PcaSvc (Program Compatibility Assistant Service)

  • Function: This service assists with running older applications but also logs execution data, complementing the explorer.exe PCA client strings.

  • Identifying the Process: Locate the svchost.exe instance hosting the "PcaSvc" service.

  • Common Search Patterns:

    • jar (Contains, case-insensitive - note: no dot): Searching for the string "jar" (rather than ".jar") within PcaSvc memory can sometimes reveal executions of .jar files, potentially including those launched via java -jar with spoofed extensions (as the command line itself might contain "jar"). Complements the PlugPlay search.

    • Specific executable names (Contains, case-insensitive): Searching directly for known cheat executable filenames.

Previoussvchost.exe (-s dps) (Diagnostic Policy Service)NextOther Relevant Processes

Last updated