Update the Antivirus Tampering configuration, using general condition

[hieuttmmo]

As mentioned in the DFIR Report, another techniques might be use to disable Defender Real-Time Protection mechanism. So in this PR, i want to use a general condition for monitor all changes in the Defender Registry Path.

• DFIR Report: https://thedfirreport.com/2021/10/18/icedid-to-xinglocker-ransomware-in-24-hours/
• Disable Defender Script: https://gist.github.com/anadr/7465a9fde63d41341136949f14c21105

[hieuttmmo]

FYI: Already tested this config on my home-lab and it worked great.