New File Exclusion Added To Time Machine Via Tmutil - MacOS (9acf45ed-3a26-4062-bf08-56857613eb52)
Detects the addition of a new file or path exclusion to MacOS Time Machine via the "tmutil" utility. An adversary could exclude a path from Time Machine backups to prevent certain files from being backed up.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| New File Exclusion Added To Time Machine Via Tmutil - MacOS (9acf45ed-3a26-4062-bf08-56857613eb52) | Sigma-Rules | Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) | Attack Pattern | 1 |