Skip to content

Hide Navigation Hide TOC

Windows Defender Exclusion List Modified (46a68649-f218-4f86-aea1-16a759d81820)

Detects modifications to the Windows Defender exclusion registry key. This could indicate a potentially suspicious or even malicious activity by an attacker trying to add a new exclusion in order to bypass security.

Cluster A Galaxy A Cluster B Galaxy B Level
Windows Defender Exclusion List Modified (46a68649-f218-4f86-aea1-16a759d81820) Sigma-Rules Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 1
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 2