Our EDR recently flagged the teamviewer_.exe process on a client computer, and we know that the user did install Teamviewer at that time. However, that executable looks suspicious:
Process teamviewer_.exe spawned process teamviewer.exe, with the following command line:
"C:\Users\<username>\AppData\Local\Temp\TeamViewer\TeamViewer.exe" --noInstallation
Is this executable and behavior expected?
Thank You
