Forum Discussion

kareemsamir's avatar
kareemsamir
New Member
2 months ago

Rainst.exe registry modification

We have observed that the LMIRfsClientNP service was disabled due to a registry modification performed by the process Rainst.exe. Our SIEM solution has alerted us to this activity.

Questions:

  1. Is this a normal behavior for the Rainst.exe application?
  2. If so, what is the rationale behind disabling the LMIRfsClientNP service?
  • KateG's avatar
    KateG
    GoTo Moderator

    Hi kareemsamir

    Welcome to the Community, and apologies for the delay as we followed up with our team. 

    Rainst.exe is part of LogMeIn host software, as well as LMIRfsClientNP.

    LMIRfsClientNP is not a Windows 32 service. It is part of the remote file system driver, installed with LogMeIn host software and used for the "Connect Drives" feature during Remote Control session. It's possible the LogMeIn software updated itself and rainst.exe had to stop this driver during update.

    Hope this helps!