ELAM Driver Load Policy Tampering - Allow All Drivers

Rule Info

Name
ELAM Driver Load Policy Tampering - Allow All Drivers
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects a change in the setting of the driver load policy in order to allows the loading of any or known bad drivers.
Reference
https://learn.microsoft.com/en-us/windows-hardware/drivers/install/elam-driver-requirements
Date
2024-01-24 00:00:00
Modified
None
Id
50bd073b-6d95-4424-bf67-307ca6b52a97
Tags
attack.defense_evasion attack.t1564.001
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022