description: The following analytic detects the use of PowerShell to delete shadow copies via the WMIC PowerShell module. It leverages EventCode 4104 and searches for specific keywords like ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results