Package proposal: everything.vm

[SolitudePy]

Package Name

everything

Tool Name

everything

Package type

ZIP_EXE

Is the tool a console application?

false

Tool's version number

1.4.1.1024

Category

Utilities

Tool's authors

voidtools

Tool's description

Search Everything

Download URL

https://www.voidtools.com/Everything-1.4.1.1024.x64.zip

Download SHA256 Hash

4BE0851752E195C9C7F707B1E0905CD01CAF6208F4E2BFA2A66E43C0837BE8F5

Dependencies

No response

Why is this tool a good addition?

Easier & more efficient search operations in the vm.

[Ana06]

There is already a chocolatey community package for these tool and as it is not a security/malware analysis tool, I think we do not need a custom package in this repository. @SolitudePy is there any problem with using the chocolatey community package (for example installing it with choco install everything or adding it to your config.xml)?

[SolitudePy]

@Ana06 isnt the purpose of this vm is to make it as efficient? Hence the reason there is categories for utilities&productivity.

[Ana06]

We could add the tool to Productivity Tools. @mandiant/vms opinions?

@SolitudePy even if we add a package for this tool, the question is still if we could use the community package (and have a metapackage instead of installing the tool from a zip)? @SolitudePy have you tried to install the community package? is there any issue with it? Note we have automation to update metapackages, which means our bot would take care to update the package if there is a new community package version.

[SolitudePy]

@Ana06 Yes I tried and it worked fine

[day1player]

This would be very easy to add during the install process by adding everything to your profile, since it is a community package it will be found and installed. Usually we don't create wrappers for tools unless there is a reason like disabling startup services, removing desktop icons, or some other efficiency improvement. @SolitudePy were there any issues like that after installing?

[SolitudePy]

@day1player there were no issues

[stevemk14ebr]

I am a fan of everything, it really improves the search ability on windows

[day1player]

@SolitudePy @stevemk14ebr I think since there are no issues with the package that would require a wrapper this should be a feature request on the respective VM repos. I have created one for Commando here. I will leave creating the issue in the Flare-VM repo to @Ana06. Thank you!

[Ana06]

@day1player

This would be very easy to add during the install process by adding everything to your profile, since it is a community package it will be found and installed. Usually we don't create wrappers for tools unless there is a reason like disabling startup services, removing desktop icons, or some other efficiency improvement.

We have recently introduced a Productivity Tools category to make it easier to find some of the tools we install and I can see everything fitting there. I am ok with both adding everything directly to the FLARE-VM default configuration (which installs it using the community package without a link in the Tools\Productivity Tools folder) and with creating a metapackage (which installs it in the same way using the community package and creates a link in the Tools\Productivity Tools folder) and adding the metapackage to the default configuration. @mandiant/flare-vm @SolitudePy opinions on which option do you prefer?

[binjo]

I'd prefer not installing it as default. The usage of everything probably low, and might add chaos when it index files and noisy when analysing malware, for e.x: the events added into filemon.

[Ana06]

@binjo

might add chaos when it index files and noisy when analysing malware, for e.x: the events added into filemon.

does this happen if the tool is installed even if it is not used?

[binjo]

based on the doc#How is the Everything service started?, index file service is automatic.

[stevemk14ebr]

@binjo raises a good point I had not considered that

[emtuls]

While it does seem to be a little noisy in ProcMon, it seems to be significantly less than other things that fill the feed (svchost, explorer.exe, dwm.exe, services.exe, etc.) and it can easily be excluded in the filters. I almost always have a filter set to specifically only include certain things myself, so this doesn't seem to be much of a problem to me, unless I'm not thinking of something?

As far as adding it to the default, I do know it's a very useful tool that I'd like to have it if possible, barring any issues that I may be missing or if others think that the extra noise created may be more harmful than not.

[day1player]

We have recently introduced a Productivity Tools category to make it easier to find some of the tools we install and I can see everything fitting there. I am ok with both adding everything directly to the FLARE-VM default configuration (which installs it using the community package without a link in the Tools\Productivity Tools folder) and with creating a metapackage (which installs it in the same way using the community package and creates a link in the Tools\Productivity Tools folder) and adding the metapackage to the default configuration. @mandiant/flare-vm @SolitudePy opinions on which option do you prefer?

based on the doc#How is the Everything service started?, index file service is automatic.

Sounds like we actually do need a wrapper then, and as to whether it is included in the profiles, that should still be a separate issue.

[Ana06]

@binjo raises a good concern. But I agree with @emtuls that it could still be added to the default configuration as we can easily exclude it from procmon and it is a useful tool.