BESClient.exe
BESClient by International Business Machines Corporation (Signed)
Version: | 8.2.1093.0 |
MD5: | d06561590ee158bc551d5711beb22442 |
SHA1: | 449ba9a190f5efc831d973ea2f9213271c351d4f |
SHA256: | 463640e734f649c0c859380e40c5e1ef80ae61e9d9c347c26816427cee3a7eb2 |
Overview
besclient.exe runs as a service under the name BES Client (BESClient) with extensive SYSTEM privileges (full administrator access). This is typically installed with the program Tivoli Endpoint Manager Client published by IBM. The file is digitally signed by International Business Machines Corporation which was issued by the VeriSign certificate authority (CA).
Details
File name: | besclient.exe |
Publisher: | IBM Corp. |
Product name: | BESClient |
Description: | Tivoli Endpoint Manager Agent |
Typical file path: | C:\Program Files\bigfix enterprise\bes client\besclient.exe |
File version: | 8.2.1093.0 |
Size: | 4.46 MB (4,678,552 bytes) |
Certificate |
Issued to: | International Business Machines Corporation |
Authority (CA): | VeriSign |
Effective date: | Sunday, November 14, 2010 |
Expiration date: | Saturday, December 14, 2013 |
Digital DNA |
PE subsystem: | Windows GUI |
File packed: | No |
.NET CLR: | No |
More details
Programs
The following program will install this file
“Tivoli Endpoint Manager Clients, also called Agents, are installed on every computer that you want to manage under Tivoli Endpoint Manager. They access a collection of Fixlet messages that detects security holes, improper configurations, and other vulnerabilities. The Client can then implement corrective actions received from the Console through the Server. The Tivoli Endpoint Manager Client runs undetected by users using a minimum of s...”
Behaviors
Service
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
Network connections
[TCP] 9.57.52.202:52311
[UDP] listens on port 52311
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
CPU |
Total CPU: | 0.00005316% | |
Kernel CPU: | 0.00003322% | |
User CPU: | 0.00001993% | |
Kernel CPU time: | 3,039,391 ms/min | |
Context switches: | 280/sec | |
Memory |
Private memory: | 12.95 MB | |
Private (maximum): | 12.11 MB | |
Private (minimum): | 712 KB | |
Non-paged memory: | 12.95 MB | |
Virtual memory: | 78.48 MB | |
Virtual memory (peak): | 94.39 MB | |
Working set: | 9.13 MB | |
Working set (peak): | 15.01 MB | |
Page faults: | 55,033,582/min | |
I/O |
I/O read transfer: | 1.02 MB/sec | |
I/O read operations: | 140/sec | |
I/O write transfer: | 27.83 KB/sec | |
I/O write operations: | 24/sec | |
I/O other transfer: | 96.02 KB/sec | |
I/O other operations: | 5,937/sec | |
Resource allocations |
Threads: | 9 | |
Handles: | 234 | |
GUI GDI count: | 5 | |
GUI USER count: | 3 | |
Process properties
Integrety level: | Undefined |
Platform: | 32-bit |
Command line: | "C:\Program Files\bigfix enterprise\bes client\besclient.exe" |
Owner: | SYSTEM |
Windows Service |
Service name: | BESClient |
Display name: | BES Client |
Description: | “Facilitates use of the Tivoli Endpoint Manager” |
Type: | Win32OwnProcess |
Parent process: | services.exe (Services and Controller app by Microsoft) |
Threads
Averages
advapi32.dll (Advanced Windows 32 Base API by Microsoft) |
Total CPU: | 0.76250459% | |
Kernel CPU: | 0.60313546% | |
User CPU: | 0.15936913% | |
Context switches: | 263/sec | |
Memory: | 620 KB | |
BESClient.exe (main module) |
Total CPU: | 0.00132497% | |
Kernel CPU: | 0.00020985% | |
User CPU: | 0.00111512% | |
Context switches: | 3/sec | |
Memory: | 5.13 MB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
OS version | distribution |
Windows 7 Ultimate |
50.00% |
|
Microsoft Windows XP |
50.00% |
|
Distribution by country
Kuwait installs about 50.00% of BESClient.
Distribution by PC manufacturer
PC Manufacturer | distribution |
Acer |
100.00% |
|