Skip to content

Hide Navigation Hide TOC

Folder Removed From Exploit Guard ProtectedFolders List - Registry (272e55a4-9e6b-4211-acb6-78f51f0b1b40)

Detects the removal of folders from the "ProtectedFolders" list of of exploit guard. This could indicate an attacker trying to launch an encryption process or trying to manipulate data inside of the protected folder

Cluster A Galaxy A Cluster B Galaxy B Level
Folder Removed From Exploit Guard ProtectedFolders List - Registry (272e55a4-9e6b-4211-acb6-78f51f0b1b40) Sigma-Rules Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 1
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 2