Tag

Process-Execution

1 brief RSS

Execution from Unusual Directory - Command Line

This rule identifies process execution from suspicious default Windows directories, which adversaries may abuse to hide malware in trusted paths to evade defenses.

Microsoft Defender XDR +1 execution defense-evasion windows process-execution

2r 2t Jan 3, 2024