Tag

Tsclient

1 brief RSS

Execution via TSClient Mountpoint

The rule detects execution of processes from the Remote Desktop Protocol (RDP) shared mountpoint tsclient on Windows hosts, which may indicate a lateral movement attempt.

Microsoft Defender XDR +1 lateral-movement execution rdp tsclient windows

2r 2t 1h ago