Malicious file file under CA Nimsoft path.
search cancel

Malicious file file under CA Nimsoft path.


Article ID: 204278


Updated On:


DX Unified Infrastructure Management (Nimsoft / UIM)


Observed presence of the file "7za.exe.tmp" in the directory "Program Files (x86)\Nimsoft\robot\pkg\temp\7za.exe.tmp" on multiple servers. Crowdstrike is detecting the file as malicious.

Malicious file is only getting detected under Nimsoft directory and on the servers where the Nimsoft software is installed


File Detected



\Device\HarddiskVolume4\Program Files (x86)\Nimsoft\robot\pkg\temp\7za.exe.tmp


Release : 20.1

Component : UIM Robot


The 7za.exe file is part of java_jre package. So when java_jre package is being deployed on to the robot all files under this package first copied in "Program Files (x86)\Nimsoft\robot\pkg\temp\" directory from archive with files are put as .tmp extension. Then all files are copied to respective path and all .tmp files under "Program Files (x86)\Nimsoft\robot\pkg\temp\" are removed.

But due to some reason these .tmp extension files are not being removed from "Program Files (x86)\Nimsoft\robot\pkg\temp\" directory but 7za.exe.tmp files are not malicious.

Please check if any anti-virus application is running on this particular server which doesn't allow removing files, do you see this behavior on any other server too. As dev team confirmed these files are not malicious.