My Oracle Support Banner

How Does the jmap.exe Process Relate to the Capture server? (Doc ID 2831549.1)

Last updated on JANUARY 07, 2022

Applies to:

Oracle WebCenter Enterprise Capture - Version 11.1.1.8.0 and later
Information in this document applies to any platform.

Goal

The jmap.exe process was recently executed on the Capture server recently.  Is this activity legitimate? 

This is from the report:

Analysis:
<Appname> detected a suspicious activity for a command line on this host that an Oracle WebLogic process wrote a PE file which could be related to webshell activity. We found that the process "jmap.exe" injected into "java.exe" with the command line "E:\app\oracle\product\fmw\jrockit\jre\..\bin\jmap -histo 15048". Jmap is a java tool used for memory profiling. It is used to take a heap snapshot (dump the heap without affecting the running process).

 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.