Tag
high
advisory
MpCmdRun Execution with RemoveDefinitions Argument
2 rulesThe execution of MpCmdRun.exe with the '-RemoveDefinitions' argument, used to remove definitions from the Windows Malware Protection Engine, can indicate potential malware activity or attempts to bypass security measures.
Windows Malware Protection Engine +3
defense-evasion
endpoint
mpcmdrun
malware
2r
medium
advisory
MpCmdRun.exe Used for Remote File Download
2 rules 1 TTPAttackers are abusing the Windows Defender MpCmdRun.exe utility to download remote files, potentially delivering malware or offensive tools into compromised systems.
Windows Defender
command-and-control
ingress-tool-transfer
windows
mpcmdrun
2r
1t