UAC Bypass via Trusted Windows Binaries (FDR)
Detects UAC bypass techniques via unexpected child processes spawned by trusted Windows binaries such as fodhelper, eventvwr, sdclt, and wsreset, used by LOTL attackers for privilege escalation
Detects UAC bypass techniques via unexpected child processes spawned by trusted Windows binaries such as fodhelper, eventvwr, sdclt, and wsreset, used by LOTL attackers for privilege escalation