Update defense_evasion_microsoft_defender_tampering.toml (#4573)

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>

rules/windows/defense_evasion_microsoft_defender_tampering.toml

@@ -2,7 +2,7 @@
 creation_date = "2021/10/18"
 integration = ["endpoint", "windows", "m365_defender", "sentinel_one_cloud_funnel"]
 maturity = "production"
-updated_date = "2025/03/20"
+updated_date = "2025/03/27"
 
 [rule]
 author = ["Austin Songer"]
@@ -99,7 +99,7 @@ registry where host.os.type == "windows" and event.type == "change" and process.
       ) and registry.data.strings : ("0", "0x00000000")
     ) or
     (
-      registry.path : (
+      registry.value : (
         "DisableAntiSpyware", "DisableRealtimeMonitoring", "DisableIntrusionPreventionSystem", "DisableScriptScanning",
         "DisableIOAVProtection", "DisableEnhancedNotifications", "DisableBlockAtFirstSeen", "DisableBehaviorMonitoring"
       ) and registry.data.strings : ("1", "0x00000001")