Microsoft Defender Tamper Protection Trigger (49e5bc24-8b86-49f1-b743-535f332c2856)
Detects blocked attempts to change any of Defender's settings such as "Real Time Monitoring" and "Behavior Monitoring"
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Microsoft Defender Tamper Protection Trigger (49e5bc24-8b86-49f1-b743-535f332c2856) | Sigma-Rules | Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) | Attack Pattern | 1 |