|
|
|||
| Rule General Information |
|---|
| Release Date: | 2022-05-23 | |
| Rule Name: | Tool PsExec Detection | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | PsExec is a powerful system administration tool for executing processes on local or remote systems and allowing users to run those processes as another user. Due to its powerful capabilities, this tool is often used by malicious attackers to remotely control servers. This rule is used to detect PsExec traffic characteristics. | |
| Impact: | Attackers use attack tools to attack targets, which can lead to data leakage, service interruption, system crash, data tampering, and illegal access. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| 1. Scan the server file system to ensure that there are no hacker tools and related malicious files. 2. Complete system backup to ensure server data security. 3. Harden the security of the server, restrict access permissions, install firewalls, and use secure access control lists. |