locked
App Whitelisting & SCOM (.vbs scripts) RRS feed

  • Question

  • Anyone out here using or implementing an Application Whistlist product where SCOM is already in place?

    I'm having a difficult time locating the calling process for all the .vbs scripts that are dynamically created. I see cscript trying to execute the .vbs script, but cannot figure out what is calling cscript. 

    Command executed: "C:\WINDOWS\system32\cscript.exe" /
    nologo "DiscoverVirtualServerType.vbs" {6A95A70F-
    C789-8830-79C3-7829C003461F} {417DD6AC-E82F-828D-9DAD-0B342CBBFE39}
    *******.com MADVD1031 Working Directory: C:\Program Files\System
    Center Operations Manager 2007\Health Service State\Monitoring Host
    Temporary Files 11\1552\

    Thursday, August 5, 2010 8:42 PM

Answers

  • The MonitoringHost processes call the scripts.  Look in Task Manager and you'll see a couple, maybe several MonitoringHost PID's.
    HTH, Jonathan Almquist - MSFT
    • Proposed as answer by Vivian Xing Friday, August 6, 2010 7:32 AM
    • Marked as answer by Vivian Xing Friday, August 13, 2010 8:32 AM
    Friday, August 6, 2010 1:25 AM
  • Thanks Jonathan.

    cscript is still being blocked so I'm going to re-engage my whitelisting application vendor.  And if needed, I'll get our Microsoft rep involved as well.

     

    Thank you for the reply!

    • Proposed as answer by jillcfrench Wednesday, August 11, 2010 8:52 PM
    • Marked as answer by Vivian Xing Friday, August 13, 2010 8:32 AM
    Wednesday, August 11, 2010 8:52 PM

All replies

  • The MonitoringHost processes call the scripts.  Look in Task Manager and you'll see a couple, maybe several MonitoringHost PID's.
    HTH, Jonathan Almquist - MSFT
    • Proposed as answer by Vivian Xing Friday, August 6, 2010 7:32 AM
    • Marked as answer by Vivian Xing Friday, August 13, 2010 8:32 AM
    Friday, August 6, 2010 1:25 AM
  • Thanks Jonathan.

    cscript is still being blocked so I'm going to re-engage my whitelisting application vendor.  And if needed, I'll get our Microsoft rep involved as well.

     

    Thank you for the reply!

    • Proposed as answer by jillcfrench Wednesday, August 11, 2010 8:52 PM
    • Marked as answer by Vivian Xing Friday, August 13, 2010 8:32 AM
    Wednesday, August 11, 2010 8:52 PM
  • There is an application that is blocking cscript from running?  What application is this?  This seems very aggressive, since it's quite common to run cscript on a server.  Your application probably needs to be configured to trust anything spawned from HealthService and MonitoringHost* processes.
    HTH, Jonathan Almquist - MSFT
    Thursday, August 12, 2010 2:45 AM