AV detecting WinExeSvc but Huntress isn't reporting anything

Some antivirus applications may flag the executable WinExeSvc.exe as a potentially unwanted application (PUA). The WinExeSvc.exe is related to WinExe, a utility that is similar to Microsoft's PsExec. WinExe is used to run commands on a Windows host from Linux and other Unix-based operating systems.

When WinExe is used to run a command, a helper service, WinExeSvc.exe, is created on the Windows host.

Some SIEM applications, such as FortiSIEM, and other Linux-based applications may use WinExe to run commands on Windows hosts. 

Applications known to use WinExe:

  • Unitrends
  • FortiSIEM
  • AlienVault
  • OpenVAS
  • Reevert

Snip-it from FortiSIEM documentation: 

If you need more assistance, please reach out to Huntress support at, and we would be happy to help.  

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Need help? Click here to Contact Us Click here to Contact Us