Service Creation/Modification
Last updated
Last updated
change the binary path
On Windows 10, enable Attack Surface Reduction (ASR) rules to block processes created by from running.
Ensure that permissions disallow services that run at a higher permissions level from being created or interacted with by a user with a lower permission level.
Check Startup services with AutoRuns.exe
Monitor for changes made to windows registry keys and/or values that may abuse the Windows service control manager to execute malicious commands or payloads.
Monitor system service creation.