Our security software AMP identified a low level security issue on GISPORTAL. There is a file called "pkill.exe" that tried to access lsass.exe and winlogin.exe. After researching it we believe file may be something GIS uses, but we aren’t sure what it's

1585
3
Jump to solution
10-26-2020 07:40 AM
AliceWilson
New Contributor III

Our IT Department reached out to me this Mon AM to see if I can find out about a possible security issue. Wondering if anything I should be concerned about.

0 Kudos
2 Solutions

Accepted Solutions
by Anonymous User
Not applicable

Hi @AliceWilson,

Pkill.exe is an executable included with Portal for ArcGIS that is used to stop processes by their PIDs.  There are a variety of reasons this process runs:

  •  A process gets hung with no activity for a specific length of time (this will vary with the process) the pkill will be invoked.
  • If an illegal activity occurs in a process, pkill can be invoked to protect data.
  • A process can call up pkill when it is completed.

Quarantining this executable may cause a degradation in Portal for ArcGIS' regular performance.

View solution in original post

0 Kudos
ElliotJones
Esri Contributor

Hi @AliceWilson,

Pkill.exe is an executable included with Portal for ArcGIS that is used to stop processes by their PIDs.  There are a variety of reasons this process runs:

  •  A process gets hung with no activity for a specific length of time (this will vary with the process) the pkill will be invoked.
  • If an illegal activity occurs in a process, pkill can be invoked to protect data.
  • A process can call up pkill when it is completed.

Quarantining this executable may cause a degradation in Portal for ArcGIS' regular performance.

View solution in original post

3 Replies
by Anonymous User
Not applicable

Hi @AliceWilson,

Pkill.exe is an executable included with Portal for ArcGIS that is used to stop processes by their PIDs.  There are a variety of reasons this process runs:

  •  A process gets hung with no activity for a specific length of time (this will vary with the process) the pkill will be invoked.
  • If an illegal activity occurs in a process, pkill can be invoked to protect data.
  • A process can call up pkill when it is completed.

Quarantining this executable may cause a degradation in Portal for ArcGIS' regular performance.

0 Kudos
AliceWilson
New Contributor III

Thanks Elliot!

I have been searching for an answer and reaching out to ESRI staff with no success. This is what I was thinking, but thanks for verifying!

0 Kudos
ElliotJones
Esri Contributor

Hi @AliceWilson,

Pkill.exe is an executable included with Portal for ArcGIS that is used to stop processes by their PIDs.  There are a variety of reasons this process runs:

  •  A process gets hung with no activity for a specific length of time (this will vary with the process) the pkill will be invoked.
  • If an illegal activity occurs in a process, pkill can be invoked to protect data.
  • A process can call up pkill when it is completed.

Quarantining this executable may cause a degradation in Portal for ArcGIS' regular performance.