Stef, I have not had any Malware alerts for nssm.exe. On Windows 11, I don't find any DLL files in %TEMP%, but I do on Windows 10.

For your updated xymonclient.ps1 file, how do we start it without

nssm.exe?

Also, attached is a patch file to add CPU thread count to the cpu

output. Currently it only reports the number of cores, so this patch adds the number of threads, looking like this:

CPU states: total 3.05% cores: 6 threads: 12

Tom

On Sun, May 19, 2024 at 4:13?AM Stef Coene <stef.coene at docum.org> wrote:

Hi,

Recently we had a customer where random dll files in the Temp directory are flagged as malware. It turned out that this was caused by the nssm.exe used for the Xymon client service.

Has anyone else had nssm.exe flagged as ransomware?

I decided to rewrite the client and integrated the code from this script so nssm.exe is not needed:

https://github.com/JFLarvoire/SysToolsLib/blob/master/PowerShell/PSService.p... FYI, this also creates an .exe file and random files in the temp directory but they are nog flagged as malware. It looks like the random files are a way for Windows Service Manager to cope with the an .exe file as service.

I also made sure I can do a seamless upgrade to this new client. This also means patching the 2.xxx client so it can be upgraded to this new version without interaction.

I have to clean up my 2.xxx code and the new script and will update my github page in the next few weeks: https://github.com/StefCoene/xymon-stuff/tree/main/WinPSClient I also have to rollout the new client in our production environments so its' possible that I encounter some unexpected bugs.

Stef

---

Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon