Firewalls obstruct only some hackers.
I saw logonui.exe appear on my Xclitium EDR alerts several times that day within a 2 hr time frame. Logonui had never showed up as an alert before. Xcitium generates alerts for suspicious invocations. The process tree is 5 levels deep, definitely not normal. And if I remember correctly, logonui does not normally show up in process explorer, after you logon, it quits. So the combination of logonui showing up as an Xcitium alert, and the fact that I could no longer logon (gives error msg) , on this test machine with no other software to create problems, I'd confidently say they have succeeded.
