Malicious file file under CA Nimsoft path.
Article ID: 204278
Updated On:
Products
DX Unified Infrastructure Management (Nimsoft / UIM)
Issue/Introduction
Observed presence of the file "7za.exe.tmp" in the directory "Program Files (x86)\Nimsoft\robot\pkg\temp\7za.exe.tmp" on multiple servers. Crowdstrike is detecting the file as malicious.
Malicious file is only getting detected under Nimsoft directory and on the servers where the Nimsoft software is installed
|
File Detected |
FilePath |
|
7za.exe.tmp |
\Device\HarddiskVolume4\Program Files (x86)\Nimsoft\robot\pkg\temp\7za.exe.tmp |
Environment
Release : 20.1
Component : UIM Robot
Resolution
The 7za.exe file is part of java_jre package. So when java_jre package is being deployed on to the robot all files under this package first copied in "Program Files (x86)\Nimsoft\robot\pkg\temp\" directory from archive with files are put as .tmp extension. Then all files are copied to respective path and all .tmp files under "Program Files (x86)\Nimsoft\robot\pkg\temp\" are removed.
But due to some reason these .tmp extension files are not being removed from "Program Files (x86)\Nimsoft\robot\pkg\temp\" directory but 7za.exe.tmp files are not malicious.
Please check if any anti-virus application is running on this particular server which doesn't allow removing files, do you see this behavior on any other server too. As dev team confirmed these files are not malicious.
But due to some reason these .tmp extension files are not being removed from "Program Files (x86)\Nimsoft\robot\pkg\temp\" directory but 7za.exe.tmp files are not malicious.
Please check if any anti-virus application is running on this particular server which doesn't allow removing files, do you see this behavior on any other server too. As dev team confirmed these files are not malicious.
Feedback
Yes
No
Powered by
