Skip to content
  • There are no suggestions because the search field is empty.

Block 64 toolset: Expected processes

The Block 64 toolset uses various methods to gather inventory of endpoints that could cause security alerts in your environment. Below is a list of possible processes that can be expected and attributed to our toolset should an alert appear. 

Expected Processes

The WMI command to collect swid tags. (Note: __1695832906.1722667 is a random file name starting with double underscores)

The WMI command to collect Hyper-V VM (Note: __1691075263.208616 is a random file name starting with double underscores)

The WMI command to collect Windows Event Log.

Expected Files

Some security suites may remove the process below, preventing the collection of network traffic from the inventoried endpoint:

Block64TrafficMonitor.exe