MDE tamper protection notification triggered by svchost.exe

A

AG-Astar

We have been seeing continuous event in Defender timeline that something is trying to Tampering Defender but enable to identify what actually causing this?Below are the events timeline:svchost.exe set registry value for key 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender' svchost.exe set registry value 'DisableAntiSpyware' for key 'SOFTWARE\Policies\Microsoft\Windows Defender' svchost.exe attempted to turn off the Microsoft Defender Antivirus security feature DisableAntiSpyware Looking for assistance on how this can be identified?Thank you

Continue reading...
 
Back
Top Bottom