Skip to content

Hide Navigation Hide TOC

Potential Tampering With Security Products Via WMIC (847d5ff3-8a31-4737-a970-aeae8fe21765)

Detects uninstallation or termination of security products using the WMIC utility

Cluster A Galaxy A Cluster B Galaxy B Level
Potential Tampering With Security Products Via WMIC (847d5ff3-8a31-4737-a970-aeae8fe21765) Sigma-Rules Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 1
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 2