From 5ae956b99095d41aa7f185bd5b9afaae2db74255 Mon Sep 17 00:00:00 2001
From: pratinavchandra <pratinav.chandra1997@gmail.com>
Date: Tue, 2 Apr 2024 22:10:02 -0400
Subject: [PATCH] Added new atomic test: Update T1490.yaml (#2733)

* Added new atomic test: Update T1490.yaml

* Added cleanup_command
---
 atomics/T1490/T1490.yaml | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/atomics/T1490/T1490.yaml b/atomics/T1490/T1490.yaml
index eb82199d..0027a76e 100644
--- a/atomics/T1490/T1490.yaml
+++ b/atomics/T1490/T1490.yaml
@@ -173,4 +173,13 @@ atomic_tests:
       sc sdset VSS D:(D;;GA;;;NU)(D;;GA;;;WD)(D;;GA;;;AN)S:(AU;FA;GA;;;WD)(AU;OIIOFA;GA;;;WD)
     cleanup_command: |
       sc sdset VSS D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;LC;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
-
+- name: Disable Time Machine 
+  description: |
+     Disables Time Machine which is Apple's automated backup utility software. Attackers can use this to prevent backups from occurring and hinder the victim's ability to recover from any damage.
+  supported_platforms:
+  - macos
+  executor:
+    command: sudo tmutil disable
+    cleanup_command: sudo tmutil enable
+    name: sh
+    elevation_required: true