Suspicious Windows App Activity

Rule Info

Name
Suspicious Windows App Activity
Description
Detects suspicious children of application launched from inside the WindowsApps directory. This could be a sign of a rogue ".appx" package installation/execution
Modified
None
Date
2023-01-12 00:00:00
Author
Nasreddine Bencherchali (Nextron Systems)
Tags
attack.defense_evasion DEMO
Id
f91ed517-a6ba-471d-9910-b3b4a398c0f3
Type
Community Rule

Rule History

Author
Commit
Title
Date
Nasreddine Bencherchali
chore: add nextron authors tag
2023-02-01
Nasreddine Bencherchali
feat: more updates and fixes
2023-01-12