One of the active defence components I work with monitors for activity that attempts to disable end point security, a kind of “Quis custodiet ipsos custodes?” for the 21st century. What do you do to check that your expensive EDR is actually working?…:
An ongoing Zloader campaign uses a new infection chain to disable Microsoft Defender Antivirus (formerly Windows Defender) on victims’ computers to evade detection. […]