Skip to content

Hide Navigation Hide TOC

SyncAppvPublishingServer Bypass Powershell Restriction - PS Module (fe5ce7eb-dad8-467c-84a9-31ec23bd644a)

Detects SyncAppvPublishingServer process execution which usually utilized by adversaries to bypass PowerShell execution restrictions.

Cluster A Galaxy A Cluster B Galaxy B Level
SyncAppvPublishingServer Bypass Powershell Restriction - PS Module (fe5ce7eb-dad8-467c-84a9-31ec23bd644a) Sigma-Rules System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 1