detection.wiki

Detection rules › Sigma

Windows Defender Malware And PUA Scanning Disabled

Severity
high
Author
Ján Trenčanský, frack113
Source
upstream

Detects disabling of the Windows Defender feature of scanning for malware and other potentially unwanted software

MITRE ATT&CK coverage

TacticTechniques
Defense EvasionT1562.001 Impair Defenses: Disable or Modify Tools

Event coverage

ProviderEvent IDTitle
Windows-Defender5010

Stages and Predicates

Stage 1: selection