Apparently WMI is a common method of remote access to Windows PCs. Is there a way to disable WMI or, if it's essential, to isolate it from external network access?
To be honest, I haven't looked into this, I'm afraid that by blocking this stuff it will cause all kinds of problems. With a tool like EXE Radar you might be able to block it from running and you could also disable the WMI service via AutoRuns. But it's probably not recommended.
Windows is quite complicated. It is safer to isolate these services by firewall. I already suggested inbound packets rules for IPv4-only network. https://www.wilderssecurity.com/thr...isolate-rpc-from-network.404158/#post-2759396
