Windows Defender Threat Detected - WDBlockFirewallRule

Rule Info

Name
Windows Defender Threat Detected - WDBlockFirewallRule
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Triggers on instances of a Windows Defender threat of type "WDBlockFirewall". This indicates that an attacker is trying to add blocking firewall rule in order to block communication between Windows Defender and the internet to bypass defenses.
Date
2024-07-09 00:00:00
Modified
None
Id
7eb4a70c-b5dc-443e-b54d-fdb28fd1ae88
Tags
attack.defense-evasion
Type
Nextron Sigma feed only (private)

Rule History