Techniques
Sample rules
Bypass UAC via Fodhelper.exe
- source: sigma
- technicques:
- t1548
- t1548.002
Description
Identifies use of Fodhelper.exe to bypass User Account Control. Adversaries use this technique to execute privileged processes.
Detection logic
condition: selection
selection:
ParentImage|endswith: \fodhelper.exe