Hello,the MSP that rise the question should in reality give to you this information. If they have an agent installed on the machine, it should monitor and have already established the parent process (acs?) - child process relationship (it's pretty essential for cybersec), and any "behavioral" indicator (how many calls per second to the program, variance, anomaly detection w.r.t. normality etc.).
In any case, if that is Windows you can fire a "procmon" tool and then leave it on if you want to do it manually. btw Procmon monitor will give you "macro operations" not minute API calls...but I speculate that - being java - is it possible that any exact minute emerging behaviour is not directly known (or of concern) even to the ACS devs themselves if they use libraries like OSHI for java that abstracts away OS stuff.
On Wednesday, July 9, 2025 at 05:47:17 PM GMT+2, Richard Schoen <richard@xxxxxxxxxxxxxxxxx> wrote:
Hey friends an interesting one. i got asked this ACS question. I have a note out to Jesse G, but curious if anyone knows the answer to this:
Do you know if the 5250 emulator runs whoami, sysinfo or netstat commands in the background at all?
We have an MSP who monitors the firewall and connections, and they see those commands being run in the background and we wanted to make sure it wasn't anything nefarious.
Thoughts appreciated so I can respond appropriately.
Regards,
Richard Schoen
Web:
http://www.richardschoen.net
Email: richard@xxxxxxxxxxxxxxxxx<mailto:richard@xxxxxxxxxxxxxxxxx>
midrange.com
