indicates that it exists in 11.04 and was fixed in 11.05. Reader 11.05 is installed on the computer. Name Severity Type Manufacturer Application Protection technology URL SA47133 Critical Third-party developer Adobe Systems Adobe Reader SA48733 Critical Third-party developer Adobe Systems Adobe Reader SA52196 Critical Third-party developer Adobe Systems Adobe Reader SA51791 High Third-party developer Adobe Systems Adobe Reader SA53420 High Third-party developer Adobe Systems Adobe Reader SA54754 Warning Third-party developer Adobe Systems Adobe Reader XI Hello! May I please ask you to go to this vulnerability properties - vulnerability instances and check where it was found?

There will be 'File' column with the full path to the file with found vulnerability. English mp3 free download songs. May I please kindly ask you to provide screenshots of the described window? Here are the screen shots. From what I see, all the Adobe Acrobat vulnerabilities are being detected in the same file (nppf32.dll) so I only sent one screen shot of the instances Acrobat instead sending one screen shot for each vulnerability.

According to your screenshots, this is a known situation, and we are currently working on it. The vulnerabilities you see are not actually related to the installed product, but we can't simply exclude $PatchCache$ folder from the vulnerability search scope as it may contain relevant info as well. INC30 I got a reply this 'resolution' in the incident: The problem with Adobe, and I do apologize for the inconvenience, is that application like adobe, java, and others, do not delete their old application files when they are updated. They leave the old application behind. The only way to clear this is up is to delete the old application version after it has been updated.

If the Adobe Acrobat files are just left over files from a previous version (which I agree with because they are in $PatchCache$, why is KES 10 detecting them as vulnerabilities? I don't think c: Programs (x86) adobe reader 11.0 reader acrord32.exe is a left over file, though. What to do I need to do about getting KES to understand that it is fully patched? The vulnerability scan performed by the network agent is reporting objects found in C: Windows Installer $PatchCache$.

For example, here's one for Adobe Acrobat 9: C: Windows Installer $PatchCache$ Managed 68AB67CA0040 9.0.0 nppdf32.dll According to the referenced advisory ( ), this vulnerability affects Adobe Acrobat versions 9.4.6 and prior for Windows. We have Acrobat Pro 9.5.5 installed. The only detected instance of this vulnerability on the computers is under $PatchCache$. Is there any way to get to get KE to recognize that the computers actually do have a non-vulnerable version installed? KES 10 MR1 Network Agent 10.1.249 That's because when you use the list of vulnerabilities instances or the list of vulnerabilities found from the given host's properties.

In these cases you can see all the vulnerable objects (including those which are not a part of a product installation and cannot be fixed by any patch installation). The system caches these files in this MSI database, so even when the product is updated, some binaries from previous installation are stored there by system. Usually you should work with the main vulnerabilities list, not the list of vulnerabilities instances or the list of vulnerabilities found from the given host's properties.

And main vulnerabilities list has a filter 'Fixes are available', turned on by default (see screenshot), so you will not see such vulnerabilities there. We'll definitely add the same filter for all the vulnerabilities lists. But unless they are available, could you please specify the usual scenarios when you have to look through the list of vulnerabilities instances or the list of vulnerabilities found from the given host's properties? This information could help us to make the product better. That's because when you use the list of vulnerabilities instances or the list of vulnerabilities found from the given host's properties.

In these cases you can see all the vulnerable objects (including those which are not a part of a product installation and cannot be fixed by any patch installation). The system caches these files in this MSI database, so even when the product is updated, some binaries from previous installation are stored there by system. Usually you should work with the main vulnerabilities list, not the list of vulnerabilities instances or the list of vulnerabilities found from the given host's properties. And main vulnerabilities list has a filter 'Fixes are available', turned on by default (see screenshot), so you will not see such vulnerabilities there. We'll definitely add the same filter for all the vulnerabilities lists. But unless they are available, could you please specify the usual scenarios when you have to look through the list of vulnerabilities instances or the list of vulnerabilities found from the given host's properties?

This information could help us to make the product better. My typical workflow is as follows: 1. Go to main vulnerabilities screen 2. Make sure the 'Fixes are available' filter is off.

Review the vulnerabilities 4. Right-Click on a vulnerability, and choose properties to see advisory information, Etc. Click 'Vulnerability instances' to see which computers are affected. From a security perspective, my company wants to know about all vulnerabilities, regardless if a fix is available. A hacker doesn't care if we could fix a security issue; he/she only cares if it is there. We need to know our level of exposure. Hiding vulnerabilities just because we can't patch them is a bit like hiding our heads in the sand.

If a fix is not available, we can take measures to mitigate the issue, such as uninstalling the vulnerable software or restricting its access. I'm a little surprised that the 'Fixes are available filter' is on by default. I'd like to think a well-known security vender like Kaspersky would be interested in making sure it clients knew their level of vulnerability at all times. Clarification: I do understand that files under $PatchCache$ are not vulnerabilities.

My comments above are reference to true vulnerabilities that are being hidden by default because a fix isn't available. Edited January 15, 2014 by kesrs. My typical workflow is as follows: 1. Go to main vulnerabilities screen 2.

Make sure the 'Fixes are available' filter is off. Review the vulnerabilities 4. Right-Click on a vulnerability, and choose properties to see advisory information, Etc. Click 'Vulnerability instances' to see which computers are affected. From a security perspective, my company wants to know about all vulnerabilities, regardless if a fix is available. A hacker doesn't care if we could fix a security issue; he/she only cares if it is there.

We need to know our level of exposure. Hiding vulnerabilities just because we can't patch them is a bit like hiding our heads in the sand. If a fix is not available, we can take measures to mitigate the issue, such as uninstalling the vulnerable software or restricting its access. I'm a little surprised that the 'Fixes are available filter' is on by default. I'd like to think a well-known security vender like Kaspersky would be interested in making sure it clients knew their level of vulnerability at all times.

Clarification: I do understand that files under $PatchCache$ are not vulnerabilities. My comments above are reference to true vulnerabilities that are being hidden by default because a fix isn't available. We don't hide any vulnerabilities, it's just a question of defaults. And defaults are like this because of several reasons: - the information provided by default must be useful and convenient for typical KSC scenarios, used by the majority of the customers; - the majority of the customers are not going to fix any vulnerabilities by any custom means; in fact, most of them just do not install available patches for vulnerable applications in time. And the main aim of this functionality is to help the customers to apply the necessary patches in time and with minimal risks; - the majority of vulnerabilities used by 'bad guys' can be fixed by patch installation; moreover, usually it's a bad idea to publish widely any information about a vulnerability unless the vulnerable application vendor releases a patch to fix it (since this information could be used by other 'bad guys', which could start using this vulnerability also). the advanced customers (which pay extra attention to potential security issues related to any separate vulnerable modules which are not a part of installed software) can always do like you - turn the filter off.

In future we are going to provide, when possible, some additional information on some specific vulnerabilities: how can they be neutralized by some ports closing, settings changing, etc. I'm a little surprised that the 'Fixes are available filter' is on by default. I'd like to think a well-known security vender like Kaspersky would be interested in making sure it clients knew their level of vulnerability at all times. Your workflow is very different from typical workflow in most companies. In general we see that most companies are having troubles installing required patches even when they are available.

We create default settings which are most useful for 'typical' client. You should also understand, that almost every complex software contans some vulnerabilities, and this information could be overwhelming to administrator. Even when administrator knows about vulnerability, in most cases it is impossible to fix one without correct patch from vendor. Potentially any vulnerability could be used by attacker, but in most cases attacks are based on few most popular vulnerabilities in most popular software. Kaspersky security team constantly monitors which vulnerabilities are used in the wild and provides this information to our customers with the help of KSC.

Our goal in to make vulnerability management process efficient and increase real level of protection of our clients. The goal to fix every known vulnerability in most cases unrealistic. By the way, our vulnerabilities report by default contains every detected vulnerability.

I have been trying to free up some space on my laptop for quite some time now (120 gb ssd fills up quickly), and have been confused as to what exactly is taking up so much space (my programs and documents don't seem to account for everything). So I used this program called WinDirStat, and as it turns out, 24.3 GB is being hogged by 'Windows Installer Patch', which all seem to be.msp files. They are all located in the same folder, which is in C: Windows Installer. The list of files is quite large, each ranging from a few KB to a hundreds of MB. Are these files safe to delete?

I've never seen the file extension before / never heard of this folder before. I figured I would ask here for a definitive answer. It would be real nice to free up over 20 GB on my machine. Hi, I would like to inform you that, it is not recommended to delete Windows Installer Patch Files. The Windows Installer Cache, located in c: windows installer folder, is used to store important files for applications installed using the Windows Installer technology and should not be deleted. If the installer cache has been compromised, you may not immediately see problems until you perform an action such as uninstall, repair, or update on a product.

When a product is installed using Windows Installer critical files are stored in the Windows Installer Cache (default is C: Windows Installer). These files are required for uninstalling and updating applications. Missing files cannot be copied between machines since they are unique. If you do not have enough space on c: drive, you may try the below suggestions: a. Move the download folder to another drive. Empty recycle bin c. Uninstall the applications that you no more use.

Perform disk cleanup, refer the below links. (Applies to windows 10 as well) Hope it helps. Revert to us with the results, will be glad to assist you.