We help IT Professionals succeed at work.

Pandainterface Error on Domain Controllers

jduehmig1
jduehmig1 asked
on
While checking logs on my two domain controllers today I found the following errror on both servers.  I have not installed anything new on the servers in months, and no users have access to the servers so browsing to an infected site is unlikely.  Does anyone have any information on this 'pandainterface' error?
Thanks,
Joe

Log Name:      Application
Source:        PandaInterface
Date:          8/6/2012 4:31:02 PM
Event ID:      0
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      BDC.domain.com
Description:
GetInstalledMSExchangeVersion : Not able to find installed Exchange version
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="PandaInterface" />
    <EventID Qualifiers="0">0</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-08-06T21:31:02.000000000Z" />
    <EventRecordID>12177</EventRecordID>
    <Channel>Application</Channel>
    <Computer>BDC.domain.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>GetInstalledMSExchangeVersion : Not able to find installed Exchange version</Data>
  </EventData>
</Event>
Comment
Watch Question

Manpreet SIngh KhatraSolutions Architect, Project Lead
CERTIFIED EXPERT
Top Expert 2013

Commented:
Do you have any Security software in your environment ? Not sure if a trial version is installed or what but seems it tried to connect to Exchange :(

Panda Security SL , formerly Panda Software , is a computer security company
http://www.system-tray-cleaner.com/systray/programs.php?appid=A3F0E1E41B27EFAEE2658CA1CE30C24D0001A700

- Rancy

Author

Commented:
I haven't intentially installed anything like this on the network.  I have since found this same error on six other servers (out of 30.)
Manpreet SIngh KhatraSolutions Architect, Project Lead
CERTIFIED EXPERT
Top Expert 2013

Commented:
Maybe its on some other App or Windows server trying to access the data ...

- Rancy

Author

Commented:
Anyone else?
IT Director
Commented:
Hi Everyone,

We experienced this same problem on about 4 servers. I worked with my AV vendor and we came up with the PandaInterface is coming from a monitoring tool we use in our environment. The tool being from N-Able Technologies.

Here is the log report from the command FindStr used.

In an open cmd prompt from c:\ after placing strings.exe from http://live.sysinternals.com/strings.exe right in c:\

strings -s | findstr /i pandainterface > c:\Results\log.txt



C:\\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe: PandaInterface
C:\\Program Files (x86)\N-able Technologies\Windows Agent\bin\EndpointSecurity.dll: PandaInterface
C:\\Program Files (x86)\N-able Technologies\Windows Agent\bin\EndpointSecurity.dll: PandaInterfaceException
C:\\Program Files (x86)\N-able Technologies\Windows Agent\bin\EndpointSecurity.dll: PandaInterface
C:\\Program Files (x86)\N-able Technologies\Windows Agent\bin\ESCleaner.exe: PandaInterface
C:\\Program Files (x86)\N-able Technologies\Windows Agent\bin\ESCleaner.exe: PandaInterfaceException
C:\\Program Files (x86)\N-able Technologies\Windows Agent\bin\ESCleaner.exe: PandaInterface
C:\\Program Files (x86)\N-able Technologies\Windows Agent\bin\PIU.exe: PandaInterface
C:\\Program Files (x86)\N-able Technologies\Windows Agent\bin\PIU.exe: PandaInterfaceException
C:\\Program Files (x86)\N-able Technologies\Windows Agent\bin\PIU.exe: PandaInterface
C:\\Program Files (x86)\N-able Technologies\Windows Agent\modules\EndpointSecurityModule.dll: PandaInterface
C:\\tammy-gfi\1.reg: [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\PandaInterface]
C:\\tammy-gfi\2.reg: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\PandaInterface]
C:\\Windows\Downloaded Installations\{D14EE1C6-4F85-407A-B260-07C41B007814}\Windows Agent.msi: PandaInterface
C:\\Windows\Downloaded Installations\{D14EE1C6-4F85-407A-B260-07C41B007814}\Windows Agent.msi: PandaInterfaceException
C:\\Windows\Downloaded Installations\{D14EE1C6-4F85-407A-B260-07C41B007814}\Windows Agent.msi: PandaInterface
C:\\Windows\Downloaded Installations\{D14EE1C6-4F85-407A-B260-07C41B007814}\Windows Agent.msi: PandaInterface
C:\\Windows\Downloaded Installations\{D14EE1C6-4F85-407A-B260-07C41B007814}\Windows Agent.msi: PandaInterfaceException
C:\\Windows\Downloaded Installations\{D14EE1C6-4F85-407A-B260-07C41B007814}\Windows Agent.msi: PandaInterface
C:\\Windows\Downloaded Installations\{EDDD506C-52D4-4479-807C-D5B23667151B}\Windows Agent.msi: PandaInterface
C:\\Windows\Downloaded Installations\{EDDD506C-52D4-4479-807C-D5B23667151B}\Windows Agent.msi: PandaInterfaceException
C:\\Windows\Downloaded Installations\{EDDD506C-52D4-4479-807C-D5B23667151B}\Windows Agent.msi: PandaInterface
C:\\Windows\Downloaded Installations\{EDDD506C-52D4-4479-807C-D5B23667151B}\Windows Agent.msi: PandaInterface
C:\\Windows\Downloaded Installations\{EDDD506C-52D4-4479-807C-D5B23667151B}\Windows Agent.msi: PandaInterfaceException
C:\\Windows\Downloaded Installations\{EDDD506C-52D4-4479-807C-D5B23667151B}\Windows Agent.msi: PandaInterface
C:\\Windows\Installer\42e69cde.msi: PandaInterface
C:\\Windows\Installer\42e69cde.msi: PandaInterfaceException
C:\\Windows\Installer\42e69cde.msi: PandaInterface
C:\\Windows\Installer\42e69cde.msi: PandaInterface
C:\\Windows\Installer\42e69cde.msi: PandaInterfaceException
C:\\Windows\Installer\42e69cde.msi: PandaInterface

We believe this to be a hiccup of the monitoring software.

Author

Commented:
Great!  We're using N-able's Ncentral monitoring software as well.  This certainly explains it.  Thanks for the answer.  I will be contacting N-Able on this.
Joe

Explore More ContentExplore courses, solutions, and other research materials related to this topic.