Application Control



This indicates detection of a WMI Execute Method Request calling Win32_Process class.
Windows Management Instrumentation (WMI) is a suite of tools for managing data and operations on Windows-based operating systems. WMI is the Microsoft implementation of the Web-based Enterprise Management (WBEM) standard. Users can write WMI scripts to automate administrative tasks on remote computers.
The WMI Execute Method Request Win32_Process Class can remotely launch a new executable. Some malware may use this to propagate through a network.