Built off the open source project Osquery
Description: Looks for suspicious svchosts running from outside the system32 folder
What The Data Shows: Shows if svchost processes are running from locations they shouldnt be. Its possible that malware, adware, or viruses are running as svchost.exe to hide.
SQL:
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.