Skip to content

Hide Navigation Hide TOC

Windows Defender Exploit Guard Tamper (a3ab73f1-bd46-4319-8f06-4b20d0617886)

Detects when someone is adding or removing applications or folders from exploit guard "ProtectedFolders" or "AllowedApplications"

Cluster A Galaxy A Cluster B Galaxy B Level
Windows Defender Exploit Guard Tamper (a3ab73f1-bd46-4319-8f06-4b20d0617886) Sigma-Rules Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern 1
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 2