xcmd.exe is reported as malware with potential security risk by applications like Sophos. Is it malware or is used with Release Automation?

Document ID : KB000056557
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

xcmd.exe is reported as malware with potential security risk by applications like Sophos. Is it malware or is used with Release Automation?

 

Solution:

xCmd.exe is a legitimate tool designed to execute applications on remote systems. It's functions is similar to psexec.exe.
Some antiviruses flag it as malware because it's used for executing commands and applications on remote machines, much like PsExec, but it is a legitimate
component of Release Automation.

The System user account executes xcmd.exe, as the Release Automation services run with the system account by default under services.msc.