07
Mar
Binary Defense and SentinelOne advise system administrators to set Windows UAC to “Always Notify,” with the caveat that this may be excessively intrusive for some organizations. For trusted filesystem paths with trailing spaces, administrators should keep an eye out for suspicious file creations and process executions, especially in directories containing the string “Windows”.
https://www.bleepingcomputer.com/news/security/old-windows-mock-folders-uac-bypass-used-to-drop-malware/
