Intercept X - LOLBAS

Hi all,

Is it possible with Intercept X XDR to block some of the applications used in "Living off the Land" attack vectors

For exmple,  Microsoft recommend using Windows Defender Application Control to block several of them unless needed.

Can I use Intercept X policies to block say AddinUtil.exe at these paths?

  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddinUtil.exe
  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddinUtil.exe

Removed link
[edited by: DavidGorman at 11:22 AM (GMT -7) on 1 Jun 2024]
Parents Reply Children
No Data