Regarding:
==========================
McAfee's Rule Identifier 131328 is described in KB82925 on How to identify what rule corresponds to an Adaptive Threat Protection and Threat Intelligence Exchange event:
Detect use of long
-encodedcommand
powershellAlerts on variations of the encodedcommand [base64] powershell usage
WMI provides a way of executing code or moving laterally in an environment. Some legitimate software may use this way, so this rule should be behavior in your environment
It may or may not be harmful. That's why it's suspicious. Further investigation would require catching and decoding the base64 encoded PowerShell command and analyzing whether it's legitimate use or not.
==========================
-->>
So I need to search for bas64 related strings on my whole Windows 10 computer.
How can I do this from ex.: powershell?
The strings that I am searching for:
ToBase64String
FromBase64String
powershell.exe -encodedCommand $encodedCommand
or similar.