Getting errors when running with /report_sig
Closed this issue · 2 comments
C:\Users\Administrator\Downloads\Log4jScanner-1.2.18\Log4jScanner\x64>Log4jScanner.exe /scan /report_sig
Scan start time : 2021-12-31T01:45:20-0800
Scan end time : 2021-12-31T01:45:45-0800
Run status : Partially Successful
Result file location : C:\ProgramData\Qualys\log4j_findings.out
Errors :
Failed to process directory 'C:\ProgramData\Microsoft\Diagnosis\FeedbackHub' (rv: 5)
Failed to process directory 'C:\ProgramData\Microsoft\Diagnosis\TimeTravelDebuggingStorage' (rv: 5)
Failed to process directory 'C:\ProgramData\Microsoft\Windows\SystemData' (rv: 5)
Failed to process directory 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Cache' (rv: 5)
Failed to process directory 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Cyber' (rv: 5)
Failed to process directory 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Trace' (rv: 5)
Failed to process directory 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection' (rv: 5)
Failed to process directory 'C:\System Volume Information' (rv: 5)
Failed to process directory 'C:\Windows\System32\LogFiles\WMI\RtBackup' (rv: 5)
Same thing in my Status.txt"
Scan start time : 2022-01-03T09:52:22-0500
Scan end time : 2022-01-03T09:55:04-0500
Run status : Partially Successful
Result file location : C:\ProgramData\Qualys\log4j_findings.out
Errors :
Failed to process directory 'C:\Program Files\Windows Defender Advanced Threat Protection\Classification\Configuration' (rv: 5)
Failed to process directory 'C:\ProgramData\Microsoft\Windows\SystemData' (rv: 5)
Failed to process directory 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Cache' (rv: 5)
Failed to process directory 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Cyber' (rv: 5)
Failed to process directory 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection' (rv: 5)
Failed to process directory 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads' (rv: 5)
Failed to process directory 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\SenseCM' (rv: 5)
Failed to process directory 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Temp\PSScriptOutputs' (rv: 5)
Failed to process directory 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Trace' (rv: 5)
Failed to process directory 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection' (rv: 5)
Failed to process directory 'C:\ProgramData\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\S-1-5-21-1177238915-1645522239-725345543-226020\SystemAppData\Helium\Cache' (rv: 5)
Failed to process directory 'C:\ProgramData\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\S-1-5-21-1177238915-1645522239-725345543-226020\SystemAppData\Helium' (rv: 5)
Failed to process directory 'C:\ProgramData\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\S-1-5-21-1177238915-1645522239-725345543-226020\SystemAppData' (rv: 5)
Failed to process directory 'C:\ProgramData\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\S-1-5-21-1177238915-1645522239-725345543-226020' (rv: 5)
Failed to process directory 'C:\ProgramData\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\S-1-5-21-544832997-305076795-2145480142-1003\SystemAppData\Helium\Cache' (rv: 5)
Failed to process directory 'C:\ProgramData\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\S-1-5-21-1177238915-1645522239-725345543-21194\SystemAppData\Helium\Cache' (rv: 5)
Failed to process directory 'C:\System Volume Information' (rv: 5)
Failed to process directory 'C:\Windows\CCM\ScriptStore' (rv: 5)
Failed to process directory 'C:\Windows\CSC' (rv: 5)
Failed to process directory 'C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Ngc' (rv: 5)
Failed to process directory 'C:\Windows\System32\LogFiles\WMI\RtBackup' (rv: 5)
Failed to process directory 'C:\Windows\System32\LogFiles\WMI' (rv: 5)
Failed to process directory 'C:\Windows\System32\LogFiles' (rv: 5)
This is normal for those directories. Windows is configured to deny access to those directories even from administrative accounts.
0x5 = ERROR_ACCESS_DENIED