Outlook Security Settings Updated - Registry

 1title: Outlook Security Settings Updated - Registry
 2id: c3cefdf4-6703-4e1c-bad8-bf422fc5015a
 3related:
 4    - id: a166f74e-bf44-409d-b9ba-ea4b2dd8b3cd # EnableUnsafeClientMailRules
 5      type: similar
 6status: test
 7description: Detects changes to the registry values related to outlook security settings
 8references:
 9    - https://github.com/redcanaryco/atomic-red-team/blob/f339e7da7d05f6057fdfcdd3742bfcf365fee2a9/atomics/T1137/T1137.md
10    - https://learn.microsoft.com/en-us/outlook/troubleshoot/security/information-about-email-security-settings
11author: frack113
12date: 2021-12-28
13modified: 2023-08-17
14tags:
15    - attack.persistence
16    - attack.t1137
17logsource:
18    category: registry_set
19    product: windows
20detection:
21    selection:
22        TargetObject|contains|all:
23            - '\SOFTWARE\Microsoft\Office\'
24            - '\Outlook\Security\'
25    condition: selection
26falsepositives:
27    - Administrative activity
28level: medium

References

• atomic-red-team/atomics/T1137/T1137.md at f339e7da7d05f6057fdfcdd3742bfcf365fee2a9 · redcanaryco/atomic-red-team

  

  Small and highly portable detection tests based on MITRE's ATT&CK. - redcanaryco/atomic-red-team

  
  Read More

• Information about e-mail security settings - Outlook

  

  Contains information for administrators about e-mail security settings in Outlook 2007. Lists the registry settings that you can use to configure security options in Outlook 2007.

  
  Read More

Related rules

• IE Change Domain Zone
• New Outlook Macro Created
• Outlook Macro Execution Without Warning Setting Enabled
• Outlook Task/Note Reminder Received
• Potential Persistence Via Microsoft Office Startup Folder