This folder is applocker blocked
So I copied notepad.exe into it, renamed it, then tried to execute and as you can see applocker blocked me
But Sysmon and Windows both generated an Event ID 1 and 4688
Showing posts with label process create. Show all posts
Showing posts with label process create. Show all posts
Friday, February 5, 2021
Subscribe to:
Posts (Atom)