Rule Info
Name
ELAM Driver Load Policy Weakened - Allow Known Bad Critical Drivers
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects a change in the setting of the driver load policy in order to allows the loading of known critical bad drivers.
While this is the default setting, a machine might have had a more stricter configuration before and this is trying to weaken it.
Reference
Date
2024-01-24 00:00:00
Modified
None
Id
f140494a-610f-4337-bfcd-489f8cfef606
Tags
attack.defense-evasion attack.t1564.001
Type
Nextron Sigma feed only (private)