LoFP LoFP / rare occasions where a malicious package uses the exact same name and version as a legtimate application

Techniques

Sample rules

Potential Malicious AppX Package Installation Attempts

Description

Detects potential installation or installation attempts of known malicious appx packages

Detection logic

condition: selection
selection:
  EventID:
  - 400
  - 401
  PackageFullName|contains: 3669e262-ec02-4e9d-bcb4-3d008b4afac9