Unknown Processes

by Cody Dumont
June 26, 2014

This report displays unknown processes, gray area processes, and known installed software across a series of components.  Using the Regular Expressions (regex) vulnerability text search, a new feature released in SecurityCenter 4.8.1, the dashboard utilizes the plugin 70768, Reputation of Windows Executables: Unknown Process(es).   The unknown process plugin reports on the count of unknown process counts and can also report on the unknown processes in the “TMP” folders.

The report is available in the SecurityCenter Feed, an app store of dashboards, reports, and assets. The report can be easily located in the SecurityCenter Feed by selecting category Threat Detection & Vulnerability Assessments, and then selecting tags processes and software. The report requirements are:

  • SecurityCenter 4.8.1
  • Nessus 5.2.6 

Chapters

Executive Summary: This chapter contains 2 matrices grouping the counts of systems with unknown processes together.  The group is based on the number of unknown processes discovered, and starts with less than 50 and ends with over 10,000.  There are two additional matrices, one provides indicators for the Windows Autoruns and the other provides the count of systems with unknown processes based on the location and file type.  The final component is a table that provides a summary of networks with hosts that have been identified to have unknown processes. 

Software Installed on Systems Identified with Unknown Processes:  This chapter provides a detailed software inventory of systems with unknown processes. 

Windows Unknown Process Count Indicator: This chapter provides a detailed list of systems with unknown processes, grouped by the number of processes.  The grouping is based on the number of unknown processes discovered, and starts with less than 50 and ends with over 10,000. 

Windows Temp Unknown Process Count Indicator: This chapter provides a detailed list of systems with unknown processes located in the “TMP” folder, grouped by the number of processes.  The grouping is based on the number of unknown processes discovered, and starts with less than 50 and ends with over 10,000. 

Number of Systems and Locations/Types of Unknown Files:  This chapter provides a detailed list of systems with unknown processes based on the location of the unknown processes or the executable file type.