Registry Modifications to Disable Windows Security Center Features

Rule Info

Name
Registry Modifications to Disable Windows Security Center Features
Author
X__Junior
Description
Detects modifications to the Windows Registry intended to disable various Security Center features, these changes can indicate an attempt by malicious actors to evade security measures, suppress important security notifications, or establish persistence on the system by disabling critical security functionalities.
Reference
https://tria.ge/240516-mq534sgf3w/behavioral2
Date
2024-09-29 00:00:00
Modified
None
Id
e28b2d07-09cc-477b-b778-cb4e69ee232c
Tags
attack.persistence attack.t1547.001 detection.emerging-threats
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022