www.winhelp.us

Content

Tip: keyboard shortcut Ctrl+F searches in the page contents

Secunia PSI

Last modified: 2012-01-17 19:55:30 EET

While Windows Update keeps most of Microsoft's software up-to-date and patched, many other vendors do not have very good automatic updating capabilities for their programs. This means that, for example, unpatched versions of Java Runtime Environment or Adobe Flash Player might leave your Windows computer open to attacks from the Internet.

Luckily, there is a good solution for it - Secunia's Personal Software Inspector (PSI, for short). This program scans for vulnerabilities in Microsoft and non-Microsoft software and is able to patch many programs automatically.

You can always see if your computer is up-to-date by checking PSI icon in Taskbar Notification Area - if the icon is green, everything is ok; yellow/orange means that a few programs are unpatched or out of date; red means that attention is required.
 

Downloading and installing Secunia Personal Software Inspector

Go to PSI download page and click the blue here link.

After downloading and launching the setup file, PSI Setup Wizard starts. Click Next.

In case you are upgrading from an older version of Secunia PSI, you will also see additional windows.
The first one offers to close the currently running version of Secunia PSI. You should always click Yes here:

 

The second window offers to uninstall previous version of Secunia PSI. Just click Next here. The setup of newer version will continue automatically after the older version has been removed.

Check the I accept the terms of the License Agreement box and click the ever-wonderful Next button.

As Secunia PSI is able to update and patch many programs automatically, it is very recommended to leave the Enable Auto-Updates box checked. This will make your life a lot easier.
The Require user-interaction before each Auto-Update box is not selected by default, and you should not check it unless you are paranoid about software versions (or you just like pop-up messages a lot). Leaving this box unchecked enables silent updates.
Click Next.

If you like detailed information about each automatic update performed by Secunia PSI, check the Show full change information in tray icon notification box. This is not necessary for those less tech-savvy. Click Next to continue.

Secunia seems to have loads of Next buttons in stock. Well, you can read the Readme Information, but you still have to click Next to move on.

Default installation folder is fine, click Install.

After installation is complete, click the Finish button.

PSI setup asks you if you want to launch the program now. Click Yes (I'm sure this could have been accomplished via some Next button ).

Running Secunia Personal Software Inspector for the first time

Secunia PSI starts scanning for vulnerable and out-of-date programs right away, but you will see a welcome dialog first. Click the Close button.

If you see "No scan in progress", click the green Start scan button.
Scanning takes some time, depending again on how many programs you have installed on your computer - about 5-10 minutes is common.

If you have no out-of-date or unpatched programs, you will see the green report after the scan. You can click either View Dashboard or View Scan Results.
In case something vulnerable or end-of-life was detected, it is recommended to click View Scan Results.

The Scan Results list shows insecure and out-of-date programs at the top of the list. PSI might already have begun to update some of them.
The programs that can be automatically updated have "(AU)" written in the Install Solution column.

Dealing with vulnerable or end-of-life software that does not support Auto-Update

To see details about a vulnerable or end-of-life program, double-click its name. For programs not yet updated, you will see several tools, references, Auto-Update settings and the path where it was detected.
From the Toolbox on the right, you can either click Install Solution to run the update yourself (this usually downloads a setup file), click Re-Scan Program to see if the vulnerable version still exists or open Windows' Add/Remove Programs (Programs and Features for Windows Vista and 7) dialog to uninstall the software.

Installing Solutions

This is needed only for those programs that do not support Auto-Update; or if you want to install the update yourself.
Clicking the Install Solution link usually opens a patch download dialog, click Open or Run here:

After downloading is complete, the patch or updated program will run. Follow instructions there (and remember not to install optional toolbars or programs you do not need and/or know about!). Unfortunately, there are so many programs out there, I can't give you detailed instructions about installing them, but most probably these are just series of Next buttons.

Always click Re-Scan Program after update is complete. This ensures that PSI will notice the change faster.

Turning off Auto-Update for a program

In case you need some program to be an exact version, you can disable the Auto-Update feature for it. Double-click the program name in Scan Results and then clear the Auto-Update this program box under Auto-Update Setting.
Please be aware that this action might leave your computer vulnerable to different attacks, so always consider the action very-very thoroughly!

Creating Ignore rules for end-of-life programs

In numerous cases, some older programs are just required for something to work properly. You can exclude such programs from further scans and still reach the perfect 100% system score. But do consider an upgrade or replacement for potentially vulnerable software.

Open Secunia PSI and click Scan Results on the left. Double-click the program you want to create an Ignore rule for.

In the bottom of the program window, right-click the vulnerable or end-of-life item and select Ignore Program.

An Edit Ignore Rule window appears with fields pre-filled. Just click OK to remove the program from scan results and exclude it from further scans.

Deleting uninstall leftovers manually (risky!)

Some programs, such as Google Chrome or Picasa often leave older program files in tact after upgrading. Google Chrome users might have ten or more different versions in Applications folder because the program is updated frequently.
While you can normally uninstall older versions of programs using Add/Remove Programs in Windows XP or Programs and Features in Windows Vista and 7, the  web browser mentioned above has no such possibility. Nevertheless, always check if you can uninstall the old software via Control Panel before deleting files manually!

If you are not faint of heart and do not fear deleting program files manually, right-click the program path under Detected Installations column and click Open folder.

As you can see in this example, there are still Picasa2.exe and Picasa2.scr files residing in the folder. Use mouse to select them (Ctrl+click selects files one by one, Shift+click select all adjacent files) and then press Delete (or Del) key on your keyboard to remove them.
For Google Chrome, you can safely use keyboard shortcut Ctrl+A to select all files and then press Delete key to send the files to Recycle Bin. Every new Chrome version has all necessary files in its own folder.

Click Re-Scan Program after the files have been deleted. This ensures that PSI will notice the change faster.

Secunia Personal Software Inspector settings and Ignore rules

As said before, Secunia PSI will run every time you start Windows and it will monitor changes in software installed on your computer. This is good for modern computers that have spare processor power, but it makes sluggish computers even slower.

Also, many users have created special folders for unzipped files, installation files, downloaded files, etc. These folders might contain out-of-date software. If you don't want Secunia PSI to report anything contained in those folders, you can create exclusion rules.

Let's change those settings now!

Open Secunia PSI by right-clicking on its icon in Notification area and clicking Open Secunia PSI.

If you don't have the icon for some reason, Windows XP users can start Secunia PSI from Start Menu by pressing Windows Key (or Ctrl+Esc) on your keyboard and clicking Secunia PSI under All Programs.

 

Windows Vista and 7 users should open Start menu, type "secunia" into Search box and then click Secunia PSI.

 

Then click Continue or Yes in User Account Control warning window.

Click Configuration on the left of Secunia PSI window and then click Settings.

If PSI is consuming too much of your processor power and your computer is constantly slow because of it, clear the Start the Secunia PSI on boot box.

If you clear this, please remember to start Secunia PSI manually at least once a month to keep your computer updated!

Always leave the Enable program monitoring box checked, this way Secunia PSI detects changes to software and applies automatic updates.
Enable automatic program updates should obviously be checked at all times. Remember, if you do not want to update just one or two programs automatically, you should double-click their names in Scan Results list and clear the Auto-update this program box.
I would not recommend checking the Prompt before running automatic program updates box. Most people do not need those prompts, let Secunia PSI do its job in the background.
Enable "Secure Browsing" Page is not meant for typical computer users. This just shows if there are any vulnerabilities for browsers and add-ons that vendors have not yet patched. There is nothing you can do about these zero-day bugs, anyway.
Show detailed program changes box is up to you. If you want detailed information  (this also includes program's name and version) every time Secunia PSI finds changes to program versions, check the box. If you just want to see a general message that a change has been detected, uncheck the box.
Create Log File is not necessary for most users. This is meant for troubleshooting only.

Creating rules to ignore special folders or files

If you have special folders that include downloaded programs or some installation files (such as Downloads folder in Windows Vista and 7) and you do not want Secunia PSI to scan those, create an Ignore rule by  opening Ignore Rules tab in Secunia PSI Settings and clicking Create Ignore Rule:

Type Rule Name and Rule Path. For example, if you have folder named Install on your Local Disk C:, enter "C:\Install\" as a rule. Make sure you include the backslash (\) after the folder name, otherwise it will be treated as a file name!
To exclude a file or file name pattern, type the file name or a part of it in Rule Path. For example, chrome.exe or temp. The latter will exclude both "e-tempo.exe" and "temporarysetup.exe".
Click OK to add the rule.

If you want to add a folder under My Documents (Windows XP) or Downloads folder (Windows Vista and 7), first open the folder you want to add to Ignore rules. Click the Address Bar and it reveals and selects the full path to the folder. Use keyboard shortcut Ctrl+C to copy the path.

Then go back to Secunia PSI and use keyboard shortcut Ctrl+V to paste the path into Rule Path field. Remember to end the path with a backslash (\) character!

To change a rule, click on its name under Rule Name column and click Edit. Make the necessary changes and click OK.

Deleting ignore rules

In case you do not need some rule anymore, you can always right-click an existing rule and select Delete. Please note that Secunia PSI will not confirm this action!

Troubleshooting Secunia PSI

Sometimes the Secunia PSI icon in Taskbar Notification Area is red or yellow/orange without any understandable reason, even if PSI itself shows 100% system score. In most cases, a system restart helps, but please note that after a reboot the PSI icon always remains red up to a few minutes until latest scan results are loaded and checked.

If restart is of no help, open Secunia PSI and run a full system scan - the database is probably unreadable or damaged for some reason.
Click Scan your PC on the left and then click the Start scan button to perform the full scan.

Upgrading Secunia PSI

Secunia PSI is also capable of updating itself. In case you see a dialog like this, click Yes.

A series of dialogs will then appear. The Downloading file dialog might repeat itself tens of times, but this is not an indication of error. Please stand by until PSI downloads the newer files, removes the old version and upgrades to the newest version.

After an upgrade, Secunia PSI will open and perform a full scan.

That's it!

 Comments? Suggestions? Ideas? Let me know! 

Your name (public):

Your e-mail (will not be displayed):

Title:

Notify me of new comments to this page:

Your comments/suggestions/ideas (no HTML code!)
winhelp.us owners reserve the right to remove or not publish comments that they find unacceptable because of strong language, inappropriate contents, advertising or spamming.
winhelp.us Privacy Policy