Tag

Defense_evasion

1 brief RSS

Unusual Service Host Child Process - Childless Service

This detection identifies unusual child processes of Service Host (svchost.exe) that traditionally do not spawn child processes, potentially indicating code injection or exploitation.

m365_defender +3 process_injection privilege_escalation defense_evasion windows

2r 2t Jan 4, 2024