Share via

Verify VBS validity

Jude (Jude Perera) 1 Reputation point
2021-02-25T13:50:00.93+00:00

Hi team,

I would like to verify any documentation or confirmation to see if the following VBS files are legitimate or not.

• DiscoverService.vbs
• Microsoft.Windows.Server.10.0.Discovery.Probe.vbs
• DiscoverClusterService.vbs

The below activities have been identified by the AV on our Exchange Server and would like to know if these are legitimate.

"C:\Windows\system32\cscript.exe" /nologo "C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 4998\7007**DiscoverService.vbs**" "{F3F3CB4C-90E4-5022-2F0E-8A03F761ABF5}" "{FAB5D6D1-82C9-135D-C047-004A24D7CA68}"

"C:\Windows\system32\cscript.exe" /nologo "C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 4999\7018**Microsoft.Windows.Server.10.0.Discovery.Probe.vbs**" "{7AD6D96F-D2D2-743A-2175-BACE01483A13}" "{FAB5D6D1-82C9-135D-C047-004A24D7CA68}"

"C:\Windows\system32\cscript.exe" /nologo "C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 4997\6998**DiscoverClusterService.vbs**" "{258C2FC2-8490-04FE-867F-0DE46A9D0673}" "{94EACFFB-4E4F-5C9D-2C0C-F5C392CC6591}"

Thank you.

System Center Operations Manager
System Center Operations Manager
A family of System Center products that provide infrastructure monitoring, help ensure the predictable performance and availability of vital applications, and offer comprehensive monitoring for datacenters and cloud, both private and public.
1,603 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. System Center guy 691 Reputation points
    2021-03-01T04:59:44.71+00:00

    The following directory should be set as an antivirus exclusions as they pertain to System Center - Operations Manager.
    %ProgramFiles%\Microsoft Monitoring Agent\Agent\Health Service State

    for detail. please refer to
    https://learn.microsoft.com/en-us/system-center/scom/plan-security-antivirus?view=sc-om-2019

    In view of this files
    "C:\Windows\system32\cscript.exe" /nologo "C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 4998\7007*DiscoverService.vbs*" "{F3F3CB4C-90E4-5022-2F0E-8A03F761ABF5}" "{FAB5D6D1-82C9-135D-C047-004A24D7CA68}"
    "C:\Windows\system32\cscript.exe" /nologo "C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 4999\7018*Microsoft.Windows.Server.10.0.Discovery.Probe.vbs*" "{7AD6D96F-D2D2-743A-2175-BACE01483A13}" "{FAB5D6D1-82C9-135D-C047-004A24D7CA68}"
    "C:\Windows\system32\cscript.exe" /nologo "C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 4997\6998*DiscoverClusterService.vbs*" "{258C2FC2-8490-04FE-867F-0DE46A9D0673}" "{94EACFFB-4E4F-5C9D-2C0C-F5C392CC6591}"
    This is a vbs script for SCOM management pack.
    DiscoverClusterService.vbs: this is discovery script for cluster services
    Microsoft.Windows.Server.10.0.Discovery.Probe.vbs: discovery of windows server services

    Roger

    0 comments
  2. Graham 176 Reputation points
    2022-08-15T11:12:26.17+00:00

    Yes - they are legitimate. If you want to check the actual code as part of the sealed Management Pack, then you can do so via:

    • Install Visual Studio 2019 Community Edition (or Professional \ Enterprise if you have them but Community Edition is free).
    • Install Visual Studio Authoring extenstions for SCOM
    • Add a reference to the management packs containing the scripts
    • Browse to Management Pack Browser

    There you can see all the classes, discoveries and monitoring (and views) including the underlying modules and scripts that are used. If you need more detail on the above then let me know and I can do a blog post run through.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.