Team: Huntress EDR
Product: WinExeSVC.exe (WinExe)
Environment: Windows host running Linux or Unix-based applications and operations (Unitrends, FortiSIEM, AlienVault, OpenVAS, Reevert, etc...)
Summary: WinExeSvc.exe is being flagged by antivirus solutions, but not Huntress as it often a valid utility used by other applications.
Some antivirus applications may flag the executable WinExeSvc.exe as a potentially unwanted application (PUA). The WinExeSvc.exe is related to WinExe, a utility that is similar to Microsoft's PsExec. WinExe is used to run commands on a Windows host from Linux and other Unix-based operating systems.
When WinExe is used to run a command, a helper service, WinExeSvc.exe, is created on the Windows host.
Some SIEM applications, such as FortiSIEM, and other Linux-based applications may use WinExe to run commands on Windows hosts.
Applications known to use WinExe:
Snip-it from FortiSIEM documentation:
If you need more assistance, please reach out to Huntress support at email@example.com, and we would be happy to help.