Tag

Exclusion

2 briefs RSS

Windows Defender Exclusion Registry Modification

Adversaries modify Windows Defender exclusion registry entries to bypass antivirus and execute malicious code undetected, potentially leading to persistence and further malicious activities.

Windows Defender +3 windows endpoint registry defender exclusion defense-evasion malware

2r 1t Jan 3, 2024

high advisory

Windows Defender Exclusion Added or Modified via Command Line

2 rules

Adversaries use Add-MpPreference or Set-MpPreference commands to add exclusions in Windows Defender, allowing malicious code to execute undetected, and this activity can be detected via Endpoint Detection and Response (EDR) agents.

Windows Defender +3 windowsdefender exclusion defense-evasion endpoint

2r Jan 3, 2024