Looking to validate events from an EDR related to amagent activity. Are these known behavior?
The script C:\programdata\amagent\execdir775765479\execcmd799295514.ps1 attempted to create a viewable window, by calling the function "CreateWindowExW". The operation was successful.
The script C:\programdata\amagent\execdir775765479\execcmd799295514.ps1 attempted to modify the next instruction to execute in the process "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe". The operation was blocked and the application terminated by Cb Defense.
Hmm...actually, let me double-check with a couple of teams to get some feedback. Thanks for posting!