Disable or Modify Tools
Attackers with the elevated permissions can disable security tools to avoid detection and activities that are being monitored
We can verify Defender is blocking our malicious attempts

We can disable defender utilizing PowerShell, Services, or even GPO Policies, an example is shown below:

Then after Disabling

Note: Something to notice is that Tamper protection blocks this action, ways to block this are via GPO or Registry Keys
Then after disabling any malicious attempts are able to be executed

Last updated
Was this helpful?