Product
Detects User Account Control (UAC) bypass attempts using eventvwr.exe to execute code with elevated permissions by identifying child processes of eventvwr.exe, excluding mmc.exe and WerFault.exe, which may indicate unauthorized privilege escalation.