Windows Filtering Platform Blocked Connection From EDR Agent Binary (bacf58c6-e199-4040-a94f-95dea0f1e45a)
Detects a Windows Filtering Platform (WFP) blocked connection event involving common Endpoint Detection and Response (EDR) agents. Adversaries may use WFP filters to prevent Endpoint Detection and Response (EDR) agents from reporting security events.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) | Attack Pattern | Windows Filtering Platform Blocked Connection From EDR Agent Binary (bacf58c6-e199-4040-a94f-95dea0f1e45a) | Sigma-Rules | 1 |