Vendor

Malwarebytes

2 briefs RSS

Potential Evasion via Windows Filtering Platform Blocking Security Software

Adversaries may add malicious Windows Filtering Platform (WFP) rules to prevent endpoint security solutions from sending telemetry data, impairing defenses, which this rule detects by identifying multiple WFP block events where the process name is associated with endpoint security software.

Windows Filtering Platform +2 defense-evasion windows-filtering-platform endpoint-security

2r 2t 7h ago

high advisory

Suspicious Process Access via Direct System Call

2 rules 3 TTPs

Detects suspicious process access events where the call trace does not originate from known Windows system DLLs, indicating potential defense evasion by bypassing hooked APIs via direct syscalls.

EdgeWebView +4 defense-evasion execution windows

2r 3t Jan 3, 2024