Blog Post
Troubleshooting Azure DevOps Pipelines with Sysinternals: Introducing the ProcDump Task
18 Comments
- AaronMargosis_TaniumIron Contributor
There is some stupid kind of filtering happening on the techcommunity site. There's a bug in the April updates that broke Microsoft's Policy Analyzer and CIS' CIS-CAT Pro tool. I diagnosed the problem and my comments about it kept disappearing until I posted it as a screenshot instead of as text. Can someone at Microsoft track down who owns techcommunity and get them to fix that? Thanks.
- Alex_Mihaiuc
Microsoft
Ah, I think I understand now.
To summarize - the original VirusTotal scan you reported is https://www.virustotal.com/gui/file/4063678b979a5423445068312730cbfd549073af093db84486fa9e4fc20806c7/detection.
Also your Reddit post - https://www.reddit.com/r/antivirus/comments/1j2s326/virustotal_relations/.
I'm checking the docs and it's unclear to me what their "Microsoft Sysinternals" package is - https://docs.virustotal.com/docs/external-sandboxes. It looks to be "Microsoft.SysInternals" from the winget community packages - https://github.com/microsoft/winget-pkgs/blob/master/manifests/m/Microsoft/Sysinternals/2025-02-13/Microsoft.Sysinternals.installer.yaml, which is a 3rd party package that does reference the official source. In this case, the first party package would be Sysinternals Suite from the Store - https://apps.microsoft.com/detail/9P7KNL5RWT25?hl=en-us, id 9P7KNL5RWT25.
Regardless, none of the Sysinternals tools "call home". It remains to evaluate what those "Relations " / "Behavior" -> "Network comm" reports from VirusTotal mean. It seems, like NateL1010 reported, to be extra traffic from any source, as noticed within the infrastructure at the time, so possibly benign. As a note, "static" analysis as performed by a service probably can't account for all the possible network activity of a program running on a live system.
- knBrass Contributor
Sorry, can't post my answer as text (I think your site already hates me):
p.s.
WTF "invalid HTML"? 🥲
- Alex_Mihaiuc
Microsoft
I can understand your frustration. Keep in mind that this is a VirusTotal matter, that's why I was confused at first
Not sure why the techcommunity engine wouldn't let you post links. I transcribed them and added them in my first reply, and it just worked. I'll see whether I can loop someone from VirusTotal in; I don't think they're affiliated to Microsoft, but I am curious now.
Cheers!
Alex
- knBrass Contributor
Hello!
Alex, please explain why Microsoft Sysinternals is blatantly lying about the network activity of https://apps.microsoft.com/detail/xp8lvlmtsbd7wf, and what you're going to do to fix it?
Here is an https://app.any.run/tasks/74118c4a-9139-43ab-a406-34fbfe80f8b1 — it clearly shows that my app does not connect to any third-party domains during setup or normal operation except the one explicitly specified by the user:
TeamaticaYet Sysinternals, as shown on VT, makes it look like my app contacts over 20+ unrelated domains:
VTBut this is a complete fabrication. As a developer I officially state that no such functionality exists in the code, and I demand a full review and immediate correction of this false report:
VTp.s.
Sorry to contact you here, but my direct message via Message function doesn't work.
- Eric2Occasional Reader
Sorry I know this is an old post, but I agree with people in the reddit post, and here. VT is reporting 24 domains because as you can see in the relations tab it is testing your application against 24 domains. The 0/94 shows that there were no detections on any of the 24 domains. The only domain that was contacted was the normal Microsoft content delivery network which is pretty typical. It appears to me that there is a misunderstanding of how VT works by the users who reported it to you which is causing a lot of confusion.
- Alex_Mihaiuc
Microsoft
Which tool, or do you refer to the Microsoft Store?
- knBrass Contributor
I apologize for this format of the answer, but your idiotic resource blocks everything:
p.s.