CMSTP UAC Bypass via COM Object Access
Detects UAC Bypass Attempt Using Microsoft Connection Manager Profile Installer Autoelevate-capable COM Objects (e.g. UACMe ID of 41, 43, 58 or 65)
Read MoreUAC Bypass via Sdclt
Detects the pattern of UAC Bypass using registry key manipulation of sdclt.exe (e.g. UACMe 53)
Read More