Bitdefender has documented three techniques that abuse Windows bind links to make endpoint detection and response products inspect one file while Windows executes another. The finding matters because the gap appears only after an intruder obtains local administrator rights—the precise stage at...