Detects restricted access to applications by the Software Restriction Policies (SRP) policy

Csi.exe is a signed binary from Microsoft that comes with Visual Studio and provides C# interactive capabilities. It can be used to run C# code from a file passed as a parameter in command line. Early version of this utility provided with Microsoft “Roslyn” Community Technology Preview was named 'rcsi.exe'

Detects the execution of Radmin which can be abused by an adversary to remotely control Windows machines

Detect use of PDQ Deploy remote admin tool