Carbon Black security alert for executing wmic.exe

Question & Answer

Question

Is the wmic.exe call to process collectorSrvWatchDog.bat a security concern on hosts with the IBM Storage Insights Data Collector installed?

Alert Details

Carbon Black Alert Name: Process wmic.exe was detected by the report "Execution - WMIC Process Create Execution Detected" in watchlist "Carbon Black Advanced Threats"

Process Details

Process Name: wmic.exe

Command: ["wmic process call create \"C:\\...\\DataCollector_windows\\bin\\collectorSrvWatchDog.bat\" "]

Answer

No. The collectorSrvWatchDog.bat, invoked via wmic.exe, is a normal part of the IBM Storage Insights Data Collector. Tune the security application to understand that this activity is legitimate and expected.

[{"Line of Business":{"code":"LOB26","label":"Storage"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSQRB8","label":"IBM Storage Insights"},"ARM Category":[{"code":"a8m0z000000Go6PAAS","label":"General"}],"ARM Case Number":"TS004515065","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Tips

Carbon Black security alert for executing wmic.exe

Question & Answer

Question

Answer

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?