Mauricio Osorio 4 Posted December 16, 2019 Posted December 16, 2019 Hi guys, Why ESET Sysinspector is showing this Windows task as dangerous: You can see the Sysinspector log in the attachment. My customer is asking about this but i dont know why this is dangerous. Can someone help me? Regards. SysInspector-KE10DESARROLLO2-191216-090230.zip
Administrators Marcos 5,742 Posted December 16, 2019 Administrators Posted December 16, 2019 If you are positive it's benign, simply ignore it. Obviously it's new and other users don't have such file.
Mauricio Osorio 4 Posted December 16, 2019 Author Posted December 16, 2019 Thank you for the answer Marcos. Im going to say that to my client. Is there some training or something where we can learn how to read correctly a sysinspector log?. Regards.
Administrators Marcos 5,742 Posted December 16, 2019 Administrators Posted December 16, 2019 No. SysInspector logs are intended to be analyzed by advanced users and ESET staff with experience with analyzing malware when it comes to analyzing particular suspicious files.
itman 1,924 Posted December 16, 2019 Posted December 16, 2019 What is calluxxprovider.vbs: Quote calluxxprovider.vbs is used when using Server Manager to collect performance data on servers.This is activated in Server manager, select server, right-click and select "Start Performance Counters". This will create a data collector set on that server, user defined called "Server Manager Performance Monitor". In this task the script calluxxprovider.vbs is scheduled to clean up all logs older than 7 days. So, when accessing performance in Server manager, these files are used to show the performance data. https://social.technet.microsoft.com/Forums/windows/en-US/5aa8e440-e2ec-40f2-b0f1-73c75bf7dab8/can-anybody-tell-me-what-calluxxprovidervbs-does?forum=winservergen It appears that the script per se is not malicious. However, it could have been modified by malware. I would submit the script to Virus Total to determine if other solutions find something.
itman 1,924 Posted December 16, 2019 Posted December 16, 2019 (edited) Also according to this: https://skatterbrainz.wordpress.com/2016/02/05/legacy-code-still-alive-in-microsoft-products/ , this .vbs script only exists on Win Server 2012 R2. As such if it exists on another Win version, I would treat it as suspect. Edited December 16, 2019 by itman
Most Valued Members Nightowl 206 Posted December 19, 2019 Most Valued Members Posted December 19, 2019 I've reproduced on my side , I've received the same , I believe it's safe.
Recommended Posts