Product
high
advisory
Suspicious Registry Hive Access via RegBack
2 rules 1 TTPThis rule detects attempts to access registry backup hives (SAM, SECURITY, SYSTEM) via RegBack on Windows systems, which can contain or enable access to credential material.
Endpoint Defense +6
credential-access
regback
windows
2r
1t
medium
advisory
Potential Defense Evasion via Filter Manager (fltMC.exe)
2 rules 1 TTPAdversaries may abuse the Filter Manager Control Program (fltMC.exe) to unload filter drivers, thereby evading security software defenses such as malware detection and file system monitoring.
Defender XDR +3
defense-evasion
filter-driver
fltMC.exe
windows
2r
1t