mcr.microsoft.com/windows/servercore/iis:20250408-windowsservercore-ltsc2019 ServiceMonitor.exe 2.0.1.04 BA2008: 'ServiceMonitor.exe' does not enable the control flow guard (CFG) mitigation. #93
Description
-
Using container
https://hub.docker.com/r/microsoft/windows-servercore-iis
20250408-windowsservercore-ltsc2019 | amd64 | Dockerfile | Windows Server 2019 | 04/08/2025 | 04/08/2025 -
Built with this dockerfile
https://github.com/Microsoft/iis-docker/blob/main/windowsservercore-ltsc2019/Dockerfile -
Scan with https://www.nuget.org/packages/Microsoft.CodeAnalysis.BinSkim 4.4.1 (2025-03-28)
Observed:
CMD> sigcheck -nobanner ServiceMonitor.exe
ServiceMonitor.exe:
Verified: Signed
Signing date: 9:47 PM 3/22/2020
Publisher: Microsoft Corporation
Company: Microsoft
Description: Windows Service Monitor
Product: Windows Service Monitor
Prod version: 2.0.1.04
File version: 2.0.1.04
MachineType: 64-bit
CMD> BinSkim.exe analyze ServiceMonitor.exe
Analyzing...
THREADS: 20
ServiceMonitor.exe: error BA2008: 'ServiceMonitor.exe' does not enable the control flow guard (CFG) mitigation.
To resolve this issue, pass /guard:cf on both the compiler and linker command lines. Binaries also require the /DYNAMICBASE linker option in order to enable CFG.
For VC projects use ItemDefinitionGroup - ClCompile - ControlFlowGuard property with 'Guard' value, link CFG property will be set automatically.
ServiceMonitor.exe : error ERR997.ExceptionLoadingPdb : 'ServiceMonitor.exe' was not evaluated because its PDB could not be loaded (E_PDB_NOT_FOUND).
Done. 1 files scanned.