Windows Defender exclusion abuse
GPTKB entity
Statements (18)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:cybersecurity_vulnerability
|
| gptkbp:category |
defense evasion
endpoint security bypass |
| gptkbp:describes |
Technique where attackers add files, folders, or processes to Windows Defender's exclusion list to avoid detection.
|
| gptkbp:detects |
audit Windows Defender exclusion list changes
|
| gptkbp:exploits |
attackers
|
| gptkbp:impact |
increased persistence of threats
reduced malware detection |
| gptkbp:mitigatedBy |
monitor exclusion list changes
restrict access to Defender settings |
| gptkbp:platform |
gptkb:Microsoft_Windows
|
| gptkbp:relatedTo |
gptkb:Windows_Defender
malware evasion |
| gptkbp:usedBy |
gptkb:malware
advanced persistent threats |
| gptkbp:bfsParent |
gptkb:Conti_ransomware_campaigns
|
| gptkbp:bfsLayer |
8
|
| https://www.w3.org/2000/01/rdf-schema#label |
Windows Defender exclusion abuse
|