Check or Attack Name: rcmd

The Rcmd service was detected as running. This service allows users to execute command-line programs from remote hosts and is distributed in the Windows NT Resource Kit. Rcmd is known to be vulnerable to spoofing because it uses native Windows NT challenge-response authentication, instead of host-level authentication.

Remove the rcmd service.

To remove the rcmd services, follow these steps:

1. Open the Services control panel. From the Windows NT Start menu, select Settings, Control Panel, Services.
2. Under Services, select rcmd.
3. Click Stop.