Windows Defender Context Menu Removed (b9e8c7d6-a5f4-4e3d-8b1a-9f0c8d7e6a5b)
Detects the use of reg.exe or PowerShell to delete the Windows Defender context menu handler registry keys. This action removes the "Scan with Microsoft Defender" option from the right-click menu for files, directories, and drives. Attackers may use this technique to hinder manual, on-demand scans and reduce the visibility of the security product.