sysmon-config
sysmon-config copied to clipboard
Add pwsh.exe to list of suspicious Windows tools
PowerShell versions 6 and above use the executable pwsh.exe
instead of powershell.exe
:
pwsh.exe
doesn't come installed by default like powershell.exe
but I thought it may still be worth adding to the list of "Suspicious Windows tools" in the NetworkConnect rule group.