Secunia CSI FAQ | University of Oregon: Information Security
Information Security Information Services home

Frequently Asked Questions

The Official Secunia CSI FAQ can be found here.
  1. What is SPS?

    SPS stands for Secunia Package System and offers increased scope and flexibility in terms of patching
    and configuring hosts. Customise the language options of packages and thereby patch in multiple languages,
    or remotely uninstall applications, among many other things.

  2. How can I use the agent to scan my Mac OS X hosts?

    Download the agent from within your Secunia CSI console (available from the 'Download Agent' -menu).

    The Secunia CSI Agent is a small, simple, customisable, and extremely powerful CSI scan engine, that
    offers a fully featured command line interface (CLI) to the CSI scanning functionality. This allows
    you to run CSI scans directly on the command line or to embed the Agent in a customised script.
    Write "./csia.exe -h" for a full list of arguments supported by the CSI Agent.

    The most common way to use the agent is in Single Host Mode, you'll need root access to install is successfully.

    Single Host Mode (Install the agent as a local service): ./csia.exe -i -L

    Read more about the agent and other options how to use the agent in the Setup and usage guide.

    NOTE: The "csia.exe" file is a customised executable, unique and private for your account. This means that
    the CSI Agent automatically links scans to your Secunia CSI account, without you performing any extra actions.

  3. How can I debug remote client interactions from the command line?

    From the command line, navigate to the CSI folder under program files.
    Depending upon 32-bit or 64-bit architecture, the default path to the folder is:

    • C:\Program Files\Secunia\CSI Agent\

    From here, create a verbose log file: csia.exe -v -d debug.txt

  4. How does the Secunia CSI handle false positives and false negatives?

    Since the scan process works by looking at the actual files on the system scanned, the result is extremely
    reliable as a program obviously cannot be installed on a system without the actual files being present.
    This in turn means that the Secunia CSI rarely identifies false-positives and thus the result from the
    Secunia CSI can be used immediately without doing additional data/results mining.

  5. How come when I create a package, the Secunia CSI Console automatically approves the packages?

    This happens only when the Windows Server Update Service server is set to auto approve Microsoft updates.
    So any newly created patches will default to approved for everyone.
    To workaround this issue, decline the package under Patch > Available, then approve the patch for the proper
    computer group.

  6. How come Secunia is telling me there are "x number of Microsoft updates available" for a particular host, but the host shows that it is up to date?

    The Secunia CSI scan agent makes use of the Windows Update Agent (WUA) to get information about missing Microsoft security updates.
    This setting allows it to control the behaviour of the WUA when gets called by the Secunia CSI scan engine.
    Basically, Secunia is checking against the official Microsoft Updates online and not with your internal WSUS.

  7. Is it possible to extract custom made reports from Secunia CSI?

    The Secunia CSI 5.x features a new Local Database Console that allows you to run SQL queries against the local database.

    Go to Administration->Secunia CSI API->Local Database Console, right click in a table name to see the data being held in that table. Type the SQL query under “SQLite Query” window and press “Run”.

    Use the “Export to…” to export the data into the Clipboard or into a .CSV file.

    The local database is in SQLite, and alternatively you can also download a free SQLite console from SQLite.org (or use your favourite sqlite tool).

    This allows you to connect to the actual database file and run queries directly against the results.

    After downloading the console, you need to locate the database file. The database file is placed in the %APPDATA%\Secunia CSI folder of the user running the CSI. The largest file with a random name in this folder should be your local database.

    The following scenario is just one example how to use the local database of Secunia CSI, but can of course be customised to meet other needs.

    First download and unzip the 'sqlite' console from sqlite.org
    If 'sqlite3.exe' is placed on your desktop, the following command should work on a Windows XP system.

    1. Open a command console and go to your Desktop folder.
    2. Run this command (the sql for query.txt is below):

      sqlite3.exe -header -csv "..\Application Data\Secunia CSI\SqliteLocaldbFile" < query.txt > output.txt
    3. 'output.txt' should now contain the CSV content

    Sql for query.txt (Save this content in a file called query.txt in the same directory as sqlite3.exe):

    SELECT host AS Host, langroup as 'Group', product_name as Program, version as Version, path as Path, CASE WHEN eol > 0 THEN 'End-of-Life' ELSE (CASE WHEN secure = 0 THEN 'Insecure' ELSE 'Patched' END) END AS 'State', 'SA' || vuln_id AS 'SAID', vuln_criticality as Criticality, vuln_create_date as 'SA Issued', vuln_count as Vulnerabilities FROM nsi_devices, nsi_device_software WHERE nsi_devices.nsi_device_id = nsi_device_software.nsi_device_id ORDER BY product_name, path;

  8. I updated a piece of software, but Secunia still sees the old version and wants to update it. What's going on?

    Some vendors release new patches that install into a separate directory, leaving the old, vulnerable program files alone.
    Secunia marks the program as insecure, even though the new version has been installed.
    To fix this, manually remove the corresponding vulnerable files.

  9. Is it possible to deploy the certificates to specific hosts within the domain NOT using GPO?

    From the Secunia CSI Console menu, go to Patch > Deployment

    right-click on one or several hosts, and select "Verify and Install Certificate."

  10. Secunia CSI Console hangs on internet verification.

    Add https://csi5.secunia.com to Internet Explorer trusted sites

  11. I get a Windows Update error 0x800B0109, also known as "I have verified everything, it still does not work?"

    Verify the GPO setting 'Windows Updates/Allow signed updates from an intranet Microsoft update service location' is enabled.
    Verify the registry key "AcceptTrustedPublisherCerts" is set to 1 (if not,change it to 1)

    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

    Run these commands from a command prompt, and try again.

    1. Net stop wuauserv
    2. Net start wuauserv
    3. wuauclt /detectnow
    4. wuauclt /updatenow