security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update defense_evasion_microsoft_defender_tampering.toml (#1837)

Browse Source 
(cherry picked from commit b5f06f455c)
This commit is contained in:
Jonhnathan
2022-03-14 20:07:39 -03:00
committed by github-actions[bot]
parent 944357ffd6
commit 1b5720caa5
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/defense_evasion_microsoft_defender_tampering.toml
+2 -2
View File
@@ -1,7 +1,7 @@
[metadata]
creation_date = "2021/10/18"
maturity = "production"
updated_date = "2022/02/14"
updated_date = "2022/03/14"
[rule]
author = ["Austin Songer"]
@@ -37,7 +37,7 @@ registry where event.type in ("creation", "change") and
(registry.path : "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\PUAProtection" and
registry.data.strings : ("0", "0x00000000")) or
(registry.path : "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Defender Security Center\\App and Browser protection\\DisallowExploitProtectionOverride" and
registry.data.strings : ("1", "0x00000001")) or
registry.data.strings : ("0", "0x00000000")) or
(registry.path : "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\DisableAntiSpyware" and
registry.data.strings : ("1", "0x00000001")) or
(registry.path : "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Features\\TamperProtection" and