Why MID server trying to connect chcp.com

Go to solution
Prabhu6
Tera Guru

‎06-17-2022 10:26 AM

This is the first time the Security team has seen this alert as suspicious. Attached Event

Labels:
0 Helpfuls
  • 1,197 Views
1 ACCEPTED SOLUTION

Go to solution
Richard Hine
Tera Guru

‎06-20-2022 01:28 AM

It isn't trying to reach chcp.com, chcp is a COM (Component Object Model) file on your MID server. The File extension is .com and the file is called chcp.

You can even see the path to the file in the alert screenshot you posted.

It is related to the system code page : https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/chcp

Hope this helps,

Richard

View solution in original post

2 REPLIES 2

Go to solution
PM20
Tera Expert

‎06-17-2022 10:32 AM

adding one more event

Preview file
70 KB
0 Helpfuls

Go to solution
Richard Hine
Tera Guru

‎06-20-2022 01:28 AM

It isn't trying to reach chcp.com, chcp is a COM (Component Object Model) file on your MID server. The File extension is .com and the file is called chcp.

You can even see the path to the file in the alert screenshot you posted.

It is related to the system code page : https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/chcp

Hope this helps,

Richard