Windows Hypervisor Enforced Code Integrity Disabled (8b7273a4-ba5d-4d8a-b04f-11f2900d043a)
Detects changes to the HypervisorEnforcedCodeIntegrity registry key and the "Enabled" value being set to 0 in order to disable the Hypervisor Enforced Code Integrity feature. This allows an attacker to load unsigned and untrusted code to be run in the kernel
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) | Attack Pattern | Windows Hypervisor Enforced Code Integrity Disabled (8b7273a4-ba5d-4d8a-b04f-11f2900d043a) | Sigma-Rules | 1 |