Support Center > Search Results > SecureKnowledge Details
'ifi_user' - unrecognized user account created Technical Level
Symptoms
  • 'ifi_user' - unrecognized user account created. /opt/CPsuite-R80.30/fw1/log/ifi_log.elg 78425 - MainProcess - 2021-03-30 04:52:40,009 - __main__ - ifi_server - send_terminate_to_server - INFO - send_terminate_to_s erver... 78425 - MainProcess - 2021-03-30 04:52:40,061 - __main__ - ifi_server - send_terminate_to_server - INFO - server is unreachab Directory /opt/CPsuite-R80.30/fw1/te_file_analyzer/proc/1/cwd/home/ifi_user also was created at this time From /var/log/audit/audit_log.1 type=USER_CHAUTHTOK msg=audit(1617079960.131:477335): pid=78444 uid=0 auid=429496729 5 ses=4294967295 subj=kernel msg='op=adding user acct=ifi_user exe="/usr/sbin/userad d" (hostname=?, addr=?, terminal=? res=success)'
Cause

ifi_user is part of the Threat Emulation scanning components. It helps with static inspection of files, while dynamically cleaning the files from obfuscations/evasions and performing other methods.


Solution
Note: To view this solution you need to Sign In .