How to detect Microsoft Office documents spawning processes? Such as:
- PowerShell
- CMD
- WMI
- MSHTA
- Etc.
Added TAGs
[edited by: Gladys at 4:32 PM (GMT -7) on 24 Mar 2023]
How to detect Microsoft Office documents spawning processes? Such as:
Hi Bill,
Thanks for reaching out to the Sophos Community Forum.
Sophos Intercept X will prevent many of these malicious behaviours from taking place. The following article describes some of the potential threats covered.
- Exploits Explained
If you wish to take a closer look into some of the detections, the following XDR Demo may also help.
- Sophos XDR: Detections Pivot Demo