Dev Drive Attach Policy Registry Key Deleted
Nasreddine Bencherchali (Nextron Systems)
Detects the deletion of a registry value related to "Dev Drive" filter drivers attach policy. An attacker might delete this in order to avoid security monitoring in dev drives.
Nextron Sigma feed only (private)