Some time last year, our global organization has banned the use of 7zip throughout all our companies.
Since then an effort is in place to find and remove or replace any found instances of 7zip.
My Wintel colleague has just now brought  it to my attention that instances are present on all Windows hosts using ILMT scanning fixlets (which is all of them), in the following directory -- C:\Program Files (x86)\BigFix Enterprise\BES Client\LMT\CIT\7za.exe

Are these instances really necessary, or would it be possible to remove and replace them with something else, and what are your reccomendations for this?
I am turning to the community before opening a case, if needed. I would appreciate any and all feedback on this issue.

Thanks and best regards,

------------------------------
John Robeson
------------------------------

Hello,

'C:\Program Files (x86)\BigFix Enterprise\BES Client\LMT\CIT\7za.exe' can be removed altogether.
If not available it's counterpart (bzip2.exe) will be used for the same tasks...

Thank you, 

------------------------------
Oktawian Powązka
------------------------------

There is one potential pitfall I forgot to mention.
'Install or Upgrade Scanner' action will repopulate a '7za.exe' file upon each run, so, this file would need to be manually removed after running this action (mostly when new ILMT is released).

Nevertheless, I've checked all known '7za.exe' vulnerabilities,
all been addressed in the '7za.exe' release we deliver with ILMT: 18.05
I'd be glad If you could put some insight on the reason why 7zip usage has been banned in your organization,
perhaps, based on some tangible evidence we could revalidate its usage...

------------------------------
Oktawian Powązka
------------------------------

Original Message:
Sent: Wed January 18, 2023 09:44 AM
From: Oktawian Powązka
Subject: Concern about 7zip executable found in CIT dir used by ILMT on Windows servers

Hello,

'C:\Program Files (x86)\BigFix Enterprise\BES Client\LMT\CIT\7za.exe' can be removed altogether.
If not available it's counterpart (bzip2.exe) will be used for the same tasks...

Thank you, 

------------------------------
Oktawian Powązka
------------------------------

Ok, I think that I've found this 'banning' reason.
Unfortunately this is not a place to discuss any anti-Russian sentiments...
As of now, IBM keeps 7-zip on the approved list, thus, it's usage is still in compliance.
Manual removal from 'C:\Program Files (x86)\BigFix Enterprise\BES Client\LMT\CIT' folder seems to be the only workaround for now... 

------------------------------
Oktawian Powązka
------------------------------

Original Message:
Sent: Wed January 18, 2023 10:13 AM
From: Oktawian Powązka
Subject: Concern about 7zip executable found in CIT dir used by ILMT on Windows servers

There is one potential pitfall I forgot to mention.
'Install or Upgrade Scanner' action will repopulate a '7za.exe' file upon each run, so, this file would need to be manually removed after running this action (mostly when new ILMT is released).

Nevertheless, I've checked all known '7za.exe' vulnerabilities,
all been addressed in the '7za.exe' release we deliver with ILMT: 18.05
I'd be glad If you could put some insight on the reason why 7zip usage has been banned in your organization,
perhaps, based on some tangible evidence we could revalidate its usage...

------------------------------
Oktawian Powązka
------------------------------


Original Message:
Sent: Wed January 18, 2023 09:44 AM
From: Oktawian Powązka
Subject: Concern about 7zip executable found in CIT dir used by ILMT on Windows servers

Hello,

'C:\Program Files (x86)\BigFix Enterprise\BES Client\LMT\CIT\7za.exe' can be removed altogether.
If not available it's counterpart (bzip2.exe) will be used for the same tasks...

Thank you, 

------------------------------
Oktawian Powązka

Thank you so much for your prompt and useful answer. I think the workaround will be adequate to satisfy our internal compliance.

As for the reason for the banning, you figured it out -- I had no desire to bring up politcal issues, and I have no comment on the decision, other than to say that our organization does business by managing risks and minimizing impact -- if the analysts in our parent company have made this detimination then I will  not fault them personally. :-)

------------------------------
John Robeson
------------------------------

Original Message:
Sent: Wed January 18, 2023 10:33 AM
From: Oktawian Powązka
Subject: Concern about 7zip executable found in CIT dir used by ILMT on Windows servers

Ok, I think that I've found this 'banning' reason.
Unfortunately this is not a place to discuss any anti-Russian sentiments...
As of now, IBM keeps 7-zip on the approved list, thus, it's usage is still in compliance.
Manual removal from 'C:\Program Files (x86)\BigFix Enterprise\BES Client\LMT\CIT' folder seems to be the only workaround for now... 

------------------------------
Oktawian Powązka
------------------------------


Original Message:
Sent: Wed January 18, 2023 10:13 AM
From: Oktawian Powązka
Subject: Concern about 7zip executable found in CIT dir used by ILMT on Windows servers

There is one potential pitfall I forgot to mention.
'Install or Upgrade Scanner' action will repopulate a '7za.exe' file upon each run, so, this file would need to be manually removed after running this action (mostly when new ILMT is released).

Nevertheless, I've checked all known '7za.exe' vulnerabilities,
all been addressed in the '7za.exe' release we deliver with ILMT: 18.05
I'd be glad If you could put some insight on the reason why 7zip usage has been banned in your organization,
perhaps, based on some tangible evidence we could revalidate its usage...

------------------------------
Oktawian Powązka


Original Message:
Sent: Wed January 18, 2023 09:44 AM
From: Oktawian Powązka
Subject: Concern about 7zip executable found in CIT dir used by ILMT on Windows servers

Hello,

'C:\Program Files (x86)\BigFix Enterprise\BES Client\LMT\CIT\7za.exe' can be removed altogether.
If not available it's counterpart (bzip2.exe) will be used for the same tasks...

Thank you, 

------------------------------
Oktawian Powązka