We recently received an alert from PAMonitor about new files being created in the Windows System directory:

    Description:
Files created: 
\\machine-name\C$\WINDOWS\NEWTONSOFT.JSON.DLL
\\machine-name\C$\WINDOWS\NEWTONSOFT.JSON.DLL.CONFIG
\\machine-name\C$\WINDOWS\PASYSTEMDETAILS.EXE
\\machine-name\C$\WINDOWS\PASYSTEMDETAILS.EXE.CONFIG
\\machine-name\C$\WINDOWS\REQRESPDNCLIENT.DLL
\\machine-name\C$\WINDOWS\REQRESPDNCLIENT.DLL.CONFIG

Windows reports all of the file were created at the same time. 2/3 groups of files appear to be related to PAMonitor. Does PAMonitor install agents on monitored machines? The account being used to monitor would have the ability to do so.

asked 13 Mar '14, 10:40

JAnderson's gravatar image

JAnderson
1145
accept rate: 0%


Hi

The Inventory Monitor will try to get the inventory info using PAExec.exe when it can't get the information remotely. In doing so it does put a copy of those files on the remote server to gather the information. Then when the collecting of the inventory is done PAExec.exe removes those files.

Thanks
Quinn

Please make sure to mark your questions accepted when you have your answer by clicking the gray check mark to the left of the answer.

link

answered 13 Mar '14, 14:11

Quinn's gravatar image

Quinn ♦♦
14.5k3925
accept rate: 35%

Does the JSON file look correct? The other two files seem appropriate for QAMonitor. Also, the server has been monitored from PA Monitor for an extended period of time (more than a year) why the sudden change? It doesn't coincide with any changes to the PAMonitor software or server on which it resides, the account being used for monitoring, or permissions on the monitored server....

(14 Mar '14, 10:33) JAnderson

Yes the JSON files are good. The Inventory uses JSON to format and return the data back to the central service. The reason for the changes were to be able to collect more inventory information. Sometimes the service is not able collect the information remotely so it then tries to collect the information by running the job locally on the remote server. That is why those files were created.

(17 Mar '14, 08:51) Quinn ♦♦

Thanks for your help.

link

answered 18 Mar '14, 17:11

JAnderson's gravatar image

JAnderson
1145
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×16
×13
×9
×5
×1

Asked: 13 Mar '14, 10:40

Seen: 6,998 times

Last updated: 18 Mar '14, 17:11