jbenz / opendlp

Automatically exported from code.google.com/p/opendlp
0 stars 0 forks source link

Agentless XP Scan does not catch the file with fake data #112

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1.Starting a new scan on an XP Machine - agentless
2.
3.

What is the expected output? What do you see instead?

I expect to see the scan catch a test file with a fake social security number. 
Instead the scan completes successfully without reporting the file.

What version of the product are you using? On what operating system?
Using Open DLP 0.5.1 VM package running on Windows server 2008 R2 Enterprise 
Service Pack 1

Please provide any additional information below.

Original issue reported on code.google.com by Tais...@gmail.com on 11 Feb 2014 at 6:56

GoogleCodeExporter commented 8 years ago
Log File Output:

#   Timestamp   Log Entry
1   Tue Feb 11 13:26:44 2014    Attempting to start discovery
2   Tue Feb 11 13:26:44 2014    Retrieved all profile information
3   Tue Feb 11 13:26:44 2014    Ignore dirs option: everything
4   Tue Feb 11 13:26:44 2014    Ignore file extensions option: everything
5   Tue Feb 11 13:26:44 2014    Total system memory is 3700060160; limiting memory 
usage to 925011968
6   Tue Feb 11 13:26:44 2014    Starting to enumerate files and directories
7   Tue Feb 11 13:40:41 2014    Done whitelisting files. Now searching files for 
regular expressions.
8   Tue Feb 11 13:40:42 2014    Done with Microsoft Windows agentless file system 
scan

Original comment by Tais...@gmail.com on 11 Feb 2014 at 6:57

GoogleCodeExporter commented 8 years ago
Can you change your policy so log verbosity is at the highest setting, scan 
again, and upload the log file? Thanks.

Original comment by andrew.O...@gmail.com on 14 Feb 2014 at 12:29

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
sorry - wrong log i had to delete the comment, but i did double check and it 
looks like I had already set it to level 3 - intensely verbose.

Log File Output:

#   Timestamp   Log Entry
1   Fri Feb 14 13:28:49 2014    Attempting to start discovery
2   Fri Feb 14 13:28:49 2014    Retrieved all profile information
3   Fri Feb 14 13:28:49 2014    Ignore dirs option: everything
4   Fri Feb 14 13:28:49 2014    Ignore file extensions option: everything
5   Fri Feb 14 13:28:49 2014    Total system memory is 3700060160; limiting memory 
usage to 925011968
6   Fri Feb 14 13:28:49 2014    Starting to enumerate files and directories
7   Fri Feb 14 13:42:47 2014    Done whitelisting files. Now searching files for 
regular expressions.
8   Fri Feb 14 13:42:49 2014    Done with Microsoft Windows agentless file system 
scan

Original comment by Tais...@gmail.com on 14 Feb 2014 at 6:55

GoogleCodeExporter commented 8 years ago
hello, any update or any other troubleshooting steps I should try?

Original comment by Tais...@gmail.com on 25 Feb 2014 at 3:19

GoogleCodeExporter commented 8 years ago
I did another test scan, the only change I did was that instead of having a 
scan for the entire machine, I specified the folder that contained the dummy 
data.

Log file below:

#   Timestamp   Log Entry
1   Tue Feb 25 12:16:25 2014    Attempting to start discovery
2   Tue Feb 25 12:16:25 2014    Retrieved all profile information
3   Tue Feb 25 12:16:25 2014    Ignore dirs option: allow
4   Tue Feb 25 12:16:25 2014    Ignore file extensions option: ignore
5   Tue Feb 25 12:16:25 2014    Total system memory is 3700060160; limiting memory 
usage to 925011968
6   Tue Feb 25 12:16:25 2014    Starting to enumerate files and directories
7   Tue Feb 25 12:16:25 2014    processing smb://10.12.3.52/c$/documents and 
settings/username/desktop/test dummy
8   Tue Feb 25 12:17:00 2014    Done whitelisting files. Now searching files for 
regular expressions.
9   Tue Feb 25 12:17:02 2014    Done with Microsoft Windows agentless file system 
scan

Original comment by Tais...@gmail.com on 25 Feb 2014 at 5:28

GoogleCodeExporter commented 8 years ago
Can you:

1. Attach the file
2. Attach a screenshot of your full policy
3. Attach a screenshot of your regular expressions

Original comment by andrew.O...@gmail.com on 26 Feb 2014 at 1:00

GoogleCodeExporter commented 8 years ago
Please see attached

Original comment by Tais...@gmail.com on 26 Feb 2014 at 7:04

Attachments:

GoogleCodeExporter commented 8 years ago
For #1 "attach the file", I meant for you to attach the file that contained the 
fake data. Thanks!

Original comment by andrew.O...@gmail.com on 26 Feb 2014 at 7:35

GoogleCodeExporter commented 8 years ago
Ahh gotcha, sorry about that. Please see attached.

Original comment by Tais...@gmail.com on 26 Feb 2014 at 7:58

Attachments:

GoogleCodeExporter commented 8 years ago
For whatever its worth those same dummy files work when scanned on a Win 7 
machine

Original comment by Tais...@gmail.com on 26 Feb 2014 at 8:01

GoogleCodeExporter commented 8 years ago
hello, any update or any other troubleshooting steps I should try?

Original comment by Tais...@gmail.com on 10 Mar 2014 at 8:52