LoFP / deletion of defender malware detections history for legitimate reasons

Techniques

Sample rules

Windows Defender Malware Detection History Deletion

• source: sigma
• technicques:

Description

Windows Defender logs when the history of detected infections is deleted.

Detection logic

condition: selection
selection:
  EventID: 1013