Community
Participate
Working Groups
MemoryAnalyzer opens cloud credential files. Our IT reported suspicous activity from MemoryAnalyzer, in particular MemoryAnalyter opened these two files: - C:\Users\myuser\.aws\config - C:\Users\myuser\.aws\credentials Can you please elaborate why this is happening, why this is neccessary and what MemoryAnalyzer is doing with that information? Thank you.
Thanks for the report. Memory Analyzer doesn't have any code to open those files, or need to open those files. Which precise version of MAT are you using? Is it Windows 1.14.0 https://eclipse.dev/mat/downloads.php https://www.eclipse.org/downloads/download.php?file=/mat/1.14.0/rcp/MemoryAnalyzer-1.14.0.20230315-win32.win32.x86_64.zip Which download site mirror did it come from? Which version of Java are you using to run MAT? Which tool detected that file access? How reproducible is the problem?
> Eclipse Memory Analyzer Version 1.14.0 > > java.vendor=Azul Systems, Inc. > java.vendor.url=http://www.azul.com/ > java.vendor.url.bug=http://www.azul.com/support/ > java.vendor.version=Zulu17.40+19-CA > java.version=17.0.6 > java.version.date=2023-01-17 Yes, thats the download link I used: https://www.eclipse.org/downloads/download.php?file=/mat/1.14.0/rcp/MemoryAnalyzer-1.14.0.20230315-win32.win32.x86_64.zip Mirror: > Germany - University of Applied Sciences Esslingen https://www.eclipse.org/downloads/download.php?file=/mat/1.14.0/rcp/MemoryAnalyzer-1.14.0.20230315-win32.win32.x86_64.zip&mirror_id=17 I also still have the zip file on my computer. I have asked IT to share details about what tool detected the usage and will update the ticket as soon as they come back to me.
I have tried to reproduce this, with a test from ProcessMonitor https://learn.microsoft.com/en-us/sysinternals/downloads/procmon with a filter for PATH starting C:\Users\myuser\.aws\ (replacing myuser with my actual user ID). I do not see any activity from Eclipse Memory Analyzer on that directory with a dummy config and credential file.
The tool being used by IT is Cortex XDR, but they refused to give me further information.
This is still a mystery. The Eclipse download site publishes a SHA512 hash of the zip: 07b4abc1b1e15d458f8ba463dd732ee555219e26b204fb75b78ca6b400c8a15289c97de8b23b7c6833fc6cbfae25e893d6bd146f9028689b58ed89ea019f2228 MemoryAnalyzer-1.14.0.20230315-win32.win32.x86_64.zip which can be checked after download with certutil -hashfile MemoryAnalyzer-1.14.0.20230315-win32.win32.x86_64.zip SHA512 SHA512 hash of MemoryAnalyzer-1.14.0.20230315-win32.win32.x86_64.zip: 07b4abc1b1e15d458f8ba463dd732ee555219e26b204fb75b78ca6b400c8a15289c97de8b23b7c6833fc6cbfae25e893d6bd146f9028689b58ed89ea019f2228 CertUtil: -hashfile command completed successfully. The MAT executable files and jars are also signed. Eclipse Memory Analyzer does open files, but these are either part of the installation (jars, etc.) or because the user requested a dump file to be parsed, or a report file to be opened etc. Normally a user would not go into the .aws directory from a file open dialog from an application like MAT. It would be possible for a user to explicitly attempt to open a file C:\Users\myuser\.aws\config as a dump in MAT. This would fail, as the file is not a dump, but that file would appear in the recent dumps list. MAT might then open then open that file on restart to check its type and give it the correct icon. This doesn't seem a likely scenario.
I would close this bug as not reproducible.
