LoFP LoFP / t1005

t1005

TitleTags
commonly run by administrators
legitimate exchange system administration activity.
legitimate use
unlikely
vm exports may be done by a system or network administrator. verify whether the user identity, user agent, and/or hostname should be making changes in your environment. vm exports from unfamiliar users or hosts should be investigated. if known behavior is causing false positives, it can be exempted from the rule.