storvsp.sys - Hyper V question

IRJ

Is storvsp.sys used when Hyper-V is disabled on a server?

I am scanning a sever that shows storvsp.sys as a vulnerability, but Hyper-V on the system. I am not sure if it is actually needed if the server does not run Hyper-V.

scottalanmiller

There is very little documentation on that file out there. It sounds like you can safely remove it, but I can't provide a good reference for that.

scottalanmiller

My guess is that you can remove it. You could remove it and see what happens, just don't throw it away. Move to another location so that you can replace if necessary.

thwr

storvsp.sys seems to be related to the integration services. When you google it, you'll find multiple threads where people had problems with integration services, so I would be very carefully.

Probably better to just nuke the drive and reinstall the maschine. Could also be a false positive.

IRJ

@scottalanmiller said in storvsp.sys - Hyper V question:

There is very little documentation on that file out there. It sounds like you can safely remove it, but I can't provide a good reference for that.

That was my exact thoughts. I can't find any legitimate references for that.

scottalanmiller

@IRJ said in storvsp.sys - Hyper V question:

@scottalanmiller said in storvsp.sys - Hyper V question:

There is very little documentation on that file out there. It sounds like you can safely remove it, but I can't provide a good reference for that.

That was my exact thoughts. I can't find any legitimate references for that.

I know, the lack of documentation is extreme. Why is Windows so poorly documented? Argh.

IRJ

Hyper-V is disabled on this server. Other servers aren't showing this vulnerability even though they haven't been patched.

Here is the Microsoft KB

https://support.microsoft.com/en-us/kb/3046359

IRJ

Oh and the patch doesn't actually work unless you enable Hyper-V. Then of course you need to disable it again. This is a really stupid problem.

thwr

@scottalanmiller said in storvsp.sys - Hyper V question:

@IRJ said in storvsp.sys - Hyper V question:

@scottalanmiller said in storvsp.sys - Hyper V question:

There is very little documentation on that file out there. It sounds like you can safely remove it, but I can't provide a good reference for that.

That was my exact thoughts. I can't find any legitimate references for that.

I know, the lack of documentation is extreme. Why is Windows so poorly documented? Argh.

Actually, MSDN (and former TechNet) is an enormous big source of information, IF you can find what you are looking for. I'm always using Google site search for this.

scottalanmiller

@thwr said in storvsp.sys - Hyper V question:

@scottalanmiller said in storvsp.sys - Hyper V question:

@IRJ said in storvsp.sys - Hyper V question:

@scottalanmiller said in storvsp.sys - Hyper V question:

There is very little documentation on that file out there. It sounds like you can safely remove it, but I can't provide a good reference for that.

That was my exact thoughts. I can't find any legitimate references for that.

I know, the lack of documentation is extreme. Why is Windows so poorly documented? Argh.

Actually, MSDN (and former TechNet) is an enormous big source of information, IF you can find what you are looking for. I'm always using Google site search for this.

Yeah, but my point is that a file that is having lots of issues does not appear to be documented, at all. Can you find docs on it in Technet?

thwr

@scottalanmiller said in storvsp.sys - Hyper V question:

@thwr said in storvsp.sys - Hyper V question:

@scottalanmiller said in storvsp.sys - Hyper V question:

@IRJ said in storvsp.sys - Hyper V question:

@scottalanmiller said in storvsp.sys - Hyper V question:

There is very little documentation on that file out there. It sounds like you can safely remove it, but I can't provide a good reference for that.

That was my exact thoughts. I can't find any legitimate references for that.

I know, the lack of documentation is extreme. Why is Windows so poorly documented? Argh.

Actually, MSDN (and former TechNet) is an enormous big source of information, IF you can find what you are looking for. I'm always using Google site search for this.

Yeah, but my point is that a file that is having lots of issues does not appear to be documented, at all. Can you find docs on it in Technet?

Nope, at least I couldn't find something. That's a major problem, I think Microsoft should provide a list of each and every file where you can clearly see to what subsystem the file relates to.

But, TBH, do we have such a List for GNU/Linux, BSD or MacOS?

scottalanmiller

@thwr said in storvsp.sys - Hyper V question:

But, TBH, do we have such a List for GNU/Linux, BSD or MacOS?

MacOS, no. Proprietary and gone since the 1990s.
Mac OSX, no. Proprietary and not that documented.
Linux and BSD, yes, because open source is natively documented by definition.

thwr

@scottalanmiller said in storvsp.sys - Hyper V question:

@thwr said in storvsp.sys - Hyper V question:

But, TBH, do we have such a List for GNU/Linux, BSD or MacOS?

MacOS, no. Proprietary and gone since the 1990s.
Mac OSX, no. Proprietary and not that documented.

my bad

Linux and BSD, yes, because open source is natively documented by definition.

For the most part, yes. Just a little example: https://www.kernel.org/doc/Documentation/w1/slaves/w1_therm

Could you tell from just looking at this file how exactly a virtual sysfs w1-therm temperature data file or even the virtual file structure looks like for a DS18XXX sensor? I had to try it the hard way, because there was no such documentation a year ago.

That's just one simple example. I know, I could (and probably should) improve that on my own...

thwr

@thwr said in storvsp.sys - Hyper V question:

@scottalanmiller said in storvsp.sys - Hyper V question:

@thwr said in storvsp.sys - Hyper V question:

But, TBH, do we have such a List for GNU/Linux, BSD or MacOS?

MacOS, no. Proprietary and gone since the 1990s.
Mac OSX, no. Proprietary and not that documented.

my bad

Linux and BSD, yes, because open source is natively documented by definition.

For the most part, yes. Just a little example: https://www.kernel.org/doc/Documentation/w1/slaves/w1_therm

Could you tell from just looking at this file how exactly a virtual sysfs w1-therm temperature data file or even the virtual file structure looks like for a DS18XXX sensor? I had to try it the hard way, because there was no such documentation a year ago.

That's just one simple example. I know, I could (and probably should) improve that on my own...

Spoiler:

cat /sys/bus/w1/devices/28*/w1_slave
62 01 ff ff 7f ff ff ff 91 : crc=91 YES
62 01 ff ff 7f ff ff ff 91 t=22125