Time Machine Backup Disabled Via Tmutil - MacOS (2c95fa8a-8b8d-4787-afce-7117ceb8e3da)
Detects disabling of Time Machine (Apple's automated backup utility software) via the native macOS backup utility "tmutil". An attacker can use this to prevent backups from occurring.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) | Attack Pattern | Time Machine Backup Disabled Via Tmutil - MacOS (2c95fa8a-8b8d-4787-afce-7117ceb8e3da) | Sigma-Rules | 1 |