& Disabling Security Tools

From ema
Jump to navigation Jump to search
EMA ID: ema-1146
Description: Malware examples include:
  • Disable Kernel Patch Protection - bypasses or disables kernel patch protection mechanisms such as Windows' PatchGuard, enabling the malware instance to operate at the same level as the operating system kernel and kernel mode drivers (KMD).
  • Disable System File Overwrite Protection - disables system file overwrite protection mechanisms such as Windows file protection, thereby enabling system files to be modified or replaced.

Associated Capabilities/Subcapabilities: Capability.png Defense Evasion

Associated With & Disabling Security Tools
No results