PAMonitor Installing Files

JAnderson 16
Viewed 0

We recently received an alert from PAMonitor about new files being created in the Windows System directory:

    Description:
Files created: 
\\machine-name\C$\WINDOWS\NEWTONSOFT.JSON.DLL
\\machine-name\C$\WINDOWS\NEWTONSOFT.JSON.DLL.CONFIG
\\machine-name\C$\WINDOWS\PASYSTEMDETAILS.EXE
\\machine-name\C$\WINDOWS\PASYSTEMDETAILS.EXE.CONFIG
\\machine-name\C$\WINDOWS\REQRESPDNCLIENT.DLL
\\machine-name\C$\WINDOWS\REQRESPDNCLIENT.DLL.CONFIG

Windows reports all of the file were created at the same time. 2/3 groups of files appear to be related to PAMonitor. Does PAMonitor install agents on monitored machines? The account being used to monitor would have the ability to do so.

created files directory system windows
2 Answers

Hi

The Inventory Monitor will try to get the inventory info using PAExec.exe when it can't get the information remotely. In doing so it does put a copy of those files on the remote server to gather the information. Then when the collecting of the inventory is done PAExec.exe removes those files.

Thanks
Quinn

Please make sure to mark your questions accepted when you have your answer by clicking the gray check mark to the left of the answer.

Quinn2713

Does the JSON file look correct? The other two files seem appropriate for QAMonitor. Also, the server has been monitored from PA Monitor for an extended period of time (more than a year) why the sudden change? It doesn't coincide with any changes to the PAMonitor software or server on which it resides, the account being used for monitoring, or permissions on the monitored server....

JAnderson

Yes the JSON files are good. The Inventory uses JSON to format and return the data back to the central service. The reason for the changes were to be able to collect more inventory information. Sometimes the service is not able collect the information remotely so it then tries to collect the information by running the job locally on the remote server. That is why those files were created.

Quinn

Thanks for your help.

JAnderson16
Related