Detect Path Interception By Creation Of program.exe
The search is looking for the creation of program.exe in the C: drive. The creation of this file in that location may be driven by a motive to perform path interception.
This content is not mapped to any local saved search. Add mapping
Detect Path Interception By Creation Of program.exe Help
This search queries the Endpoint file-system data model node to list out all the values of destination machines, as well as the values of file hashes and file paths that have the file "program.exe" in the C: drive. Path interception occurs when an executable is placed in a specific path so that it is executed by an application instead of by the intended target. In this case, applications vulnerable to path interception (because of unquoted service paths with spaces in Windows registry) allow attackers to execute maliciously crafted program.exes.