Antivirus Filter Driver Disallowed On Dev Drive - Registry (31e124fb-5dc4-42a0-83b3-44a69c77b271)
Detects activity that indicates a user disabling the ability for Antivirus mini filter to inspect a "Dev Drive".
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) | Attack Pattern | Antivirus Filter Driver Disallowed On Dev Drive - Registry (31e124fb-5dc4-42a0-83b3-44a69c77b271) | Sigma-Rules | 1 |