Unsigned AppX Installation Attempt Using Add-AppxPackage

Rule Info

Name
Unsigned AppX Installation Attempt Using Add-AppxPackage
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects usage of the "Add-AppxPackage" or it's alias "Add-AppPackage" to install unsigned AppX packages
Date
2023-01-31 00:00:00
Modified
None
Id
37651c2a-42cd-4a69-ae0d-22a4349aa04a
Tags
attack.persistence attack.defense_evasion DEMO
Type
Community Rule

Rule History

Author
Title
Date
Commit
github-actions[bot]
Merge PR #4611 from @nasbench - Promote Older Rules Status From `experimental` To `test`
2023-12-01
Nasreddine Bencherchali
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18
Nasreddine Bencherchali
feat: multiple fixes and updates
2023-02-21
Nasreddine Bencherchali
fix: apply suggestions from code review
2023-02-02
Nasreddine Bencherchali
fix: add missing modified field
2023-02-02
Nasreddine Bencherchali
feat: add add-appxpackage cmdlet rules
2023-01-31