{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/attack.t1490/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["attack.impact","attack.t1490"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eAttackers may attempt to disable the Windows System Restore feature to hinder forensic analysis and recovery efforts. This involves modifying specific registry keys related to System Restore configuration and operation, effectively preventing the system from creating or using restore points. The commands are executed via cmd, PowerShell or other scripting engines. Disabling System Restore can allow malware to operate without the risk of easy rollback, potentially increasing the impact of a…\u003c/p\u003e\n","date_modified":"2024-01-03T14:30:00Z","date_published":"2024-01-03T14:30:00Z","id":"/briefs/2024-01-system-restore-disable/","summary":"Attackers may attempt to disable system restore via registry modifications through the command line to prevent recovery after malicious activity.","title":"System Restore Disabled via Registry Modification","url":"https://feed.craftedsignal.io/briefs/2024-01-system-restore-disable/"}],"language":"en","title":"CraftedSignal Threat Feed — Attack.t1490","version":"https://jsonfeed.org/version/1.1"}