Upgrade fails leaving MID Server DOWN, due to antivirus/security software flagging InjectorService.exe as Malware/Trojan


Description

Several Antivirus/Security tools, including VirusTotal, Rapid7, ePolicy Orchestrator and Windows Defender flag up or delete InjectorService.exe. This hasn't been in new MID Server installs since Jakarta, but does remain in upgraded MID Servers.
\agent\bin\sw_wmi\bin\32\InjectorService.exe
\agent\bin\sw_wmi\bin\64\InjectorService.exe

This will also cause the Upgrade service to fail due to the anti-virus locking that file as the upgrade tries to delete it, leaving the MID Server DOWN.

Steps to Reproduce

  1. On a windows server host running Windows Defender, or any other anti-virus.
  2. Install a Geneva to Istanbul MID Server and upgrade to New York
  3. The upgrade will probably fail with a similar error to this in the wrapper/upgrade log, leaving the MID Server down:
INFO | jvm 1 | 2020/10/13 10:53:59.601 | INFO: C:\agent\bin\sw_wmi\bin\64\InjectorService.exe cannot be deleted: C:\agent\bin\sw_wmi\bin\64\InjectorService.exe (Operation did not complete successfully because the file contains a virus or potentially unwanted software)
INFO | jvm 1 | 2020/10/13 10:53:59.601 | Retrying in 1000ms...

Workaround

This problem is currently under review. You can contact ServiceNow Technical Support or subscribe to this Known Error article by clicking the Subscribe button at the top right of this form to be notified when more information will become available.

This file has not been needed since the Jakarta release. New MID Server installs since Jakarta have not included this file. It can safely be manually deleted from all MID Server installations before upgrading to avoid this issue.

Follow the steps below: 

  1. Locate the InjectorService.exe files
    \agent\bin\sw_wmi\bin\32\InjectorService.exe
    \agent\bin\sw_wmi\bin\64\InjectorService.exe
  2. Manually delete the InjectorService.exe files
  3. Restart the MID Server

Future upgrades will not have a problem from these files.


Related Problem: PRB1437357