If I listed the names of services on your Windows systems, would you be able to determine which ones were real and which ones were fake? Attackers often use fake services designed to act and look like real Windows services but contain malicious files. Is Windows Updates a true Windows service, or is it called “Windows Update” on your computer? Have you taken the time to become aware of what services and processes are normal on the computers in your network?
Create a baseline of Windows services
If you don’t know, you need to create a baseline that shows which services should be in your network. The PowerShell command get-service is a quick and dirty way to get a list of running services on a system.