Use cases for Defender Management
Last modified by Jannis Klein on 2024/08/13 08:28
Below are two possible use cases for Defender Management:
- ASR rules: Event IDs 1121 and 1122 occur in conjunction with an lsass.exe and block the operation
- VirTool: Win32/DefenderTamperingRestore triggers a threat alert