How do I whitelist a Windows service (pypsexecsvc.exe) ?

  • 10 August 2017
  • 1 reply
  • 136 views

Hello,
 
I have configured Webroot on a couple of Windows 2012 Standard servers.
As a Linux administrator, I usually run a remote command from a Linux system to connect to my Windows server.
Let's say A is my Windows 2012 server and B is my Linux system.
From B, I run the following command:
# root:~# psexec.py --user 'Administrator%xxxx' //172.20.18.217 'vssadmin list shadows'
I never get the output back. If I disable Webroot, it works fine for me. Any of the vssadmin commands do not work for me, when invoked remotely via psexec.py. They work fine when executed on the Windows server itself.
 
psexec.py is an open-source tool from OpenSecurity (https://www.coresecurity.com/corelabs-research/open-source-tools/impacket).
psexec.py requires Windows service C:Windowspypsexecsvc.exe to be running on the Windows server.
I did add this .exe to the "Allow Files" list in my Webroot configuration, it still doesn't work.
 
It appears that Webroot is treating C:Windowspypsexecsvc.exe as a malware program, when it is not.
 
Has anyone seen this problem before and is there a way I can get the pypsexecsvc.exe white-listed ?
 
Thanks,
Yatin

1 reply

Userlevel 7
Badge +35
Please Submit a Support Ticket for this issue.
 
Thanks,
 
-Dan

Reply