Dear Develoepers,
The client is using Workspace in Citrix environment. Workspace is randomly executing netsh.exe & powershell.exe, and not only during startup.
SMBC have switched off security system in their local system policy but Workspace is still showing a pop-up window as per the screenshot below. It doesn’t look good for the end users (traders) to see this pop-up window randomly from time to time.
-----------------------------------------------------
An example below of the netsh, this follows the powershell window.
We have observed Workspace randomly executing netsh.exe & powershell.exe, more so when the application first starts.
At the desktop level we can manage the Banks AppSense Manager, so we observe the command windows running netstat commands very briefly (milliseconds) on the screen.
Please advise if this is expected behaviour?
Error 1:
AppSense Application Manager denied execution of '%systemroot%\system32\netsh.exe [Size:96768 bytes] [ProductVersion: 10.0.19041.1] [FileVersion: 10.0.19041.1] [Product Name: Microsoft® Windows® Operating System] [Company Name: Microsoft Corporation] [Vendor: ] [File Description: Network Command Shell] [Parent Process: "%programfiles%\refinitiv\refinitiv workspace\refinitivworkspace.exe" --launch]' on 'LNHVAPCTDQA0001' in 'Session ID: 1'. Deciding Rule: 'Everyone'. File owner: 'NT SERVICE\TrustedInstaller'.
Error 2:
AppSense Application Manager denied execution of '%systemroot%\system32\windowspowershell\v1.0\powershell.exe [Size:455680 bytes] [ProductVersion: 10.0.19041.3996] [FileVersion: 10.0.19041.3996] [Product Name: Microsoft® Windows® Operating System] [Company Name: Microsoft Corporation] [Vendor: ] [File Description: Windows PowerShell] [Parent Process: "%programfiles%\refinitiv\refinitiv workspace\refinitivworkspace.exe" --launch]' on 'LNHVAPCTDQA0001' in 'Session ID: 1'. Deciding Rule: 'Everyone'. File owner: 'NT SERVICE\TrustedInstaller'.
Could you please advise?
Regards,
Dawid Menard