At times either PAExec or RemCom services and processes may be found on client systems and raise alarms of a security breach. Managed Workplace utilizes both of these for various automated tasks and running scripts against devices.
To view what either service is running on a device open Task Manager -> Details -> Right click the titles -> Select Columns -> Check "Command Line". This will provide the full path of where PAExec or RemCom is running from as well as the name of the script being executed.
When execution of a script is completed the respective service is deleted from the end device although there will be entries in the Windows Event log indicating that a service was installed, started, stopped and deleted.
PAExec is used for running silent tasks on devices from either an Onsite Manager or Device Manager. When a task is executed on a device a service with the name of PAExec-ONSITEMANAGERNAME.exe. This does not indicate a security breach on the system if it is coming from the Onsite Manager and was started by the MWService account that is being utilized by the Onsite Manger or Local System in the case of a Device Manager.
Tasks that utilize PAExec include:
- Deployment of Premium Remote Control
- Deployment of Avast Antivirus
- Automatic execution of resolving found Onboarding issues
- Site Security Dashboard scans
PAExec is a re-write of PSExec. Details of PAExec can be found here https://www2.poweradmin.com/paexec/.
This is used for Automation within Managed Workplace. When a script is executed against devices RemCom will be installed, the script files copied to the device and executed on the device. Once the script has completed the service is deleted.
Remcom is an open source project and details of it can be found here https://github.com/kavika13/RemCom.