Windows Defender Exclusions Added - Registry

 1title: Windows Defender Exclusions Added - Registry
 2id: a982fc9c-6333-4ffb-a51d-addb04e8b529
 3related:
 4    - id: 1321dc4e-a1fe-481d-a016-52c45f0c8b4f
 5      type: derived
 6status: test
 7description: Detects the Setting of Windows Defender Exclusions
 8references:
 9    - https://twitter.com/_nullbind/status/1204923340810543109
10author: Christian Burkard (Nextron Systems)
11date: 2021/07/06
12modified: 2023/08/17
13tags:
14    - attack.defense_evasion
15    - attack.t1562.001
16logsource:
17    product: windows
18    category: registry_set
19detection:
20    selection2:
21        TargetObject|contains: '\Microsoft\Windows Defender\Exclusions'
22    condition: selection2
23falsepositives:
24    - Administrator actions
25level: medium

References

• Something went wrong, but don’t fret — let’s give it another shot.

  
  Read More

Related rules

• Disable Exploit Guard Network Protection on Windows Defender
• Disable PUA Protection on Windows Defender
• Disable Privacy Settings Experience in Registry
• Disable Tamper Protection on Windows Defender
• Disable Windows Defender Functionalities Via Registry Keys