What is GatherNetworkInfo.vbs and is it a Security Risk?

GatherNetworkInfo.vbs  is a VBS (Visual Basic Script) file found in all versions of the Windows Operating System starting with Windows 7. GatherNetworkInfo.vbs is found in the root folder (this is wherever the Windows folder is on your computer) and is a file that comes pre-installed on all versions of the Windows Operating System to have been developed and released since the days of Windows 7. For some reason, however, the GatherNetworkInfo.vbs file is flagged as a security concern by a few different threat detection engines. One of the threat detection engines that flags the GatherNetworkInfo.vbs as a potentially harmful file is the one used by the third-party computer security program known as Zemana.

The GatherNetworkInfo.vbs file being flagged as a threat is especially worrying since, judging by its location, the file is a Windows system file, and it actually is. Concerned by the file being flagged as being a potential security concern (and the file even being mentioned in an exploit that was discovered to have been able to allow third-parties to infiltrate Windows computers), countless civilian experts took it upon themselves to carefully analyze the GatherNetworkInfo.vbs file.

Well, first things first – the GatherNetworkInfo.vbs file is indeed a Windows system file. Judging from its code, the GatherNetworkInfo.vbs file’s job is to gather an array of networking information and log all of that information in the Config subfolder found within the Windows folder. The GatherNetworkInfo.vbs script starts doing its job whenever a running netsh trace is stopped. While the script’s code does indicate that it has, to some extent, authority over the host computer’s network, there is no evidence of the script being able to transmit any data it collects to any other location via the host computer’s network.

One might wonder then – if the GatherNetworkInfo.vbs script is indeed a Windows system file and its code does not in any way indicate that the script has any malicious intentions, why is the file flagged as a potential security concern by some threat detection engines? Well, in the rare cast of the GatherNetworkInfo.vbs, the result that these specific threat detection engines spit out is a false positive. If you would like this proven, aside from the fact that the script is most certainly a Windows system file as long as it is located in your computer’s root folder, simply run scans with a variety of different threat detection engines and you will see that only one or two flag the GatherNetworkInfo.vbs script.

The reason why even one or two threat detection engines flag the GatherNetworkInfo.vbs script as a potential security risk is because the GatherNetworkInfo.vbs file is not a compiled object that has been digitally signed by Microsoft itself. Instead, it is just a script file that is located in the heart of your computer of all things, and a few threat detection engines are coded to see this as malicious behavior. All Microsoft had to do was compile the GatherNetworkInfo.vbs script digitally sign it, and there wouldn’t be any false positive to even worry about. In any case, however, the fact of the matter is that the GatherNetworkInfo.vbs script file located in your computer’s root folder is completely safe and is not, in any way, a security risk.