How to Check if Computrace is Running?

The most direct way to check for Computrace (also known as Absolute LoJack or Absolute Persistence) running on your system is by inspecting active processes within the Task Manager for specific executables.

Checking for Computrace via Task Manager

Computrace often operates as a background process, making it important to examine your system's running processes thoroughly. To identify if it's active:

1. Launch Task Manager: Press Ctrl + Shift + Esc simultaneously, or Ctrl + Alt + Del and then select "Task Manager."
2. Navigate to Processes: Click on the Processes tab at the top of the Task Manager window.
3. Show All Processes: It is crucial to ensure that the option to "Show all processes from all users" is checked. This reveals system-level and background processes that Computrace might be using, which could otherwise remain hidden.
4. Look for rpcnet.exe: Carefully scroll through the list of running processes and look for an entry named rpcnet.exe. This executable is a known component of the Computrace agent and its presence is a strong indicator that Computrace is active on your system.

If you find rpcnet.exe running, it indicates that Computrace is currently operational on your machine.

What is Computrace/Absolute LoJack?

Computrace, now primarily known as Absolute LoJack or Absolute Persistence, is a robust security solution designed to track, recover, and remotely manage lost or stolen laptops and other devices. Its key feature is a unique "persistence module" that is often embedded directly into the BIOS/UEFI firmware of many devices. This firmware-level integration makes it highly resilient, capable of reinstalling itself even if the operating system is reinstalled, the hard drive is formatted, or replaced.

For more information on the technology, you can visit the official Absolute Software website.

Other Indicators and Methods

While the Task Manager check is a primary method, other indicators can help determine the presence and activity of Computrace:

BIOS/UEFI Settings

The most definitive way to check for the presence of the Computrace persistence module, even if it's not actively running, is through your system's BIOS/UEFI settings.

• Access BIOS/UEFI: Restart your computer and press the appropriate key (commonly F2, Del, F10, or F12) during the boot-up sequence to enter the BIOS/UEFI setup utility.
• Locate the Option: Navigate through the menus, often under sections like "Security," "Configuration," or "System Management." Look for options explicitly named "Computrace," "Absolute Persistence," or "LoJack for Laptops."
• Check Status: The status will typically be displayed as "Enabled," "Disabled," or "Deactivated." An "Enabled" status indicates the module is active and potentially running, even if not immediately visible in Task Manager.

Network Activity

When active, Computrace agents communicate with Absolute Software's command and control servers.

• Network Monitoring Tools: Advanced users can employ network monitoring tools like Wireshark to scrutinize outbound network connections. Look for consistent, unexplained traffic to unfamiliar IP addresses or domain names. While Computrace typically uses standard HTTP/HTTPS, unusual patterns could be indicative.

File System and Registry Checks (Less Reliable)

Due to its persistent nature and ability to reinstall itself, checking for specific files or registry entries might not always be conclusive, but can offer supporting evidence:

• Program Files: Look in C:\Program Files or C:\Program Files (x86) for folders named "Absolute" or "Computrace."
• Registry Editor: Using the Windows Registry Editor (regedit), you can search for keys or values containing "Absolute" or "Computrace." However, modifying the registry can be risky if not done carefully.

Why Check for Computrace?

Knowing if Computrace is running on your system is important for several reasons:

• Privacy Concerns: Computrace can track your device's location, monitor system information, and potentially access user data if certain features are activated by the administrator.
• Security Implications: While designed for security, any persistent software can be a potential vector for exploitation if compromised.
• System Performance: Like any background process, an active Computrace agent consumes system resources, which could slightly impact performance.
• Unwanted Features: If you've acquired a used device or are no longer part of an organization that uses Computrace, you might not want its tracking and management features active on your personal computer.

What to Do if Computrace is Detected

If you confirm Computrace is active on your device and you wish to disable it, the primary method involves the BIOS/UEFI settings:

• BIOS/UEFI Deactivation: Re-enter your BIOS/UEFI setup. Locate the "Computrace," "Absolute Persistence," or "LoJack for Laptops" option and change its status to "Disabled" or "Deactivated." Be aware that some systems or active licenses might prevent you from deactivating it directly from the BIOS/UEFI without prior action from Absolute Software.
• Contact Absolute Software: If you cannot disable it through the BIOS/UEFI, especially if you purchased a used device, you might need to contact Absolute Software directly. They can verify the device's enrollment status and, if appropriate, facilitate its deactivation.

Summary of Computrace Indicators

The presence of rpcnet.exe in Task Manager or an active setting in your device's BIOS/UEFI are the most reliable indicators of Computrace's operation.