Windows Filtering Platform Blocked Connection From EDR Agent Binary (bacf58c6-e199-4040-a94f-95dea0f1e45a)
Detects a Windows Filtering Platform (WFP) blocked connection event involving common Endpoint Detection and Response (EDR) agents. Adversaries may use WFP filters to prevent Endpoint Detection and Response (EDR) agents from reporting security events.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Windows Filtering Platform Blocked Connection From EDR Agent Binary (bacf58c6-e199-4040-a94f-95dea0f1e45a) | Sigma-Rules | Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) | Attack Pattern | 1 |