Windows Defender Exclusions Added - Registry

Aug 12, 2024 · attack.defense-evasion attack.t1562.001 ·

Detects the Setting of Windows Defender Exclusions

Sigma rule (View on GitHub)

 1title: Windows Defender Exclusions Added - Registry
 2id: a982fc9c-6333-4ffb-a51d-addb04e8b529
 3related:
 4    - id: 1321dc4e-a1fe-481d-a016-52c45f0c8b4f
 5      type: derived
 6status: test
 7description: Detects the Setting of Windows Defender Exclusions
 8references:
 9    - https://twitter.com/_nullbind/status/1204923340810543109
10author: Christian Burkard (Nextron Systems)
11date: 2021-07-06
12modified: 2023-08-17
13tags:
14    - attack.defense-evasion
15    - attack.t1562.001
16logsource:
17    product: windows
18    category: registry_set
19detection:
20    selection2:
21        TargetObject|contains: '\Microsoft\Windows Defender\Exclusions'
22    condition: selection2
23falsepositives:
24    - Administrator actions
25level: medium

References

x.com

Read More

Related rules

AMSI Bypass Pattern Assembly GetType
AWS CloudTrail Important Change
AWS Config Disabling Channel/Recorder
AWS GuardDuty Important Change
Add SafeBoot Keys Via Reg Utility

Windows Defender Exclusions Added - Registry

Sigma rule (View on GitHub)

References

x.com

Related rules