The Unified Manager upgrade to 9.16 is triggering my security software due to a 'whoami' command. Should I be concerned?
Applies to
Active IQ Unified Manager (AIQUM) 9.16 for Windows
Answer
During an upgrade to Unified Manager 9.16 on Windows, the upgrade process invokes the following command:
cmd /Q /c for /F "tokens=2 delims=," %f in ('whoami /user /FO CSV /NH') do echo %~f 2>nul
- This command merely prints the SID of the current user performing the upgrade operation.
- This type of operation should be expected during software installation or upgrade processes.
- Security software may flag this as suspicious, but the alert can be ignored if activity is generated by the UM upgrade process.
Additional Information
additionalInformation_text