CSA wmiadap.exe

Unanswered Question

Newer CSA Customer, running 6.0.1 CSA

All hosts prompted to Accept/Deny on /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} C:\WINDOWS\system32\wbem\wmiadap.exe this morning.

Looked around for any reason to be triggered today, recent something to increase it's risk and found nothing.

Does Cisco provide any real website information such as this?

I suspect it it something due to windows updates received, possible replacing this object causing it to be re-accepted??

What does this exe do?  Again, any cisco website resource is appreciated.

Thank you.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jan.nielsen Thu, 03/18/2010 - 14:22

Has wmiadap.exe ended up in the untrusted application list on the host ?

Jan,

Thanks for the reply.

Yes it was.   After a call to TAC, I used the wizard from the event log and set the application as trusted.

I do not want to do these sort of exceptions heavy handedly, however their council on the matter was that this was a part of windows that was likely updated during a recent windows update.

As a relative newbie to CSA, and advice/suggestions you can offer would be greatly appreciated.

Thanks again.

jan.nielsen Thu, 03/18/2010 - 17:34

Windows update directly from the internet ? that's not really good, you should get an internal wsus server or other deployment system, this will enable you to define that deployment tool as a trusted installer, and the files it updates/installs/modifies will not be untrusted, and you won't get popups.

With regular windows update, it's a little tricky, but you should look into the process called wuauclt.exe, if you add that to the trusted apps list, you have a quick way of avoiding some problems, but really you should create some new dummy group and add the "log set actions" option, and then enroll one or a few agents with that group also, this will give you the much more logs that tells you which application was added to which dynamic application class (including untrusted applications) and why, which is a good place to start for understanding how to eliminate many false positives with very rules.

Actions

This Discussion