on 11-10-2022 6:14 PM
I have suspicious activity detected when SAP B1 was being connected to the SQL Server. Three rules have been triggered during this activity in the following order:
[
{
"script_data": "# import -----------------------------------------------------------------------
. \"$PSScriptRoot/WizardUtils_system.ps1\"
# ------------------------------------------------------------------------------
# global variables -------------------------------------------------------------
$LICENSE_ROOT = \"${env:USER_INSTALL_DIR}\\SAP Business One ServerTools\\License Service\"
#-------------------------------------------------------------------------------
function License::NamingService::Create() {
New-Service -Name 'TAO_NT_Naming_Service' `
-DisplayName 'TAO NT Naming Service (64-bit)' `
-Description 'TAO NT Naming Service (64-bit) for SAP Business One License Manager (64-bit)' `
-BinaryPathName \"${LICENSE_ROOT}\\service\\TAO_NT_CosNaming.exe\"`
-StartupType 'Manual'
}
function License::NamingService::Remove() {
if (Get-Service -Name 'TAO_NT_Naming_Service' -ErrorAction Ignore) {
SystemService::Stop -Name 'TAO_NT_Naming_Service' -Timeout '00:10:00' -ErrorAction SilentlyContinue
SystemService::Remove -Name 'TAO_NT_Naming_Service'
}
}
function License::NamingService::Start() {
SystemService::Start -Name 'TAO_NT_Naming_Service' -Timeout '00:10:00'
}
function License::NamingService::Stop() {
SystemService::Stop -Name 'TAO_NT_Naming_Service' -Timeout '00:10:00' -ErrorAction SilentlyContinue
}
function License::LicenseService::Create() {
New-Service -Name \"B1LicenseService\" `
-DisplayName \"SAP Business One License Manager (64-bit)\" `
-Description \"SAP Business One License Manager (64-bit)\" `
-BinaryPathName \"${LICENSE_ROOT}\\service\\B1_License.exe\" `
-StartupType 'Manual' `
-DependsOn 'TAO_NT_Naming_Service'
}
function License::LicenseService::Remove() {
if (Get-Service -Name 'B1LicenseService' -ErrorAction Ignore) {
SystemService::Stop -Name 'B1LicenseService' -Timeout '00:10:00' -ErrorAction SilentlyContinue
SystemService::Remove -Name 'B1LicenseService'
}
}
function License::LicenseService::Start() {
SystemService::Start -Name 'B1LicenseService' -Timeout '00:10:00'
}
function License::LicenseService::Stop() {
SystemService::Stop -Name 'B1LicenseService' -Timeout '00:10:00' -ErrorAction SilentlyContinue
}
",
"script_path": "C:\\USERS\\ADMINISTRATOR\\APPDATA\\LOCAL\\TEMP\\B1-ZNHFNJRPDVHHPQTQLZSC\\SUPPORT\\BIN\\LICENSEMANAGER_SERVICE.PS1",
"timestamp": "10/24/2022 1:30:45 PM"
},
{
"script_data": "# import -----------------------------------------------------------------------
. \"$PSScriptRoot/WizardUtils_system.ps1\"
# ------------------------------------------------------------------------------
# global variables -------------------------------------------------------------
$LICENSE_ROOT = \"${env:USER_INSTALL_DIR}\\SAP Business One ServerTools\\License Service\"
#-------------------------------------------------------------------------------
function License::NamingService::Create() {
New-Service -Name 'TAO_NT_Naming_Service' `
-DisplayName 'TAO NT Naming Service (64-bit)' `
-Description 'TAO NT Naming Service (64-bit) for SAP Business One License Manager (64-bit)' `
-BinaryPathName \"${LICENSE_ROOT}\\service\\TAO_NT_CosNaming.exe\"`
-StartupType 'Manual'
}
function License::NamingService::Remove() {
if (Get-Service -Name 'TAO_NT_Naming_Service' -ErrorAction Ignore) {
SystemService::Stop -Name 'TAO_NT_Naming_Service' -Timeout '00:10:00' -ErrorAction SilentlyContinue
SystemService::Remove -Name 'TAO_NT_Naming_Service'
}
}
function License::NamingService::Start() {
SystemService::Start -Name 'TAO_NT_Naming_Service' -Timeout '00:10:00'
}
function License::NamingService::Stop() {
SystemService::Stop -Name 'TAO_NT_Naming_Service' -Timeout '00:10:00' -ErrorAction SilentlyContinue
}
function License::LicenseService::Create() {
New-Service -Name \"B1LicenseService\" `
-DisplayName \"SAP Business One License Manager (64-bit)\" `
-Description \"SAP Business One License Manager (64-bit)\" `
-BinaryPathName \"${LICENSE_ROOT}\\service\\B1_License.exe\" `
-StartupType 'Manual' `
-DependsOn 'TAO_NT_Naming_Service'
}
function License::LicenseService::Remove() {
if (Get-Service -Name 'B1LicenseService' -ErrorAction Ignore) {
SystemService::Stop -Name 'B1LicenseService' -Timeout '00:10:00' -ErrorAction SilentlyContinue
SystemService::Remove -Name 'B1LicenseService'
}
}
function License::LicenseService::Start() {
SystemService::Start -Name 'B1LicenseService' -Timeout '00:10:00'
}
function License::LicenseService::Stop() {
SystemService::Stop -Name 'B1LicenseService' -Timeout '00:10:00' -ErrorAction SilentlyContinue
}
",
"script_path": "C:\\USERS\\ADMINISTRATOR\\APPDATA\\LOCAL\\TEMP\\B1-ZNHFNJRPDVHHPQTQLZSC\\SUPPORT\\BIN\\LICENSEMANAGER_SERVICE.PS1",
"timestamp": "10/24/2022 1:30:09 PM"
}
]
The process path was C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\B1-ZNHFNJRPDVHHPQTQLZSC\SAPJVM_8\JRE\BIN\JAVAW.EXE
Can anyone answer this question? Please feel free to ask me if anything more is required.
It's SAP's Backend users to access the Database. Each one of them will have a different purpose to serve.
i.e., License manger, Mailer service, likewise.....
You don't have to worry about this !!!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
98 | |
11 | |
11 | |
6 | |
6 | |
4 | |
4 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.