Tag
medium
advisory
Windows Defender Signature Retirement Disabled via Registry Modification
2 rules 1 TTPAn attacker disables Windows Defender's signature retirement feature by modifying a registry key, potentially reducing its effectiveness in detecting threats by allowing older, less relevant signatures to persist.
Windows Defender +3
defense-evasion
windows-registry
windows-defender
2r
1t
high
advisory
Windows Defender Network Protection Disabled via Registry Modification
2 rules 1 TTPThis analytic detects modifications to the Windows registry to disable Windows Defender Network Protection, potentially leaving the system vulnerable to network-based threats.
Windows Defender
defense-evasion
privilege-escalation
windows-registry
2r
1t
medium
advisory
Windows Defender Quick Scan Interval Modification
2 rules 1 TTPDetection of modifications to the Windows registry that change the Windows Defender Quick Scan Interval, potentially impairing its ability to detect malware promptly.
Splunk Enterprise +3
defense-evasion
windows-registry
windows-defender
endpoint
2r
1t