This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Powershell scripts running in Lansweeper

Go to solution
Enzo
Engaged Sweeper III

‎05-30-2025 06:52 PM

Hello

I'm checking my Windows 10 workstations and in the system32 folder, I'm getting folders with a date format (20250313), and inside the folder, there's a result in a txt file:

**********************
Windows PowerShell transcript start
Start time: 20240613035627
Username: Domain\SYSTEM
RunAs User: Domain\SYSTEM
Configuration Name:
Machine: ComputerName (Microsoft Windows NT 10.0.19045.0)
Host Application: powershell.exe -ExecutionPolicy Restricted -Command $Res = 0; $Infs = Get-Item -Path ($env:WinDir + '\inf\*.inf'); foreach ($Inf in $Infs) { $Data = Get-Content $Inf.FullName; if ($Data -match '\[defaultinstall.nt(amd64|arm|arm64|x86)\]') { $Res = 1; break; } } Write-Host 'Final result:', $Res;
Process ID: 10816
PSVersion: 5.1.19041.4412
PSEdition: Desktop
PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.19041.4412
BuildVersion: 10.0.19041.4412
CLRVersion: 4.0.30319.42000
WSManStackVersion: 3.0
PSRemotingProtocolVersion: 2.3
SerializationVersion: 1.1.0.1
**********************
**********************
Command start time: 20240613035627
**********************
PS>$Res = 0; $Infs = Get-Item -Path ($env:WinDir + '\inf\*.inf'); foreach ($Inf in $Infs) { $Data = Get-Content $Inf.FullName; if ($Data -match '\[defaultinstall.nt(amd64|arm|arm64|x86)\]') { $Res = 1; break; } } Write-Host 'Final result:', $Res;
Final result: 0
**********************
Command start time: 20240613035633
**********************
PS>$global:?
True
**********************
Windows PowerShell transcript end
End time: 20240613035633
**********************

It appears to be a script running. I'd like to know if it's Lansweeper?

Thanks.

Labels:
0 Kudos
1 ACCEPTED SOLUTION
Go to solution
Gilian
Product Team
Product Team

‎06-03-2025 09:06 AM

Hi @Enzo ,

After having the source code checked, I can confirm this script is not ran by default by Lansweeper.
It could still pass through Lansweeper if someone configured it in the deployments module, see Create deployment packages - Deploying Software & Other Changes - Lansweeper Community for more details.

View solution in original post

0 Kudos
3 REPLIES 3
Go to solution
Jacob_H
Lansweeper Employee
Lansweeper Employee

‎06-14-2025 08:52 AM

Good ol' GPT says this, for what it's worth:  

There’s no unique identifier in this transcript that definitively reveals which application invoked it. But based on behavior and structure, it is most likely:

  • A Microsoft system component, or

  • A security or endpoint management tool (e.g., Intune, MECM/SCCM, Defender ATP, CrowdStrike, etc.)

0 Kudos
Go to solution
Gilian
Product Team
Product Team

‎06-03-2025 09:06 AM

Hi @Enzo ,

After having the source code checked, I can confirm this script is not ran by default by Lansweeper.
It could still pass through Lansweeper if someone configured it in the deployments module, see Create deployment packages - Deploying Software & Other Changes - Lansweeper Community for more details.

0 Kudos

General Discussions

Find answers to technical questions about Lansweeper.

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now