Detection rules › Sigma
Windows Defender Virus Scanning Feature Disabled
Detects disabling of the Windows Defender virus scanning feature
MITRE ATT&CK coverage
| Tactic | Techniques |
|---|---|
| Defense Evasion | T1562.001 Impair Defenses: Disable or Modify Tools |
Event coverage
| Provider | Event ID | Title |
|---|---|---|
| Windows-Defender | 5012 |