Skip to content

Hide Navigation Hide TOC

Suspicious Windows Defender Registry Key Tampering Via Reg.EXE (452bce90-6fb0-43cc-97a5-affc283139b3)

Detects the usage of "reg.exe" to tamper with different Windows Defender registry keys in order to disable some important features related to protection and detection

Cluster A Galaxy A Cluster B Galaxy B Level
Suspicious Windows Defender Registry Key Tampering Via Reg.EXE (452bce90-6fb0-43cc-97a5-affc283139b3) Sigma-Rules Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 1
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 2