Submitting forms on the support site are temporary unavailable for schedule maintenance. If you need immediate assistance please contact technical support. We apologize for the inconvenience.
Is the certutil -f decode used by database agents on Windows servers?
설명
"Certutil -f decode" and batch (.bat) file executions are occurring on DB2 database servers monitored by Foglight.
An example command line looks like the following. certutil -f -decode C:\Windows\Temp\fglam_68478_-920652610 C:\Windows\Temp\fglam_68478_1179918384.bat
Is this normal functionality for Foglight monitoring?
원인
As part of some OS collections on Windows, the agent cannot directly run queries using DCOM from a command prompt. To run these commands, the FglAM creates and runs a temporary batch file on the %SYSTEMROOT%\\Temp folder of the monitored host.
To ensure the proper formatting of the command(s), the command line is transmitted in Base64 and then converted using the native Windows certutil -f decode command into a batch file.
해결 방안
The DB2 Maintenance and DB2 Instance Usability collections use batch files and "certutil -f decode" to collect data.
Some malware scanner applications may falsely report the use of certutil in this instance as a threat. To avoid false flagging, an exclusion can be added for use of this command on files in the %SYSTEMROOT%\\Temp folder on the Windows host. The temporary files created by the database agents have the following format (where the hash is a unique identifier.
