Vendor
medium
advisory
Potential Evasion via Windows Filtering Platform Blocking Security Software
2 rules 2 TTPsAdversaries may add malicious Windows Filtering Platform (WFP) rules to prevent endpoint security solutions from sending telemetry data, impairing defenses, which this rule detects by identifying multiple WFP block events where the process name is associated with endpoint security software.
Windows Filtering Platform +2
defense-evasion
windows-filtering-platform
endpoint-security
2r
2t
high
advisory
Windows Filtering Platform Policy Added to Block EDR Process
2 rules 1 TTPAttackers modify the Windows Filtering Platform (WFP) policy to block the communication of endpoint detection and response (EDR) processes, impairing their functionality and hindering detection of malicious activities.
CylanceSvc.exe +15
edr-bypass
defense-evasion
wfp
2r
1t