Product

Windows Installer

2 briefs RSS

Potential Remote File Execution via MSIEXEC

The rule detects the execution of the built-in Windows Installer, msiexec.exe, to install a remote package potentially abused by adversaries for initial access and defense evasion.

Windows Installer msiexec remote-file-execution initial-access defense-evasion windows

2r 3t 6h ago

medium advisory

MsiExec Child Process Spawning Network Connections for Defense Evasion

2 rules 1 TTP

Detection of MsiExec spawning child processes that initiate network connections, potentially indicating abuse of Windows Installers for malware delivery and defense evasion.

Elastic Defend +3 defense-evasion windows msiexec

2r 1t Oct 26, 2024