identifying named pipe impersonation and other malicious