Mauricio Osorio 1 Posted December 16, 2019 Share Posted December 16, 2019 Hi guys, Why ESET Sysinspector is showing this Windows task as dangerous: You can see the Sysinspector log in the attachment. My customer is asking about this but i dont know why this is dangerous. Can someone help me? Regards. SysInspector-KE10DESARROLLO2-191216-090230.zip Link to post Share on other sites
Administrators Marcos 3,662 Posted December 16, 2019 Administrators Share Posted December 16, 2019 If you are positive it's benign, simply ignore it. Obviously it's new and other users don't have such file. Link to post Share on other sites
Mauricio Osorio 1 Posted December 16, 2019 Author Share Posted December 16, 2019 Thank you for the answer Marcos. Im going to say that to my client. Is there some training or something where we can learn how to read correctly a sysinspector log?. Regards. Link to post Share on other sites
Administrators Marcos 3,662 Posted December 16, 2019 Administrators Share Posted December 16, 2019 No. SysInspector logs are intended to be analyzed by advanced users and ESET staff with experience with analyzing malware when it comes to analyzing particular suspicious files. Link to post Share on other sites
itman 961 Posted December 16, 2019 Share Posted December 16, 2019 What is calluxxprovider.vbs: Quote calluxxprovider.vbs is used when using Server Manager to collect performance data on servers.This is activated in Server manager, select server, right-click and select "Start Performance Counters". This will create a data collector set on that server, user defined called "Server Manager Performance Monitor". In this task the script calluxxprovider.vbs is scheduled to clean up all logs older than 7 days. So, when accessing performance in Server manager, these files are used to show the performance data. https://social.technet.microsoft.com/Forums/windows/en-US/5aa8e440-e2ec-40f2-b0f1-73c75bf7dab8/can-anybody-tell-me-what-calluxxprovidervbs-does?forum=winservergen It appears that the script per se is not malicious. However, it could have been modified by malware. I would submit the script to Virus Total to determine if other solutions find something. Link to post Share on other sites
itman 961 Posted December 16, 2019 Share Posted December 16, 2019 (edited) Also according to this: https://skatterbrainz.wordpress.com/2016/02/05/legacy-code-still-alive-in-microsoft-products/ , this .vbs script only exists on Win Server 2012 R2. As such if it exists on another Win version, I would treat it as suspect. Edited December 16, 2019 by itman Link to post Share on other sites
Most Valued Members Nightowl 104 Posted December 19, 2019 Most Valued Members Share Posted December 19, 2019 I've reproduced on my side , I've received the same , I believe it's safe. Link to post Share on other sites
Recommended Posts