[Xymon] Xymon PSClient version 3
Stef Coene
stef.coene at docum.org
Sun May 19 12:08:14 CEST 2024
Hi,
Recently we had a customer where random dll files in the Temp directory
are flagged as malware.
It turned out that this was caused by the nssm.exe used for the Xymon
client service.
Has anyone else had nssm.exe flagged as ransomware?
I decided to rewrite the client and integrated the code from this script
so nssm.exe is not needed:
https://github.com/JFLarvoire/SysToolsLib/blob/master/PowerShell/PSService.ps1
FYI, this also creates an .exe file and random files in the temp
directory but they are nog flagged as malware. It looks like the random
files are a way for Windows Service Manager to cope with the an .exe
file as service.
I also made sure I can do a seamless upgrade to this new client.
This also means patching the 2.xxx client so it can be upgraded to this
new version without interaction.
I have to clean up my 2.xxx code and the new script and will update my
github page in the next few weeks:
https://github.com/StefCoene/xymon-stuff/tree/main/WinPSClient
I also have to rollout the new client in our production environments so
its' possible that I encounter some unexpected bugs.
Stef
More information about the Xymon
mailing list