Block persistence through WMI event subscription

Copper Contributor

'GUID: e6db77e5-3df2-4cf1-b95a-636979351e5b' is not available under AD Group Policy (Windows components > Microsoft Defender Antivirus > Microsoft Defender Exploit Guard > Attack surface reduction).

Is it a case of just adding entry myself or do you actually need to promote DC functional level (current is 2008 r2)?

0 Replies