search

laustinbam / opendlp

Automatically exported from code.google.com/p/opendlp
0 stars 0 forks source link

Windows filesystem agentless scan doesn't scan all subfolders #110

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
OpenDLP 0.5.1 VM targeting a Windows 7 host:

What steps will reproduce the problem?
1. Create a new scan profile with Windows filesystem (agentless over SMB)
2. For credentials, enter a user account with Administrator privileges on the 
target host
3. Under directories, select "Only scan the following directories (recursive)" 
and provide the directory "C:\Users\<username>" (using the username entered for 
credentials)
4. Select regular expressions to use and enter number of concurrent deployments 
before clicking 'Save'
5. Run an OpenDLP scan using this profile against the target host

What is the expected output? What do you see instead?
I expect OpenDLP to scan recursively and report results in folders such as 
C:\Users\<username>\Documents, C:\Users\<username>\Desktop, 
C:\Users\<username>\Downloads, etc.

Instead, I do not see any results for any files included in the Documents, 
Desktop, Download directories.  (There are test files placed here that are 
detected with other DLP scanning methods, such as agent-based scans.)  There 
should be no permissions issue, since this is the Users folder for the user 
whose credentials were provided to the OpenDLP scan profile.

If I modify the scan profile and place C:\Users\<username>\Documents in the 
directories field instead of C:\Users\<username>, OpenDLP will scan that folder 
and provides valid results.

This also happens when scanning just C:\Users or doing a scan of the entire 
filesystem with this type of scan.

I've also seen this occur for agentless SMB scans on Windows XP hosts when 
targeting the C:\Documents and Settings or C:\Documents and Settings\<username> 
directories.  No results are reported for subfolders such as C:\Documents and 
Settings\<username>\My Documents , even tho I know there are files there that 
contain data that should be detected.  Directly specifying C:\Documents and 
Settings\<username>\My Documents in the agentless scan profile will provide the 
expected results.

Original issue reported on code.google.com by nroe...@paysw.com on 12 Dec 2013 at 11:02

GoogleCodeExporter commented 8 years ago 
Looks like issue 37 could be the same as this one, altho there was no 
resolution for that issue: http://code.google.com/p/opendlp/issues/detail?id=37

Original comment by nroe...@paysw.com on 19 Dec 2013 at 8:10