This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

The Community is now in read-only mode to prepare for the launch of the new Flexera Community. During this time, you will be unable to register, log in, or access customer resources. Click here for more information.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

What is the function of mgssecsvc

iammanzi
By
Level 7

Good day

 

I have a customer that is asking what is the functionality of the mgssecsvc component and are there any security concerns around it. They say that the component has the potential to run whatever code that gets downloaded to it and if so it could be exploited.

Please advise.

 

regards

Manish

‎Apr 30, 2019 08:07 AM

0 Kudos
(7) Replies

mfranz
By Level 17 Champion
Level 17 Champion

Hi Manish,

The documentation (GatheringFlexNetInventory) has some details:

"Another service that runs exclusively on Microsoft Windows is mgssecsvc (there is no equivalent on UNIXlike platforms). Like ndinit, it is automatically initialized as a service on machine reboot. It exists solely as a wrapper for its child processes (which are implemented as DLLs on Windows, and so are running whenever
the service is running)."

"mgssecsvc.exe (and its plug-ins mgsusageag and vdiendpoint)"

and

"The component that monitors application usage (when you have usage tracking configured) is mgsusageag, which is a library exercised by mgssecsvc on Windows. On UNIX-like platforms, mgsusageag is a service in its own right. Because of the ephemeral nature of usage data, mgsusageag invokes the uploader any time it has usage data (an .mmi file) to upload. This means that application usage data isuploaded asynchronously with relation to the upload schedule saved on the local device."

That an the "Agent Architecture" diagram, should explain what it is usually doing.

Can you share any more specific concerns regarding "run whatever code"?

Best regards,

Markward

‎Apr 30, 2019 08:32 AM - edited ‎Apr 30, 2019 08:33 AM

mrichardson
By
Flexera Alumni

Hi @iammanzi,

 

The primary use of  mgssecsvc is to run the application usage agent but it also does the vdi endpoint agent.  It is the executable behind the security agent service and without this you won't be able to collect usage with the agent.

 

Do you know the specific security concerns?  I can't see any open issues around this but if there are major issues we can investigate these further.

 

Matt

 

  

(Anything expressed here is my own view and not necessarily that of my employer, Flexera)
If the solution provided has helped, please mark it as such as this helps everyone to know what works.

‎Apr 30, 2019 10:34 AM

0 Kudos

pushkar_s
By
Level 3
In response to mrichardson

If you would be so kind to entertain some more questions on this subject.

  • If the service exists solely as a wrapper, why is it called 'Flexera Inventory Manager security service' and what is meant by the term 'security agent'?
  • What measures have been taken to ensure a rogue plugin will not be loaded by the service? Is there a penetration test report available for this service?
  • Can you please provide a listing of the types of operations that can be expected and to what effect have they been included?

Regards,
Pushkar

‎Jun 29, 2019 02:54 PM - edited ‎Jun 29, 2019 02:57 PM

0 Kudos

ChrisG
By Level 20 Flexeran
Level 20 Flexeran
In response to pushkar_s

This service was named something like 13-16 years ago when it did (or there was a vision for it to do more) than it does today. For example, my recollection is at the time it gathered details of various security-related events such as logon and logoff events. The name has stuck since and not been changed.

Penetration tests for the agent are available under NDA with Flexera. Please reach out to your Flexera contact to request this.

In terms of the types of operations performed by this service, I don't have much more to add beyond the earlier comments from @mfranz and @mrichardson which cover it pretty well.

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)

‎Jun 30, 2019 10:44 PM

carmen_harvey
By
Level 2
In response to mrichardson

We have an issue that the mgsecsvc.exe is preventing an Eng. application process from closing and as a result an application process is getting suspended by the OS.  

Are there any solutions to reduce this 

‎Jan 27, 2020 02:15 PM

0 Kudos

mrichardson
By
Flexera Alumni
In response to carmen_harvey

The 2 main reasons I can think of that might cause this are:

  1. You have security software which is blocking the usage agent from working successfully on that application hence it is holding the process in memory while it tries to complete (McAfee is well known culprit for this)
  2. The application was attempting to close while the usage agent was tracking it and it's holding the process for some reason

Of the 2 I would say that 1 is most likely as the intention of the usage agent is to track when an application is open and closed so it would be unusual for it to keep hold of a process.

If it is security software, one option which usually works is to put the agent directory in as an exclusion to the active scanning engine of the security software so that it's only included in scheduled scans.

Can you check if this is a possibility?

(Anything expressed here is my own view and not necessarily that of my employer, Flexera)
If the solution provided has helped, please mark it as such as this helps everyone to know what works.

‎Jan 29, 2020 07:55 AM

0 Kudos

Matimba1229
By
Level 4
In response to carmen_harvey

@carmen_harvey  Were you able to resolve this? I'm sitting with a similar issue.

 

Regards,

Pardon

‎Mar 24, 2020 12:29 PM

0 Kudos