legitimate testing of microsoft ui parts.

source: <a href=https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/proc_creation_win_lolbin_visualuiaverifynative.yml>sigma
technicques: t1218

Techniques

VisualUiaVerifyNative.exe is a Windows SDK that can be used for AWL bypass and is listed in Microsoft’s recommended block rules.

condition: selection
selection:
- Image|endswith: \VisualUiaVerifyNative.exe
- OriginalFileName: VisualUiaVerifyNative.exe