Are you seeing these events on or across your entire domain ?
If you are experiencing issues with the Track-It! agent (e.g., it is not reporting inventory or deploying software), follow these steps:
To stay safe in the future, follow these security best practices: btexecext.phoenix.exe
: It is a "Discovery Scan" agent. Its primary job is to enumerate local admin group members so they can be onboarded into BeyondTrust Password Safe for secure management.
Its mission finished, the process terminates. The server returns to its normal hum, leaving behind only those mysterious timestamps as proof that the Invisible Auditor was ever there. Are you seeing these events on or across your entire domain
System administrators and cybersecurity engineers frequently encounter this process in Security Information and Event Management (SIEM) logs or Windows Security Event Logs due to the unusual account activity and false-positive authentications it triggers during routine infrastructure scans. ⚙️ Core Function: BeyondTrust Detailed Discovery Scans
(or similar) directory on target servers during the scanning phase. Troubleshooting: Its primary job is to enumerate local admin
You should only attempt to remove or uninstall this software if you have confirmed it is malicious or is installed on a personal computer where it does not belong.
To stop false-positive alerts caused by discovery scans from overwhelming your SOC analysts, create targeted exclusions in your SIEM platform: