What are the key indicators to detect or defend against Long UNC filename spoofing attacks?

Detection methods include: (1) verifying that the attacker needs write permission to system folders (often blocked by standard user accounts); (2) looking for duplicate filenames in the same directory (e.g., `calc.exe` and `calc.exe `); (3) monitoring for unusual short filenames like `CALC~1.EXE` in process creation logs; (4) using `certutil.exe -hashfile` to compute and compare hashes, which reveals the true content. Additionally, tools like Sysmon can be configured to log process creation events with these short names.