Detection rules › By event

Microsoft-Windows-Kernel-General event 16

1 detection rule reference this event. View event page.

Sigma (1)

Critical Hive In Suspicious Location Access Bits Cleared severity high T1003.002