Intercept X - LOLBAS

Question

Hi all, 
 
 Is it possible with Intercept X XDR to block some of the applications used in "Living off the Land" attack vectors 
 
 For exmple, Microsoft recommend using Windows Defender Application Control to block several of them unless needed. 
 
 Can I use Intercept X policies to block say AddinUtil.exe at these paths?

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddinUtil.exe 
 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddinUtil.exe

GlennSen · Answer

Hello David, Thank you for reaching out to our community forum. Yes, It is possible; however, You need Sha256 to add this application under "Blocked Items," which can be found under Global Settings. Once this application Sha256 has been added, your devices will block this once it gets detected and automatically deleted.

Intercept X - LOLBAS

Top Replies