Skip to content

Hide Navigation Hide TOC

Clfs.SYS Loaded By Process Located In a Potential Suspicious Location (fb4e2211-6d08-426b-8e6f-0d4a161e3b1d)

Detects Clfs.sys being loaded by a process running from a potentially suspicious location. Clfs.sys is loaded as part of many CVEs exploits that targets Common Log File.

Cluster A Galaxy A Cluster B Galaxy B Level
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Clfs.SYS Loaded By Process Located In a Potential Suspicious Location (fb4e2211-6d08-426b-8e6f-0d4a161e3b1d) Sigma-Rules 1