While the increase in abuse of malicious MSIX installers is certainly an emergent trend, the adversaries behind it are still at least partially reliant on fairly well understood tradecraft. Fortunately, we can share a few pseudo-detectors that have helped us catch these and other threats. For prevention, organizations that use application allow-listing solutions such as AppLocker can explore allowing or denying MSIX execution with AppLocker policies.