Why does @battlenet Agent.exe scan for all running processes in WMI every 4 seconds?

Updated 8-18: Looks like this is likely a “try not to run multiple copies of battlenet” intention, according to this tweet:

 

Good question, but it does. With the advent of BYOD/WFH, do cybersecurity professionals need to keep an eye on these agents? Probably not, but it depends on risk mitigation, I guess.

I’m using the tool WMIMon from Github to log this information.

A quick search in Task Manager shows that Agent.exe is a Battlenet Executable

Is it ok for game library programs to inventory/spy on you? Battlenet isn’t the only one, to be sure. But why is this ok?

3 Comments

Leave a Reply