Windows Recovery Environment Disabled Via Reagentc (db1c21e4-cd66-4b4e-85ca-590f0780529c)
Detects attempts to disable windows recovery environment using Reagentc. ReAgentc.exe is a command-line tool in Windows used to manage the Windows Recovery Environment (WinRE). It allows users to enable, disable, and configure WinRE, which is used for troubleshooting and repairing common boot issues.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) | Attack Pattern | Windows Recovery Environment Disabled Via Reagentc (db1c21e4-cd66-4b4e-85ca-590f0780529c) | Sigma-Rules | 1 |