Community FAQ
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Enzo
Engaged Sweeper III

Hello

I'm checking my Windows 10 workstations and in the system32 folder, I'm getting folders with a date format (20250313), and inside the folder, there's a result in a txt file:

**********************
Windows PowerShell transcript start
Start time: 20240613035627
Username: Domain\SYSTEM
RunAs User: Domain\SYSTEM
Configuration Name:
Machine: ComputerName (Microsoft Windows NT 10.0.19045.0)
Host Application: powershell.exe -ExecutionPolicy Restricted -Command $Res = 0; $Infs = Get-Item -Path ($env:WinDir + '\inf\*.inf'); foreach ($Inf in $Infs) { $Data = Get-Content $Inf.FullName; if ($Data -match '\[defaultinstall.nt(amd64|arm|arm64|x86)\]') { $Res = 1; break; } } Write-Host 'Final result:', $Res;
Process ID: 10816
PSVersion: 5.1.19041.4412
PSEdition: Desktop
PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.19041.4412
BuildVersion: 10.0.19041.4412
CLRVersion: 4.0.30319.42000
WSManStackVersion: 3.0
PSRemotingProtocolVersion: 2.3
SerializationVersion: 1.1.0.1
**********************
**********************
Command start time: 20240613035627
**********************
PS>$Res = 0; $Infs = Get-Item -Path ($env:WinDir + '\inf\*.inf'); foreach ($Inf in $Infs) { $Data = Get-Content $Inf.FullName; if ($Data -match '\[defaultinstall.nt(amd64|arm|arm64|x86)\]') { $Res = 1; break; } } Write-Host 'Final result:', $Res;
Final result: 0
**********************
Command start time: 20240613035633
**********************
PS>$global:?
True
**********************
Windows PowerShell transcript end
End time: 20240613035633
**********************

It appears to be a script running. I'd like to know if it's Lansweeper?

Thanks.

1 ACCEPTED SOLUTION
Gilian
Product Team
Product Team

Hi @Enzo ,

After having the source code checked, I can confirm this script is not ran by default by Lansweeper.
It could still pass through Lansweeper if someone configured it in the deployments module, see Create deployment packages - Deploying Software & Other Changes - Lansweeper Community for more details.

View solution in original post

3 REPLIES 3
Jacob_H
Lansweeper Employee
Lansweeper Employee

Good ol' GPT says this, for what it's worth:  

There’s no unique identifier in this transcript that definitively reveals which application invoked it. But based on behavior and structure, it is most likely:

  • A Microsoft system component, or

  • A security or endpoint management tool (e.g., Intune, MECM/SCCM, Defender ATP, CrowdStrike, etc.)

Gilian
Product Team
Product Team

Hi @Enzo ,

After having the source code checked, I can confirm this script is not ran by default by Lansweeper.
It could still pass through Lansweeper if someone configured it in the deployments module, see Create deployment packages - Deploying Software & Other Changes - Lansweeper Community for more details.