Use cases for Defender Management
Last modified by S V on 2023/03/08 11:37
Below are two possible use cases for Defender Management:
- ASR rules: Event IDs 1121 and 1122 occur in conjunction with an lsass.exe and block the operation
- VirTool: Win32/DefenderTamperingRestore triggers a threat alert