Closed umairqamar closed 1 year ago
@umairqamar ,
Thank you for your submission!
This looks promising, but I think we need a little more info! For one thing, this Florian tweet does not provide enough detail to qualify as documentation. Additionally, I'd love to see some evidence from a SIEM or other logging source about what this command actually does, and what parent processes invoke it.
I'd propose that the whole of Solarwind deserve a WTFBIN mention, as they suggest to exclude the whole directory from AV. Unfortunately(?) I don't have a Solarwind installation so can't provide more info than this link