Skip to main content

vast limits GmbH and uberAgent are now part of Citrix, a business unit of Cloud Software Group. Learn more at Citrix.com.

Documentation

Version

  1. uberAgent
  2. 7.1.2
  3. ESA Features & Configuration
  4. Threat Detection Engine
  5. MS Office & Acrobat Reader Monitoring
Previous document Next document

MS Office & Acrobat Reader Monitoring

In this article

The ESA Threat Detection rules for monitoring Microsoft Office and Adobe Acrobat Reader are vast limits vendor rules.

Microsoft Office Rules

The rules in this section detect suspicious behavior with MS Office applications.

  • Detect macro execution with the default Office security configuration applied (“disable all macros with notification”)
  • Detect child processes of Microsoft Office applications (dedicated rules for scripts and other types of child processes)
  • Detect Microsoft Office download operations
  • Detect Microsoft Office applications executing macros that access WMI to create child processes
  • Suspicious DLL load by Office
  • Detect loading of MAPI DLLs from processes other than Outlook

Adobe Acrobat Reader Rules

The rules in this section detect suspicious behavior with Adobe Acrobat Reader.

  • Detect child processes of Adobe Reader

Comments

Your email address will not be published. Required fields are marked *