PowerShell MSI Install via WindowsInstaller COM From Remote Location (222720a7-047f-4054-baa5-bab9be757db0)
Detects the execution of PowerShell commands that attempt to install MSI packages via the
Windows Installer COM object (WindowsInstaller.Installer
) hosted remotely.
This could be indication of malicious software deployment or lateral movement attempts using Windows Installer functionality.
And the usage of WindowsInstaller COM object rather than msiexec could be an attempt to bypass the detection.