Alteryx Designer Desktop Discussions

Johjnj97

I am a support analyst for my company - one of our users is trying to install Designer 2025 but the installer is having difficulty removing the currently installed 2024 version.. Additionally, our IT security team flagged some suspicious activity related to the removal process on the user's computer:

A process event captured the execution of pcalua.exe with the following command line, which launched an executable from the user profile of US\girijavV:

C:\WINDOWS\system32\pcalua.exe -a C:\Users\girijavV\AppData\Roaming\Alteryx\Engine\2024.2\UninstallAYX.exe

The parent process for pcalua.exe was the Windows Task Scheduler service:

C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s Schedule

The pcalua.exe process ran in the context of user US\girijavV and subsequently started:

C:\Users\girijavV\AppData\Roaming\Alteryx\Engine\2024.2\UninstallAYX.exe

Process creation and event capture times confirm the sequence:

svchost.exe (Schedule service) was active prior to the event.
pcalua.exe started at 2025-11-12 19:41:44.095577 UTC.
The process event was recorded at 2025-11-12 19:41:44.144452 UTC (meta timestamp at nanosecond precision: 2025-11-12 19:41:44.1444516 UTC).
UninstallAYX.exe started at 2025-11-12 19:41:44.506490 UTC.

No additional processes or activities related to this event are included in the provided data.

Timeline

2025-11-12 18:59:21.453533 UTC: wininit.exe started.
2025-11-12 18:59:21.525826 UTC: services.exe started.
2025-11-12 18:59:22.467823 UTC: svchost.exe started with command line:
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s Schedule
2025-11-12 19:41:44.095577 UTC: pcalua.exe created with command line:
C:\WINDOWS\system32\pcalua.exe -a C:\Users\girijavV\AppData\Roaming\Alteryx\Engine\2024.2\UninstallAYX.exe
2025-11-12 19:41:44.1444516 UTC: Event timestamp (nanoseconds precision).
2025-11-12 19:41:44.144452 UTC: Event time (microseconds precision).
2025-11-12 19:41:44.506490 UTC: UninstallAYX.exe started.
2025-11-12 19:42:25.000000 UTC: Telemetry ingested.
2025-11-12 20:01:44.000000 UTC: Record timestamp.

Process Tree

wininit.exe

└── C:\WINDOWS\system32\services.exe

└── C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s Schedule

└── C:\WINDOWS\system32\pcalua.exe -a C:\Users\girijavV\AppData\Roaming\Alteryx\Engine\2024.2\UninstallAYX.exe

└── C:\Users\girijavV\AppData\Roaming\Alteryx\Engine\2024.2\UninstallAYX.exe

They are concerned that a scheduled task was launched and that the Windows 11 Program Compatibility Assistant was used in the process.

Need to confirm that this is expected behavior for removing Alteryx or if this is malicious activity.

alexnajm

I would submit this as a case to Alteryx if there is a concern about security - you can submit it here: MyAlteryx

Johjnj97

unfortunately we do not have an Alteryx support plan that I know of!

alexnajm

Can you try to log in and see if you can still? Usually you can submit a case, the response time just may be slower

Alteryx Designer Desktop Discussions

Alteryx Designer 2025 install will not remove Designer 2024

Re: Unable to get an output

Re: Extracting the list of sheet names across mult...

Re: Chaining Apps

Re: Unable to read in all raw xml from an excel fi...

Unable to read in all raw xml from an excel file