Skip to content

Hide Navigation Hide TOC

SyncAppvPublishingServer Execution to Bypass Powershell Restriction (dddfebae-c46f-439c-af7a-fdb6bde90218)

Detects SyncAppvPublishingServer process execution which usually utilized by adversaries to bypass PowerShell execution restrictions.

Cluster A Galaxy A Cluster B Galaxy B Level
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern SyncAppvPublishingServer Execution to Bypass Powershell Restriction (dddfebae-c46f-439c-af7a-fdb6bde90218) Sigma-Rules 1