Threat actors have been found hijacking legitimate anti-virus software to conduct undetected malicious activities, using a new tool called SbaProxy that masquerades as legitimate anti-virus components to create proxy connections through a C2 server. More information https://cybersecurity.att.com/blogs/labs-research/hijacked-how-cybercriminals-are-turning-anti-virus-software-against-you