Local Firewall Policy Merge Allowed Via AllowLocalPolicyMerge Registry Value

Rule Info

Name
Local Firewall Policy Merge Allowed Via AllowLocalPolicyMerge Registry Value
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects the deletion or setting of the "AllowLocalPolicyMerge" registry value with a data of "DWORD (0x00000001)". This would allow the merging of local firewall rules with those of the group policy. This may weaken intended group policy firewall configurations.
Date
2024-07-09 00:00:00
Modified
None
Id
59c10206-89b7-4993-a842-360de3469859
Tags
attack.defense-evasion
Type
Nextron Sigma feed only (private)

Rule History