Vendor
Detects the execution of the TOR Browser and related components on Windows endpoints, indicating potential anonymization of traffic for command and control, data exfiltration, or policy evasion by adversaries or insider threats.