Skip to content

Hide Navigation Hide TOC

New Firewall Rule Added In Windows Firewall Exception List For Potential Suspicious Application (9e2575e7-2cb9-4da1-adc8-ed94221dca5e)

Detects the addition of a new rule to the Windows Firewall exception list for an application located in a potentially suspicious location.

Cluster A Galaxy A Cluster B Galaxy B Level
New Firewall Rule Added In Windows Firewall Exception List For Potential Suspicious Application (9e2575e7-2cb9-4da1-adc8-ed94221dca5e) Sigma-Rules Windows Host Firewall - T1686.003 (291ede6c-1473-454c-b614-5ac5ea63c987) Attack Pattern 1
Disable or Modify System Firewall - T1686 (eec096b8-c207-43df-b6c1-11523861e452) Attack Pattern Windows Host Firewall - T1686.003 (291ede6c-1473-454c-b614-5ac5ea63c987) Attack Pattern 2