discoRemote.cmd commands are detected using Asset Discovery

Platform Notice: Data Center - This article applies to Atlassian products on the Data Center platform.

Note that this knowledge base article was created for the Data Center version of the product. Data Center knowledge base articles for non-Data Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

When utilizing Asset Discovery for scanning, there are system monitoring tools that detect incoming commands related to the execution of discoRemote.cmd.

Environment

Assets Discovery

Diagnosis

discoRemote.cmd commands are not listed in the Commands executed by Assets Discovery

Cause

When Assets Discovery scans, it generates a discoRemote.cmd script. This script is responsible for gathering device information on the target host and writing it into a registry file. Subsequently, Discovery reads information from this registry and removes the script upon execution. Therefore, observing the discoremote.cmd execution on the target machines is part of the discovery scan and constitutes an expected behavior.

Solution

This is to be expected. discoRemote.cmd is the child process of the parent Commands executed by Assets Discovery. Examples of such parent commands are given in the screenshot below. No further action is necessary.

Last modified on Jan 20, 2025

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.