Skip to content

Hide Navigation Hide TOC

Hypervisor Enforced Code Integrity Disabled (8b7273a4-ba5d-4d8a-b04f-11f2900d043a)

Detects changes to the HypervisorEnforcedCodeIntegrity registry key and the "Enabled" value being set to 0 in order to disable the Hypervisor Enforced Code Integrity feature. This allows an attacker to load unsigned and untrusted code to be run in the kernel

Cluster A Galaxy A Cluster B Galaxy B Level
Hypervisor Enforced Code Integrity Disabled (8b7273a4-ba5d-4d8a-b04f-11f2900d043a) Sigma-Rules Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 1
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 2