๐ Home
โบ
Endpoint Security (EDR/XDR)
โบ
Q3
60s
๐
๐งช Endpoint Security (EDR/XDR)
Junior
Q3 / 5
Endpoint Security (EDR/XDR)
An EDR alert shows 'powershell.exe' spawned by 'winword.exe' (Microsoft Word). Why is this suspicious?
A
PowerShell is a dangerous tool that should never run on endpoints
B
It is normal for Word documents to launch PowerShell for formatting
C
Word spawning PowerShell is a classic indicator of a malicious macro executing code โ a common malware delivery technique
D
This indicates a Windows update is running in the background
โ Previous
Select an answer above