Technical support and scripting issues
Moderators: JRL, Dorian (MJT support)
-
armsys
- Automation Wizard
- Posts: 1108
- Joined: Wed Dec 04, 2002 10:28 am
- Location: Hong Kong
Post
by armsys » Thu Jul 04, 2013 11:37 pm
The
report from SanityCheck (
http://www.resplendence.com):
Code: Select all
Processes are running without company, product and description information
One or more processes have been detected which have not registered any company, product and description information. This is not necessarily the work of a virus or malware but does raise a flag of suspicion. It is suggested you find out what this process belongs to and why it is running on your system.
The process msched.exe does not have any product, company or description information.
Information about the responsible process msched.exe:
file path:
C:\program files (x86)\macro scheduler 14\msched.exe
-
Marcus Tettmar
- Site Admin
- Posts: 7395
- Joined: Thu Sep 19, 2002 3:00 pm
- Location: Dorset, UK
-
Contact:
Post
by Marcus Tettmar » Fri Jul 05, 2013 10:03 am
No idea what you're talking about. Right click on msched.exe in program files folder and look at the digital signatures tab and you'll see company info there.
-
armsys
- Automation Wizard
- Posts: 1108
- Joined: Wed Dec 04, 2002 10:28 am
- Location: Hong Kong
Post
by armsys » Fri Jul 05, 2013 10:11 am
Marcus Tettmar wrote:No idea what you're talking about. Right click on msched.exe in program files folder and look at the digital signatures tab and you'll see company info there.
Of course, the digital signature is confirmed there.
But if you look at the Details pane of the Msched.exe Properties window, you'll find all data such as "File description" and "Product name" are blank.
-
Marcus Tettmar
- Site Admin
- Posts: 7395
- Joined: Thu Sep 19, 2002 3:00 pm
- Location: Dorset, UK
-
Contact:
Post
by Marcus Tettmar » Fri Jul 05, 2013 10:21 am
So? It has been signed with our digital signature which are only provided to organisations after they have been vetted. Look up the word signature in a dictionary. The digital signature is what identifies the file and if the digital signature is intact it means the file has not been tampered with. The presence or not of a product name in the properties pane is no assurance of security/validity. Any third party could add one. They would invalidate the digital signature if they did though, which really just proves my point that the digital signature is more important.
-
armsys
- Automation Wizard
- Posts: 1108
- Joined: Wed Dec 04, 2002 10:28 am
- Location: Hong Kong
Post
by armsys » Fri Jul 05, 2013 10:29 am
Marcus Tettmar wrote:So? It has been signed with our digital signature which are only provided to organisations after they have been vetted. Look up the word signature in a dictionary. The digital signature is what identifies the file and if the digital signature is intact it means the file has not been tampered with. The presence or not of a product name in the properties pane is no assurance of security/validity. Any third party could add one. They would invalidate the digital signature if they did though, which really just proves my point that the digital signature is more important.
I agree with you totally.
I'm merely a messager reporting the result from from SanityCheck (
http://www.resplendence.com).
-
Marcus Tettmar
- Site Admin
- Posts: 7395
- Joined: Thu Sep 19, 2002 3:00 pm
- Location: Dorset, UK
-
Contact:
Post
by Marcus Tettmar » Fri Jul 05, 2013 10:43 am
The highly revered MalwareBytes doesn't complain about Macro Scheduler.
Presumably though you can whitelist Macro Scheduler in SanityCheck to prevent the unhelpful report?
