Security auditing scans may identify Symantec Veritas Enterprise Service process "VxSVC.exe" as an executable with untrusted path, due to the fact that its path is not enclosed in quotation marks ("").
There are no errors logged.
This is a known issue with VPI where the CMDline VPI is executing vxsvc.exe with quotes but the ImagePath registry key was created without quotes. For Example: CMdline - "C:\Program Files\Veritas\VERITAS Object Bus\Bin\vxsvc.exe" -i
Symantec has identified the issue and is in-progress addressing the issue with patches specific to installed product. Please contact Symantec Enterprise Technical Support for additional questions or concerns regarding to this CMdLine VPI issue.
Use the following procedures to resolve the issue:
Solution 1 - Issue the following command:
sc config vxsvc binPath= "\"%VIP_PATH%\vxsvc.exe\""
Solution 2 - Manual registry edit:
1. Open the Registry editor and locate "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VxSvc\ImagePath".
2. Edit the "ImagePath" value - right-click ImagePath > Modify
3. In the Value Data filed of the Edit String diaglog box, add double quotation marks ("") to the beginning and end of the path
For Example: "C:\Program Files\Veritas\VERITAS Object Bus\Bin\vxsvc.exe"
Systems with Symantec Storage Foundation for Windows (SFW) or Symantec Storage Foundation High Availability (SFW-HA) 6.0.x installed.