Hi,
Recently we had a customer where random dll files in the Temp directory are flagged as malware. It turned out that this was caused by the nssm.exe used for the Xymon client service.
Has anyone else had nssm.exe flagged as ransomware?
I decided to rewrite the client and integrated the code from this script so nssm.exe is not needed: https://github.com/JFLarvoire/SysToolsLib/blob/master/PowerShell/PSService.p... FYI, this also creates an .exe file and random files in the temp directory but they are nog flagged as malware. It looks like the random files are a way for Windows Service Manager to cope with the an .exe file as service.
I also made sure I can do a seamless upgrade to this new client. This also means patching the 2.xxx client so it can be upgraded to this new version without interaction.
I have to clean up my 2.xxx code and the new script and will update my github page in the next few weeks: https://github.com/StefCoene/xymon-stuff/tree/main/WinPSClient I also have to rollout the new client in our production environments so its' possible that I encounter some unexpected bugs.
Stef