Netsh Advfirewall Isolate Network

Rule Info

Name
Netsh Advfirewall Isolate Network
Author
X__Junior
Description
Detects execution of netsh.exe commands that modify Windows Advanced Firewall settings to block both inbound and outbound traffic, effectively isolating the system from network communication. This technique may be used by attackers to evade detection, prevent remediation, or disrupt incident response activities.
Reference
https://bbs.kafan.cn/thread-2288675-1-1.html
Date
2026-02-20 00:00:00
Modified
None
Id
cddaba5d-182c-41ff-94e5-65a5a0519c3b
Tags
attack.defense-evasion attack.t1562.004 attack.s0108
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022