LoFP LoFP / t1570

t1570

TitleTags
false positives may be present based on administrative use. filter as needed.
false positives may occur if a user called rundll32 from cli with no options
possible, different agents with a 8 character binary and a 4, 8 or 16 character service name
psexec is a dual-use tool that can be used for benign or malicious activity. it's important to baseline your environment to determine the amount of noise to expect from this tool.
unlikely