Antivirus detecting WinExeSvc but Huntress isn't reporting anything
Antivirus applications may flag the executable WinExeSvc.exe as a potentially unwanted application (PUA). Winexe creates this file from a Linux host.
Although this service is not malicious, please reveiw the following article on how Huntress' malware detection works: Why didn't Huntress detect/block a malicious file/activity/ransomware?
Winexe is a Microsoft-provided interface, similar to PsExec, to run commands against a Windows host from Linux and other Unix-based OSes. Winexesvc.exe creates the first time the command runs.
The first time the command is run, WinExeSvc.exe is created (may be located in the %systemroot% folder).
SIEM tools such as FortiSIEM utilize a Linux-based backend and pull information from servers using winexe.
Tools that use WinExeSvc:
Snip-it from FortiSIEM documentation:
If you need more assistance, please reach out to Huntress support at firstname.lastname@example.org, and we would be happy to help.