Tag

Defender

4 briefs RSS

Windows Defender Throttle Rate Modification

An attacker modifies the Windows Defender ThrottleDetectionEventsRate registry setting to reduce the frequency of logged detection events, potentially evading detection.

Splunk Enterprise +2 windows defender registry defense-evasion

2r 1t Jan 3, 2024

high advisory

Windows Defender Exclusion Registry Modification

2 rules 1 TTP

Adversaries modify Windows Defender exclusion registry entries to bypass antivirus and execute malicious code undetected, potentially leading to persistence and further malicious activities.

Windows Defender +3 windows endpoint registry defender exclusion defense-evasion malware

2r 1t Jan 3, 2024

high threat

Windows Defender BlockAtFirstSeen Feature Disabled via Registry Modification

2 rules

An attacker modifies the Windows Registry to disable the Windows Defender BlockAtFirstSeen feature, potentially allowing malware to bypass initial detection and increasing the risk of system compromise.

exploited Windows Defender +3 registry_modification defender blockatfirstseen

2r Jan 3, 2024

high advisory

Windows Defender Health Check Interval Modification

2 rules

This analytic detects modifications to the Windows registry, specifically targeting the `ServiceKeepAlive` value, to impair Windows Defender's ability to perform timely health checks, potentially leading to a vulnerable system state.

Splunk Enterprise +3 windows registry defender defense-evasion threat

2r Jan 3, 2024