|
|
|
|
|
|
by technion
1793 days ago
|
|
|
On the contrary: adding psexec.exe to our EDR's blocklist has had tangible positive impacts. Legitimate remote execution in 2021 can be achieved using a range of supported options, and when I see this alert trigger in a monitored environment there's nearly always something malicious going on. The catch of course, is that you explain this to everyone and get them on board, as opposed to just doing it. |
|
|