detection.wiki

Detection rules › Sigma

The Windows Defender Firewall Service Failed To Load Group Policy

Severity
low
Author
frack113
Source
upstream

Detects activity when The Windows Defender Firewall service failed to load Group Policy

MITRE ATT&CK coverage

TacticTechniques
Defense EvasionT1562.004 Impair Defenses: Disable or Modify System Firewall

Event coverage

ProviderEvent IDTitle
Windows-Firewall-With-Advanced-Security2009

Stages and Predicates

Stage 1: selection