Product
Attackers modify the Windows Defender registry settings to disable the service or set the service to be started manually, evading defenses.