Sc.exe Manipulating Windows Services
Description
This search looks for arguments to sc.exe indicating the creation or modification of a Windows service.
Content Mapping
This content is not mapped to any local saved search. Add mapping
Help |
---|
Sc.exe Manipulating Windows Services HelpThis search looks for the execution of sc.exe with parameters that indicate the utility is being used to create a new Windows service, or modify an existing one. Attackers often create a new service to host their malicious code, or they may take a non-critical service or one that is disabled, and modify it to point to their malware and enable the service if necessary. It is unusual for a service to be created or modified using the sc.exe utility. |