Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Users Of Ca Security Suite (information Required On Unknown Processes)


  • Please log in to reply
6 replies to this topic

#1 the_binkster

the_binkster

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 02 October 2007 - 12:23 PM

Following installation of a the most recent updated version of CA Security Suite ON TWO PC'S (previous version's license expired), I chanced upon 3 processes which had not been there previously (ON BOTH PC'S); all showed the date last modified as being 03/09/2007 within 1 minute of each other. However, they did not show up (or I did not notice them) until 29/09/2007.

mdmcls32.exe
cfgmng32.exe
svcprs32.exe

If users of CA could check their pc's for these processes and report back as to whether you a) have them and b ) any information you might have on them as searches so far have proved inconclusive (according to some databases mdmcls32.exe and cfgmng32.exe are clean and svcprs32.exe has only been around since 23/09/2007 {Prevx}).

Cheers (any further assistance much appreicated)

the_binkster

Edited by the_binkster, 02 October 2007 - 12:24 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,479 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:54 AM

Posted 02 October 2007 - 01:05 PM

Anytime you come across a suspicious file for which you cannot find any information about, you can submit it to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
Post back with the results of the file analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 the_binkster

the_binkster
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 02 October 2007 - 01:38 PM

Honestly do you think I haven't done that!

Both came back negative.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,479 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:54 AM

Posted 02 October 2007 - 02:15 PM

I don't take things for granted. We have a lot of novice members so its best to cover all basis. This is some of the info I found.

mdmcls32.exe
cfgmng32.exe
svcprs32.exe
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 the_binkster

the_binkster
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 02 October 2007 - 03:06 PM

The information on cfgmng32.exe is very helpful as it is confirming my suspicions that these are CA files (since part of the security suite uses Puresight_PC components). However, the lack of compnay tags in File Properties raises questions over their legitimacy. I have now contacted CA asking them to confirm whther or not they are their files.

Other CA users please check your running processes and do a search for these files in C:/Windows. If many of you have them, then it should confirm that they are CA files. (Also check the last modified date - I got 03/09/2007 at 13:00 for all 3 on two separate PC's).

Edited by the_binkster, 02 October 2007 - 03:07 PM.


#6 martin4107

martin4107

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 AM

Posted 19 December 2007 - 01:14 AM

Hello and Merry Xmas to all!

In regards to the following files: mdmcls32.exe (a true memory hog), cfgmng32.exe, and svcprs32.exe…all of theses files were found in Task Manager (Processes) after I installed CA Security Suite. After what I thought was way to much time trying to determine the source of these files, I was finally able to conclude that they were programs installed by "CA Security Suite", which I had recently Installed. This was a freebie provided by my ISP (Mediacom), that I had used in previous years with little problems with performance. The major difference in this version compared to the previous version, were the additions of these programs: CA Anti-Spam, CA Website Inspector, CA Parental Controls, and CA Desktop DNA Migrator.
To cut to the chase I used the Control Panel “Add and Remove programs” to uninstall “CA Security Suite” and was able to just uninstall the above programs, and my erroneous “processes” went away.
I was particularly concerned with “mdmcls32.exe as it would use 33MB of memory in one instance, and sometimes there would be several instances of this process running simultaneously (at one point I had over 70MB of memory usage for this one process). I hope this is useful to anyone experiencing the same problems, as I spent at least six hours researching this problem, and |I would not wish that on my worst enemy (well maybe I would).

Peace,
Martin

#7 alpenit

alpenit

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 20 January 2008 - 04:39 PM

As far as I can tell, these three are installed with the CA Internet Suite (CAIS). I just installed 2008 on a computer - replacing Norton, Norton seems NOT to be so good at finding or preventing bugs anymore. Anyway, I too noticed these three that were poorly labeled and suspected them as part of the malware trouble on the computer. I was able to delete them but then found that CAIS would show that certain features or applications in CAIS were either not functioning or not installed. I also lost my network connections, wired and wireless. As I fussed for hours on this - I re-installed CAIS 3 times and found that these always reappeared as part of the install. Things are running OK now but I am starting to believe that CAIS may be harmful - in that if I remove it - I lose network connectivity... It seems that CAIS imposes its own winsock applications and processes and doesn't return control back to Windows once uninstalled.

Also the cfgmng32.exe is detected as 'Adware.AdBar' by my preferred anti-spyware, Spyware Detector published by Maxpcsecure..... so I reluctantly exclude that file from being detected again.

I like the CA products but - I believe CA needs to look closer at CAIS and clean it up a bit.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users