We deployed an application whitelisting service. I’m seeing tons of instances of c:\program files\microsoft office\root\office16\msoadfsb.exe trying to use powershell.exe and so far I’ve been letting them deny and so far no user has complained but I’d like to know if there is a legitimate reason for this so I can allow it and get rid of all the noise.
