LoFP / legitimate usage of the anydesk tool

Techniques

Sample rules

Anydesk Remote Access Software Service Installation

• source: sigma
• technicques:

Description

Detects the installation of the anydesk software service. Which could be an indication of anydesk abuse if you the software isn’t already used.

Detection logic

condition: selection
selection:
  EventID: 7045
  Provider_Name: Service Control Manager
  ServiceName: AnyDesk Service