pub fn classify_deleted_exe(exe_path: &str, comm: &str) -> boolExpand description
Classify whether a process running from a deleted executable is suspicious.
Returns false for kernel threads, package manager processes, and processes
with empty paths/names.