Intrusion Prevention

MS.Windows.Remote.CMD.Shell

Description

It indicates an attempt to launch a remote command shell on a Windows machine.
Attackers may inject a very small executable on a Windows machine that can bring up the "cmd" or command prompt of the machine as a remote console. This provides attackers with complete access to the victim system without any authorization or authentication.

Affected Products

Any unprotected Windows system is vulnerable to the attack.

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Monitor the traffic from that network for any suspicious activity.
Use AntiVirus software to scan and clean the system.