Stef,
I have not had any Malware alerts for nssm.exe. On Windows 11, I don't
find any DLL files in %TEMP%, but I do on Windows 10.
For your updated xymonclient.ps1 file, how do we start it without
nssm.exe?
Also, attached is a patch file to add CPU thread count to the cpu
output. Currently it only reports the number of cores, so this patch adds
the number of threads, looking like this:
CPU states:
total 3.05%
cores: 6
threads: 12
Tom
On Sun, May 19, 2024 at 4:13?AM Stef Coene <user-dbffe946c0f4@xymon.invalid> wrote:
Hi,
Recently we had a customer where random dll files in the Temp directory
are flagged as malware.
It turned out that this was caused by the nssm.exe used for the Xymon
client service.
Has anyone else had nssm.exe flagged as ransomware?
I decided to rewrite the client and integrated the code from this script
so nssm.exe is not needed:
https://github.com/JFLarvoire/SysToolsLib/blob/master/PowerShell/PSService.ps1
FYI, this also creates an .exe file and random files in the temp
directory but they are nog flagged as malware. It looks like the random
files are a way for Windows Service Manager to cope with the an .exe
file as service.
I also made sure I can do a seamless upgrade to this new client.
This also means patching the 2.xxx client so it can be upgraded to this
new version without interaction.
I have to clean up my 2.xxx code and the new script and will update my
github page in the next few weeks:
https://github.com/StefCoene/xymon-stuff/tree/main/WinPSClient
I also have to rollout the new client in our production environments so
its' possible that I encounter some unexpected bugs.
Stef