sigma icon indicating copy to clipboard operation
sigma copied to clipboard
verified publisher icon SigmaHQ

Deprecate redundant rule

Open swachchhanda000 opened this issue 9 months ago • 1 comments

There is a rule: e17121b4-ef2a-4418-8a59-12fb1631fa9e Delete Volume Shadow Copies via WMI with PowerShell - PS Script ()

However, there is another rule: c1337eb8-921a-4b59-855b-4ba188ddcc42 Deletion of Volume Shadow Copies via WMI with PowerShell - PS Script.

This second rule effectively covers what the first rule is intended to detect. To avoid redundancy, I recommend removing the first rule.

swachchhanda000 avatar Mar 18 '25 11:03 swachchhanda000

Look fine to me

frack113 avatar Mar 20 '25 12:03 frack113

resolved in #5424

phantinuss avatar May 19 '25 07:05 phantinuss