JetBrains binaries invoke WMI

2024-03-19 by Thurein Oo

JetBrains queries security tools.

idea64.exe and rider64.exe from JetBrains query the installed antivirus product in the exact same way that malicious programs do using the command:

wmic /namespace:\\root\securitycenter2 path antivirusproduct get displayname,productstate

Documentation