sigma icon indicating copy to clipboard operation
sigma copied to clipboard
verified publisher icon SigmaHQ

Update proc_creation_win_reg_windows_defender_tamper.yml

Open MalGamy12 opened this issue 1 year ago • 0 comments

Summary of the Pull Request

Add new values which used by the attacker to disable windows defender

Changelog

update: Suspicious Windows Defender Registry Key Tampering Via Reg.EXE

Example Log Event

Fixed Issues

SigmaHQ Rule Creation Conventions

  • If your PR adds new rules, please consider following and applying these conventions

MalGamy12 avatar Dec 31 '24 11:12 MalGamy12