Product
high
advisory
Cisco Secure Endpoint Uninstallation via SFC Utility
2 rulesThe sfc.exe utility is used with the "-u" parameter to uninstall Cisco Secure Endpoint components, potentially disabling endpoint protection and facilitating further exploitation.
Secure Endpoint +3
security-solution-tampering
endpoint
windows
2r
high
advisory
Cisco Secure Endpoint Tampering via SFC Utility
2 rulesThe sfc.exe utility is being used with the '-unblock' parameter, a feature within Cisco Secure Endpoint, to remove system blocks imposed by the endpoint protection, potentially indicating an attempt to bypass security measures and execute blocked malicious payloads.
Secure Endpoint +3
defense-evasion
endpoint
cisco
2r
high
advisory
Cisco Secure Endpoint Tampering via SFC Utility
2 rules 1 TTPAn attacker attempts to disable the Immunet Protect service of Cisco Secure Endpoint by leveraging the `sfc.exe` utility with the `-k` parameter, potentially blinding the EDR for further compromise.
Secure Endpoint +1
defense-evasion
endpoint
cisco
2r
1t