FILE-OTHER Microsoft Windows Defender malformed RAR memory corruption attempt
This event is generated when a memory corruption attempt against Microsoft Windows Defender is observed
Potential code execution
This rule targets a malformed RAR archive that triggers an exploit in Microsoft Windows Defender.
Ease of attack
- Cisco's Talos Intelligence Group