My Oracle Support Banner

How Does the jmap.exe Process Relate to the Capture server? (Doc ID 2831549.1)

Last updated on APRIL 27, 2023

Applies to:

Oracle WebCenter Enterprise Capture - Version and later
Information in this document applies to any platform.


The jmap.exe process was recently executed on the Capture server recently.  Is this activity legitimate? 

This is from the report:

<Appname> detected a suspicious activity for a command line on this host that an Oracle WebLogic process wrote a PE file which could be related to webshell activity. We found that the process "jmap.exe" injected into "java.exe" with the command line "E:\app\oracle\product\fmw\jrockit\jre\..\bin\jmap -histo 15048". Jmap is a java tool used for memory profiling. It is used to take a heap snapshot (dump the heap without affecting the running process).



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.