cancel
Showing results for 
Search instead for 
Did you mean: 
manishkeshav
Active participant

What is the function of mgssecsvc

Good day

 

I have a customer that is asking what is the functionality of the mgssecsvc component and are there any security concerns around it. They say that the component has the potential to run whatever code that gets downloaded to it and if so it could be exploited.

Please advise.

 

regards

Manish

0 Kudos
4 Replies
mfranz
Consultant

Re: What is the function of mgssecsvc

Hi Manish,

The documentation (GatheringFlexNetInventory) has some details:

"Another service that runs exclusively on Microsoft Windows is mgssecsvc (there is no equivalent on UNIXlike platforms). Like ndinit, it is automatically initialized as a service on machine reboot. It exists solely as a wrapper for its child processes (which are implemented as DLLs on Windows, and so are running whenever
the service is running)."

"mgssecsvc.exe (and its plug-ins mgsusageag and vdiendpoint)"

and

"The component that monitors application usage (when you have usage tracking configured) is mgsusageag, which is a library exercised by mgssecsvc on Windows. On UNIX-like platforms, mgsusageag is a service in its own right. Because of the ephemeral nature of usage data, mgsusageag invokes the uploader any time it has usage data (an .mmi file) to upload. This means that application usage data isuploaded asynchronously with relation to the upload schedule saved on the local device."

That an the "Agent Architecture" diagram, should explain what it is usually doing.

Can you share any more specific concerns regarding "run whatever code"?

Best regards,

Markward

Flexera mrichardson
Flexera

Re: What is the function of mgssecsvc

Hi @manishkeshav,

 

The primary use of  mgssecsvc is to run the application usage agent but it also does the vdi endpoint agent.  It is the executable behind the security agent service and without this you won't be able to collect usage with the agent.

 

Do you know the specific security concerns?  I can't see any open issues around this but if there are major issues we can investigate these further.

 

Matt

 

  

(Anything expressed here is my own view and not necessarily that of my employer, Flexera)
0 Kudos
pushkar_s
Occasional contributor

Re: What is the function of mgssecsvc

If you would be so kind to entertain some more questions on this subject.

  • If the service exists solely as a wrapper, why is it called 'Flexera Inventory Manager security service' and what is meant by the term 'security agent'?
  • What measures have been taken to ensure a rogue plugin will not be loaded by the service? Is there a penetration test report available for this service?
  • Can you please provide a listing of the types of operations that can be expected and to what effect have they been included?

Regards,
Pushkar

0 Kudos
Community Manager ChrisG Community Manager
Community Manager

Re: What is the function of mgssecsvc

This service was named something like 13-16 years ago when it did (or there was a vision for it to do more) than it does today. For example, my recollection is at the time it gathered details of various security-related events such as logon and logoff events. The name has stuck since and not been changed.

Penetration tests for the agent are available under NDA with Flexera. Please reach out to your Flexera contact to request this.

In terms of the types of operations performed by this service, I don't have much more to add beyond the earlier comments from @mfranz and @mrichardson which cover it pretty well.

(Anything expressed here is my own view and not necessarily that of my employer, Flexera. If my reply answers a question you have raised, please click "ACCEPT AS SOLUTION".)