Potential AutoLogger Sessions Tampering (f37b4bce-49d0-4087-9f5b-58bffda77316)
Detects tampering with autologger trace sessions which is a technique used by attackers to disable logging. The AutoLogger event tracing session records events up that occur early in the operating system boot process. Applications and device drivers can use the AutoLogger session to capture traces before the user logs in, and also used by security solutions as telemetry source. Adversaries may disable these sessions to evade detection and prevent security monitoring of early boot activities and system events.