Falcon Long Term Repository: File Entropy

In the video below, we are looking at files and executables that are being run out of the users (c:\users\ ) space that also have a high level of entropy. It is not a bad idea to check for applications running in “user space,” as c:\windows and c:\program files are typically restricted. Bad actors can make use of this space because the credentials of a compromised account can copy and run files from this location.