Windows Defender Exclusion List Modified (46a68649-f218-4f86-aea1-16a759d81820)
Detects modifications to the Windows Defender exclusion registry key. This could indicate a potentially suspicious or even malicious activity by an attacker trying to add a new exclusion in order to bypass security.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) | Attack Pattern | Windows Defender Exclusion List Modified (46a68649-f218-4f86-aea1-16a759d81820) | Sigma-Rules | 1 |