diff --git a/atomics/Indexes/Indexes-CSV/index.csv b/atomics/Indexes/Indexes-CSV/index.csv
index 6ff36ad2..6b83552d 100644
--- a/atomics/Indexes/Indexes-CSV/index.csv
+++ b/atomics/Indexes/Indexes-CSV/index.csv
@@ -667,6 +667,7 @@ impact,T1490,Inhibit System Recovery,4,Windows - Disable Windows Recovery Consol
 impact,T1490,Inhibit System Recovery,5,Windows - Delete Volume Shadow Copies via WMI with PowerShell,39a295ca-7059-4a88-86f6-09556c1211e7,powershell
 impact,T1490,Inhibit System Recovery,6,Windows - Delete Backup Files,6b1dbaf6-cc8a-4ea6-891f-6058569653bf,command_prompt
 impact,T1490,Inhibit System Recovery,7,Windows - wbadmin Delete systemstatebackup,584331dd-75bc-4c02-9e0b-17f5fd81c748,command_prompt
+impact,T1490,Inhibit System Recovery,8,Windows - Disable the SR scheduled task,1c68c68d-83a4-4981-974e-8993055fa034,powershell
 impact,T1491.001,Internal Defacement,1,Replace Desktop Wallpaper,30558d53-9d76-41c4-9267-a7bd5184bed3,powershell
 impact,T1496,Resource Hijacking,1,macOS/Linux - Simulate CPU Load with Yes,904a5a0e-fb02-490d-9f8d-0e256eb37549,bash
 impact,T1489,Service Stop,1,Windows - Stop service using Service Controller,21dfb440-830d-4c86-a3e5-2a491d5a8d04,command_prompt
diff --git a/atomics/Indexes/Indexes-CSV/windows-index.csv b/atomics/Indexes/Indexes-CSV/windows-index.csv
index e453dcab..a1afbe5c 100644
--- a/atomics/Indexes/Indexes-CSV/windows-index.csv
+++ b/atomics/Indexes/Indexes-CSV/windows-index.csv
@@ -443,6 +443,7 @@ impact,T1490,Inhibit System Recovery,4,Windows - Disable Windows Recovery Consol
 impact,T1490,Inhibit System Recovery,5,Windows - Delete Volume Shadow Copies via WMI with PowerShell,39a295ca-7059-4a88-86f6-09556c1211e7,powershell
 impact,T1490,Inhibit System Recovery,6,Windows - Delete Backup Files,6b1dbaf6-cc8a-4ea6-891f-6058569653bf,command_prompt
 impact,T1490,Inhibit System Recovery,7,Windows - wbadmin Delete systemstatebackup,584331dd-75bc-4c02-9e0b-17f5fd81c748,command_prompt
+impact,T1490,Inhibit System Recovery,8,Windows - Disable the SR scheduled task,1c68c68d-83a4-4981-974e-8993055fa034,powershell
 impact,T1491.001,Internal Defacement,1,Replace Desktop Wallpaper,30558d53-9d76-41c4-9267-a7bd5184bed3,powershell
 impact,T1489,Service Stop,1,Windows - Stop service using Service Controller,21dfb440-830d-4c86-a3e5-2a491d5a8d04,command_prompt
 impact,T1489,Service Stop,2,Windows - Stop service using net.exe,41274289-ec9c-4213-bea4-e43c4aa57954,command_prompt
diff --git a/atomics/Indexes/Indexes-Markdown/index.md b/atomics/Indexes/Indexes-Markdown/index.md
index 011d4200..3d23da0b 100644
--- a/atomics/Indexes/Indexes-Markdown/index.md
+++ b/atomics/Indexes/Indexes-Markdown/index.md
@@ -1145,6 +1145,7 @@
   - Atomic Test #5: Windows - Delete Volume Shadow Copies via WMI with PowerShell [windows]
   - Atomic Test #6: Windows - Delete Backup Files [windows]
   - Atomic Test #7: Windows - wbadmin Delete systemstatebackup [windows]
+  - Atomic Test #8: Windows - Disable the SR scheduled task [windows]
 - [T1491.001 Internal Defacement](../../T1491.001/T1491.001.md)
   - Atomic Test #1: Replace Desktop Wallpaper [windows]
 - T1498 Network Denial of Service [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
diff --git a/atomics/Indexes/Indexes-Markdown/windows-index.md b/atomics/Indexes/Indexes-Markdown/windows-index.md
index d585c6dd..ff41b5c4 100644
--- a/atomics/Indexes/Indexes-Markdown/windows-index.md
+++ b/atomics/Indexes/Indexes-Markdown/windows-index.md
@@ -808,6 +808,7 @@
   - Atomic Test #5: Windows - Delete Volume Shadow Copies via WMI with PowerShell [windows]
   - Atomic Test #6: Windows - Delete Backup Files [windows]
   - Atomic Test #7: Windows - wbadmin Delete systemstatebackup [windows]
+  - Atomic Test #8: Windows - Disable the SR scheduled task [windows]
 - [T1491.001 Internal Defacement](../../T1491.001/T1491.001.md)
   - Atomic Test #1: Replace Desktop Wallpaper [windows]
 - T1498 Network Denial of Service [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 42ed6fd1..ab4b4b3e 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -50203,6 +50203,24 @@ impact:
 '
         name: command_prompt
         elevation_required: true
+    - name: Windows - Disable the SR scheduled task
+      auto_generated_guid: 1c68c68d-83a4-4981-974e-8993055fa034
+      description: 'Use schtasks.exe to disable the System Restore (SR) scheduled
+        task
+
+'
+      supported_platforms:
+      - windows
+      executor:
+        command: 'schtasks.exe /Change /TN "\Microsoft\Windows\SystemRestore\SR" /disable
+
+'
+        cleanup_command: 'schtasks.exe /Change /TN "\Microsoft\Windows\SystemRestore\SR"
+          /enable
+
+'
+        name: powershell
+        elevation_required: true
   T1491.001:
     technique:
       external_references:
diff --git a/atomics/T1490/T1490.md b/atomics/T1490/T1490.md
index ad1339ef..7f56d2ec 100644
--- a/atomics/T1490/T1490.md
+++ b/atomics/T1490/T1490.md
@@ -25,6 +25,8 @@ A number of native Windows utilities have been used by adversaries to disable or
 
 - [Atomic Test #7 - Windows - wbadmin Delete systemstatebackup](#atomic-test-7---windows---wbadmin-delete-systemstatebackup)
 
+- [Atomic Test #8 - Windows - Disable the SR scheduled task](#atomic-test-8---windows---disable-the-sr-scheduled-task)
+
 
 <br/>
 
@@ -251,4 +253,36 @@ wbadmin delete systemstatebackup -keepVersions:0
 
 
 
+<br/>
+<br/>
+
+## Atomic Test #8 - Windows - Disable the SR scheduled task
+Use schtasks.exe to disable the System Restore (SR) scheduled task
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** 1c68c68d-83a4-4981-974e-8993055fa034
+
+
+
+
+
+
+#### Attack Commands: Run with `powershell`!  Elevation Required (e.g. root or admin) 
+
+
+```powershell
+schtasks.exe /Change /TN "\Microsoft\Windows\SystemRestore\SR" /disable
+```
+
+#### Cleanup Commands:
+```powershell
+schtasks.exe /Change /TN "\Microsoft\Windows\SystemRestore\SR" /enable
+```
+
+
+
+
+
 <br/>