Windows Defender Grace Period Expired

Severity: high
Author: Ján Trenčanský, frack113
Source: upstream

Detects the expiration of the grace period of Windows Defender. This means protection against viruses, spyware, and other potentially unwanted software is disabled.

MITRE ATT&CK coverage

Tactic	Techniques
Defense Evasion	`T1562.001` Impair Defenses: Disable or Modify Tools

Event coverage

Provider	Event ID	Title
Windows-Defender	5101

Windows Defender Grace Period Expired

MITRE ATT&CK coverage

Event coverage

Stages and Predicates

Stage 1: `selection`

Keyboard Shortcuts

Windows Defender Grace Period Expired

MITRE ATT&CK coverage

Event coverage

Stages and Predicates

Stage 1: selection

Stage 1: `selection`