Techniques
Sample rules
Anydesk Remote Access Software Service Installation
- source: sigma
- technicques:
Description
Detects the installation of the anydesk software service. Which could be an indication of anydesk abuse if you the software isn’t already used.
Detection logic
condition: all of selection_*
selection_provider:
EventID: 7045
Provider_Name: Service Control Manager
selection_service:
- ServiceName|contains|all:
- AnyDesk
- Service
- ImagePath|contains: AnyDesk