Suspicious Application Allowed Through Exploit Guard (42205c73-75c8-4a63-9db1-e3782e06fda0)
Detects applications being added to the "allowed applications" list of exploit guard in order to bypass controlled folder settings
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) | Attack Pattern | Suspicious Application Allowed Through Exploit Guard (42205c73-75c8-4a63-9db1-e3782e06fda0) | Sigma-Rules | 1 |