conf_ad_server.exe - probe gui execution

book

Article ID: 130503

calendar_today

Updated On:

Products

DX Infrastructure Management NIMSOFT PROBES

Issue/Introduction

ad_server GUI only opens in raw configure mode. conf_ad_server.exe is being blocked by Anti_virus.

Cause

- Anti_virus software

Environment

- UIM 8.5x or higher
- ad_server 1.70 or higher

Resolution

This is something we've seen previously with some of our customers using the ad_server/ad_response probe. Some anti-virus software detects a possible trojan for the configuration GUI (in this case the conf_ad_server.exe). This is normally a 'false positive' detected by the AV software. This file is most likely not infected but please do let us know if your Security team can actually prove a specific vulnerability and as always we will address it.

We recommend that you create an exclusion for conf_ad_server.exe and/or contact your Anti_virus provider to discuss the fact that this is monitoring software that is accessing your Active Directory server.

Additional Information

ad_server Help doc:

https://docops.ca.com/ca-unified-infrastructure-management-probes/ga/en/alphabetical-probe-articles/ad_server-active-directory-server-monitoring/ad_server-active-directory-server-monitoring-release-notes

"The Active Directory Server Monitoring (ad_server) probe is used to monitor the health and performance of the Active Directory Server. For example, the response time of the AD server. It is a local probe which monitors the AD server of the host system only. The probe is delivered with a default configuration and a set of profiles to monitor the Active Directory Server." So it is configured to access AD and hence may be being picked up by the AV."