- Post History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 10-21-2020 05:17 AM
If "Windows - Active Processes" probe fetches the payload but doesn't populate processes, one reason can be that the payload contains some XML control characters like "".
Control Characters are not supported in XML 1.0, so when a payload contains these characters it breaks the parsing and the process data is not populated.
An example process containing invalid control characters:
<Win32_Process>
<Caption>jre-12u3-windows-us.exe</Caption>
<CommandLine>"UserDir\jre-12u3-windows-us.exe" "/installmethod=ìÃÝwÁ1$wl" "FAMILYUPGRADE=1"</CommandLine>
<CreationDate>20200523140706.100342+120</CreationDate>
<Description>jre-12u3-windows-us.exe</Description>
<ExecutablePath>UserDir\jre-12u3-windows-us.exe</ExecutablePath>
<Name>jre-12u3-windows-us.exe</Name>
<ParentProcessId>17137</ParentProcessId>
<ProcessId>18859</ProcessId>
<Priority>8</Priority>
</Win32_Process>In the above example, the CommandLine tag contains control characters, this will break the parsing and the processes will not be populated.
One workaround is to disable the WMI Field which is returning invalid control characters. This can be done by going to "Windows - Active Processes" probe (https://<instance_url>/nav_to.do?uri=%2Fdiscovery_probes_wmi.do%3Fsys_id%3D8ef5a7990a0a0ba5007a9d00e48e5e00). Locate "Win32_Process.CommandLine" and set it to false and trigger the discovery again, Now the processes should be created for the CI.
