In line 1616 could be a typo

[Andeandes]

`<TargetObject name="technique_id=T1562.001,technique_name=Disable or Modify Tools" condition="contains all">HKLM\software\lmicrosoft\microsoft antimalware\exclusions\`

<TargetObject name="technique_id=T1089,technique_name=Disabling Security Tools" condition="begin with">HKLM\software\microsoft\microsoft antimalware\exclusions\paths\</TargetObject>

I don't know if that is correct. But in my opinion it should be called microsoft...

many greetings Dean

[olafhartong]

you are right, thanks for spotting it! I've addressed it