Do any Fixlets provided by BigFix attempt to mount a share?

system · May 26, 2010, 9:12pm

(imported topic written by murtasma91)

I was asked by our security team to look into some traffic comming from one of our BigFix Relays to clients for a specifc department here. From what they have been able to tell me it looks like one of our Relays (also running the BigFix Console on this relay) was attempting to mount file shares from several endpoints.

Do any Fixlets proivded by BigFix do any type of drive mapping that may explain this traffic? It could be one of the operators mounting shares to endpoints from the server (waiting on response back from operator) but I would like to check and see if there are any possible reasons why BigFix may have attempting to mount some shares.

BenKus · May 27, 2010, 5:43am

(imported comment written by BenKus)

Hello,

BigFix itself doesn’t mount shares (and in general, it doesn’t have any credentials to access shares since it runs as the SYSTEM account)… however, if you are using custom Fixlet content OR “Network Installations” for Office patching (see more info at http://support.bigfix.com/cgi-bin/kbdirect.pl?id=129), then it is possible that you can configure BigFix to access shares…

Ben

system · May 27, 2010, 4:52pm

(imported comment written by murtasma91)

Ok that’s what I thought just wanted to make sure. Does look like this deparment sent any office related patched to their workstation so this was probably done by something else.

Thank you