LabVIEW

Interesting find - was that captured from a wireshark trace?

My best guess would be either the Customer Experience Improvement Program sending info back to NI, or LabVIEW always sending internal warnings to NI. Did you enable any of these features?

You could try redirect api.niwsc.com to 0.0.0.0 in your hosts file, though that will probably break other things.

---

Unless otherwise stated, all code snippets and examples provided
by me are "as is", and are free to use and modify without attribution.

There's a DNS call to find the address of api.niwsc.com.  That's how I found it as all of our production machines don't have internet access and sometimes have to wait quite a bit for a timeout.  I had "DNS" display filter and saw the call for that machine.

Today the IP is different, but they all resolve to an Amazon AWS EC2 instance.

On restricted machines the returned IP is of the blocking firewall, so it tries again until it times out, I assume.

On machines that can talk to the internet it then makes an https call, I can see the certificate exchange with the AWS machine, but haven't had the time or inclination to install a MITM to decrypt it (not needed, see below)

On the production machines I already added that to the 0.0.0.0 hosts entry, along with other Microsoft (ie11 timeouts are a pain), NI (license timeouts are a pain), wpad calls,etc, for all nice ETs that like to phone home.

For the other machines I'll do the same later, not sure what it will break, but it would be nice to have LabVIEW stop whatever it is doing.

Production machines point to a Volume License Server where I have the Customer Experience Improvement Program disabled, and it can't be turned on by running the local program that lets you chose it.  On another one I disabled it manually and it still tried it. Thus, if it is for the Improvement Program, LV2018 is not obeying the setting.

Further debugging shows that LabVIEW upon exit spawns a call to:

  ..\National Instruments\Shared\SLCP\nisf -p \path\to\users\AppData\Local\Temp\slcXXXX.tmp

where XXXX looks like an uppercase Hex number, maybe LabVIEW's PID.

In that file has a bunch of hexadecimal stuff, but looks like text.  A quick python decode shows they're sending a bunch of info about what NI Software is installed on the system, licenses or VLA, etc.

About the warning possibility. This happens on all machines when LV2018 starts and is immediately closed.

Another tidbit, looking at the files in the SLCP folder, specificly nislcpcore.dll, it contains the interesting non-obfuscated strings:

  phoneHomeDataUpload
  phoneHomeDataConfig

thus is it ET after all.

Thanks for the detailed info, really interesting. Digging around it looks like SLCP is NI's "Software License Compilance" tool.

Process Monitor shows LabVIEW calls nislcp.exe on exit with that .tmp file, which in turn calls nisf.exe with the same .tmp file. I can confirm nislcp.exe is hitting api.niwsc.com over HTTPS on port 443, though the payload seems smaller than the tmp file (probably sent as binary rather than ascii encoded hex).

I've since moved those exe/dll files, so we'll see if LabVIEW breaks at some point.

---

Unless otherwise stated, all code snippets and examples provided
by me are "as is", and are free to use and modify without attribution.

https://www.ni.com/pdf/legal/us/software_license_agreement.pdf

22. Compliance

...

B. You agree that the Software may collect and communicate certain software, hardware, and use information to NI or its service providers' servers for the purposes of (i) checking for and performing any updates; (ii) ensuring that you have complied and are complying with the terms and conditions in this Agreement, including your use of valid software key codes, hardware keys, or both; (iii) NI's internal product development; and (iv) providing usage reporting to you.

I was told this was added in 2014, so I guess I agreed to send this info after all 🙂

Hi,

I chose to reuse this thread here instead creating a new one, just because it mention the SLCP application.

My problem is that after I close TestStand o LabVIEW, a process called "NationalInstruments.UDC.Slcp" is fired, and it alone consumes a lot of CPU:

(machine's fan goes to max)

We use a local VLA here for licenses, any idea if it is part of the compliance process or just a error?

Regards,

Luis Peluso

The SLCP does seem to indicate it is the Software License Compliance Program and just like with my case with LabVIEW it happens at exit (I don't have TestStand).  Try removing the SLCP files as detailed above and see if the problem goes away. As a paying VLM customer you are being inconvenienced by some compliance program.  And if your machine still talks to api.niwsc.com, maybe redirect that somewhere else.

Hi Luis,

I've noticed the exact same thing after launching LabVIEW 2020 and NXG 5.0. The SLCP process sits there running at 100% on a single core, and never exits. The only option is to terminate it. I've since moved the SLCP folder to another location so it isn't automatically launched.

I suspect it can't reach api.niwsc.com for some reason, so is busy waiting for a response from the server and wasting CPU cycles.

---

Unless otherwise stated, all code snippets and examples provided
by me are "as is", and are free to use and modify without attribution.