System Restore Registry Modification via CommandLine (7c06ab9b-b1d2-4ba9-b06e-09491ded20d9)
Detects system restore registry modification via command line, which can be used by adversaries to disable system restore on the computer.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| System Restore Registry Modification via CommandLine (7c06ab9b-b1d2-4ba9-b06e-09491ded20d9) | Sigma-Rules | Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) | Attack Pattern | 1 |