Winrmsrv.exe is a legitimate executable created by Microsoft but might also indicate crypto-mining malware infection



Winrmsrv.exe is a background process that users might find running on their Windows computers once they open the Task Manager. The executable was developed by Microsoft Corporation, and its usual location is in C:\Windows\system32\ folder. Nevertheless, many users started to complain[1] that their Firewall is blocking the incoming connection from Winrmsrv.exe – it asks for permission to gather information. Thus, because the developer is shown as Microsoft, users are confused about whether the file is legitimate or not.

Read more…