- cdm and processes probe would not remain up and running
- ntevl and ntservices run without issue.
- cdm 6.34 and processes probe 4.63 on Windows 2016 gain port, but pid changes due to restarts then reach max restarts. Both probes are supported on Windows 2016.
- OS: Windows 2016 64-bit SP0 Build 14393
- Robot 7.91 or higher supports Windows 2016
- customer running hub and robot v7.93
processes probe shows "Unable to read instance from file"
Mar 4 14:44:55:026 processes: Unable to open process 624
Mar 4 14:44:55:026 processes: Finding information about process no 8 pid=640...
Mar 4 14:45:10:760 processes: Unable to read Instance from file
- controller shows-> Controller: text_file_get: Unable to open probes/system/cdm/cdm.data for read
- Customer did not currently have access to the robot via RDP so we examined the ntevl Application log via the Status Tab window.
- We noticed the message:
Information: The application "C:\Program Files\Nimsoft\probes\system\cdm\cdm.exe" attempted to read the memory of "C:\Windows\System32\lsass.exe" (potentially scraping memory) by calling the function "NtReadVirtualMemory".The operation was blocked...
***The Source/Publisher for the event was CbDefense which is Carbon Black (antivirus (NGAV) and endpoint detection and response (EDR) capabilities)***
Customer will discuss this with their internal security team and request a full exclusion for all Nimsoft programs.