security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: improved old rule

Browse Source
This commit is contained in:
Florian Roth
2022-07-04 13:20:40 +02:00
parent 2781e2e5c7
commit de15afbbf7
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/registry/registry_set/registry_set_disabled_pua_protection_on_microsoft_defender.yml
+2 -2
View File
@@ -3,7 +3,7 @@ id: 8ffc5407-52e3-478f-9596-0a7371eafe13
description: Detects disabling Windows Defender PUA protection
status: experimental
date: 2021/08/04
modified: 2022/03/26
modified: 2022/07/04
author: Austin Songer @austinsonger
references:
- https://www.tenforums.com/tutorials/32236-enable-disable-microsoft-defender-pua-protection-windows-10-a.html
@@ -13,7 +13,7 @@ logsource:
detection:
selection:
EventType: SetValue
TargetObject|contains: 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\PUAProtection'
TargetObject|contains: '\Policies\Microsoft\Windows Defender\PUAProtection'
Details: 'DWORD (0x00000000)'
condition: selection
falsepositives: