Detects UAC Bypass Attempt Using Microsoft Connection Manager Profile Installer Autoelevate-capable COM Objects (e.g. UACMe ID of 41, 43, 58 or 65)

Detects cmstp loading "dll" or "ocx" files from suspicious locations

Detects suspicious network connection by Cmstp

Detect commandline usage of Microsoft Connection Manager Profile Installer (cmstp.exe) to install specially formatted local .INF files

Detects various indicators of Microsoft Connection Manager Profile Installer execution

Detects various indicators of Microsoft Connection Manager Profile Installer execution

Detects various indicators of Microsoft Connection Manager Profile Installer execution