Rule Info
Name
Local Firewall Policy Merge Allowed Via AllowLocalPolicyMerge Registry Value
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects the deletion or setting of the "AllowLocalPolicyMerge" registry value with a data of "DWORD (0x00000001)".
This would allow the merging of local firewall rules with those of the group policy. This may weaken intended group policy firewall configurations.
Date
2024-07-09 00:00:00
Modified
None
Id
59c10206-89b7-4993-a842-360de3469859
Tags
attack.defense-evasion
Type
Nextron Sigma feed only (private)