Sc.exe Manipulating Windows Services
This search looks for arguments to sc.exe indicating the creation or modification of a Windows service.
This content is not mapped to any local saved search. Add mapping
Sc.exe Manipulating Windows Services Help
This search looks for the execution of sc.exe with parameters that indicate the utility is being used to create a new Windows service, or modify an existing one. Attackers often create a new service to host their malicious code, or they may take a non-critical service or one that is disabled, and modify it to point to their malware and enable the service if necessary. It is unusual for a service to be created or modified using the sc.exe utility.