IBM Support

Carbon Black security alert for executing wmic.exe

Question & Answer


Is the wmic.exe call to process collectorSrvWatchDog.bat a security concern on hosts with the IBM Storage Insights Data Collector installed?
Alert Details
Carbon Black Alert Name: Process wmic.exe was detected by the report "Execution - WMIC Process Create Execution Detected" in watchlist "Carbon Black Advanced Threats"
Process Details
Process Name: wmic.exe
Command: ["wmic process call create \"C:\\...\\DataCollector_windows\\bin\\collectorSrvWatchDog.bat\" "]


No. The collectorSrvWatchDog.bat, invoked via wmic.exe, is a normal part of the IBM Storage Insights Data Collector. Tune the security application to understand that this activity is legitimate and expected.

[{"Line of Business":{"code":"LOB26","label":"Storage"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSQRB8","label":"IBM Storage Insights"},"ARM Category":[{"code":"a8m0z000000Go6PAAS","label":"General"}],"ARM Case Number":"TS004515065","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
08 February 2022