Monitor WMI consumers and processes, detecting potential malicious activity. This PowerShell script monitors WMI consumers and processes, detecting potential malicious activity. **Usage:** 1. Run PowerShell as administrator. 2. Import the WMIMonitor.ps1 module. 3. Create a new event subscriber. 4. Test the process call create function. 5. Check the Application Event log for EID 8. **Disable logging:** 1. Open an Administrator PS shell. 2. Run Remove-SubscriberMonitor. 3. Confirm the event subscriber and all associated WMI objects have been successfully removed.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
FortiEDR is an automated endpoint security solution that integrates with the Fortinet Security Fabric and third-party solutions to reduce MTTR and provide real-time breach detection and response.
A lightweight malware detection and removal tool that provides real-time protection against complex attacks while preserving system resources.
Cisco Secure Endpoint is a cloud-native endpoint security solution that provides advanced protection and response to threats.
Comprehensive endpoint security solution providing proactive defenses, remediation tools, and centralized management to prevent threats and ensure uptime.
CrowdStrike Falcon is a unified cybersecurity platform providing complete protection through its AI-native XDR platform.
A static analysis framework for extracting key characteristics from various file formats
Deep Instinct is a predictive prevention platform that uses deep learning to prevent unknown threats, including ransomware and zero-day malware, from infiltrating storage environments, applications, and endpoints.
Webroot Endpoint Protection provides advanced cloud-based protection against malicious files, scripts, exploits, and URLs to keep businesses safe from cyberattacks.
A free endpoint security tool for host investigative capabilities to find signs of malicious activity through memory and file analysis.