Skip to content

Hide Navigation Hide TOC

Suspicious Windows Defender Registry Key Tampering Via Reg.EXE (452bce90-6fb0-43cc-97a5-affc283139b3)

Detects the usage of "reg.exe" to tamper with different Windows Defender registry keys in order to disable some important features related to protection and detection

Cluster A Galaxy A Cluster B Galaxy B Level
Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) Attack Pattern Suspicious Windows Defender Registry Key Tampering Via Reg.EXE (452bce90-6fb0-43cc-97a5-affc283139b3) Sigma-Rules 1