wmiprsve.exe Rare Child Process

The
wmiprsve.exe Rare Child Process
Analytics alert indicates a remote WMI command executed a binary proxy, wmiprvse.exe, which executed a rare child process. Executing a rare child process can be an indication of remote code execution abuse by an attacker.

Synopsis

10 minutes
3 days
14 days
10 minutes
Cortex XDR agent endpoint data
Severity
Medium

Description

A remote WMI command executed a binary proxy, the Windows Management Instrumentation (WMI) Provider Host wmiprvse.exe, which executed a rare child process. Executing a rare child process can be an indication of remote code execution abuse by an attacker.

Recommended For You