Btexecext.phoenix.exe

If you are seeing high resource usage or strange logon alerts from btexecext.phoenix.exe , follow these steps:

According to Microsoft Core Infrastructure documentation, S4u2Self allows a service to request a Kerberos ticket to itself on behalf of a user. This is completely normal behavior for checking Access Checks or Group Memberships. However, Active Directory evaluates this request as a logon proxy action, prompting it to update the account's timestamp and log a false-positive user logon event. Security Troubleshooting and Best Practices

If you encounter this file and are unsure of its origin, perform the following checks. btexecext.phoenix.exe

: Right-click the file, select Properties , and check the Digital Signatures tab. It should be signed by BeyondTrust Software, Inc.

To implement such a feature, you would likely need: If you are seeing high resource usage or

: Checking the membership lists of local administrative groups on scanned systems. The "False Positive" Logon Event Phenomenon

(formerly Retina CS), a vulnerability management and privileged access security platform BeyondTrust BeeKeepers Community What is BTExecExt.Phoenix.exe? This executable is primarily used during discovery scans Security Troubleshooting and Best Practices If you encounter

If you decide it's necessary to remove or update btexecext.phoenix.exe :