An employee downloads a freeware program to change the desktop to the classic look of legacy Windows. Shortly after the employee installs the program, a high volume of random DNS queries begin to originate from the system. An investigation on the system reveals the following:
Add-MpPreference –ExclusionPath ‘%Program Files%\ksyconfig’
Which of the following is possibly occurring?
The program in question added an exclusion path for Windows Defender, which means that any files or activities within '%Program Files%\ksyconfig\' will not be scanned or monitored by the antivirus. This tactic is commonly used for defense evasion, allowing malware to operate undetected on the system.
The attacker fooled the user to download a program to gain access to the network via the user's workstation.