Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CSA wmiadap.exe

Newer CSA Customer, running 6.0.1 CSA

All hosts prompted to Accept/Deny on C:\WINDOWS\system32\wbem\wmiadap.exe this morning.

Looked around for any reason to be triggered today, recent something to increase it's risk and found nothing.

Does Cisco provide any real website information such as this?

I suspect it it something due to windows updates received, possible replacing this object causing it to be re-accepted??

What does this exe do?  Again, any cisco website resource is appreciated.

Thank you.

3 REPLIES

Re: CSA wmiadap.exe

Has wmiadap.exe ended up in the untrusted application list on the host ?

New Member

Re: CSA wmiadap.exe

Jan,

Thanks for the reply.

Yes it was.   After a call to TAC, I used the wizard from the event log and set the application as trusted.

I do not want to do these sort of exceptions heavy handedly, however their council on the matter was that this was a part of windows that was likely updated during a recent windows update.

As a relative newbie to CSA, and advice/suggestions you can offer would be greatly appreciated.

Thanks again.

Re: CSA wmiadap.exe

Windows update directly from the internet ? that's not really good, you should get an internal wsus server or other deployment system, this will enable you to define that deployment tool as a trusted installer, and the files it updates/installs/modifies will not be untrusted, and you won't get popups.

With regular windows update, it's a little tricky, but you should look into the process called wuauclt.exe, if you add that to the trusted apps list, you have a quick way of avoiding some problems, but really you should create some new dummy group and add the "log set actions" option, and then enroll one or a few agents with that group also, this will give you the much more logs that tells you which application was added to which dynamic application class (including untrusted applications) and why, which is a good place to start for understanding how to eliminate many false positives with very rules.

619
Views
0
Helpful
3
Replies