Skip to content

Hide Navigation Hide TOC

New Firewall Rule Added In Windows Firewall Exception List For Potential Suspicious Application (9e2575e7-2cb9-4da1-adc8-ed94221dca5e)

Detects the addition of a new rule to the Windows Firewall exception list for an application located in a potentially suspicious location.

Cluster A Galaxy A Cluster B Galaxy B Level
New Firewall Rule Added In Windows Firewall Exception List For Potential Suspicious Application (9e2575e7-2cb9-4da1-adc8-ed94221dca5e) Sigma-Rules Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern 1
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 2