This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello,
I have an issue with my windows server 2016, we are using crowdstrike antivirus but shows a detection net.exe every minute, actually by using net.exe someone or some thing in background run a command as net localgroup "administrators" Guest/add by triggering this command every minute i can't able to disable the Guest account If i rename or delete the account it will recreate while command triggering. i check with startup and task scheduler also there is no program running, Please someone told me how to stop that net command triggering.
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.
Hello,
The most straightforward approach is to identify the source of the command. Use Process Monitor to capture real-time file system, registry, and process/thread activity. Apply a filter for net.exe to see what is triggering it.
Additionally, perform a full system scan with CrowdStrike and consider using Windows Defender to ensure that no malware is present.
Best Regards, Karlie Weng