Synowedjat is a backdoor from Synology. When checking package updates, it is downloaded from the server and executed, no matter whether you are using a genuine Synology device or not. It is highly recommended to remove it.
Specifically:
1. When the background service checks for updates, "synopkg chkupgradepkg" is invoked
2. "synopkg chkupgradepkg" starts synowedjat-exec
3. synowedjat-exec
- Uploads hardware info to account.synology.com/wedjat
- Downloads and extracts synowed
So for 7.2RC :
/usr/bin/cat << EOF > /etc/apparmor/usr.syno.bin.dlid
/usr/syno/bin/dlid {
deny network,
deny capability net_raw,
deny capability net_admin,
}
EOF
/usr/bin/sleep 2
/sbin/apparmor_parser -r /etc/apparmor/usr.syno.bin.dlid
/bin/rm -f /usr/syno/etc/dlid.status