Closed Andeandes closed 1 year ago
`<TargetObject name="technique_id=T1562.001,technique_name=Disable or Modify Tools" condition="contains all">HKLM\software\lmicrosoft\microsoft antimalware\exclusions\`
`<TargetObject
<TargetObject name="technique_id=T1089,technique_name=Disabling Security Tools" condition="begin with">HKLM\software\microsoft\microsoft antimalware\exclusions\paths\</TargetObject>
I don't know if that is correct. But in my opinion it should be called microsoft...
many greetings Dean
you are right, thanks for spotting it! I've addressed it
`<TargetObject
name="technique_id=T1562.001,technique_name=Disable or Modify Tools" condition="contains all">HKLM\software\lmicrosoft\microsoft antimalware\exclusions\`<TargetObject name="technique_id=T1089,technique_name=Disabling Security Tools" condition="begin with">HKLM\software\microsoft\microsoft antimalware\exclusions\paths\</TargetObject>
I don't know if that is correct. But in my opinion it should be called microsoft...
many greetings Dean