Rule Info
Name
PS WDAC Policy Creation From Suspicious Location
Author
X__Junior
Description
Detects creation of Windows Defender Application Control (WDAC) from suspicious location
Date
2025-02-07 00:00:00
Modified
None
Id
ce77d2a5-6b41-43a1-bb5b-6e2127223c62
Tags
attack.defense-evasion
Type
Nextron Sigma feed only (private)
Rule History
Scan your endpoints, forensic images or collected files with our portable scanner THOR