Techniques
Sample rules
Microsoft Malware Protection Engine Crash
- source: sigma
- technicques:
- t1211
- t1562
- t1562.001
Description
This rule detects a suspicious crash of the Microsoft Malware Protection Engine
Detection logic
condition: selection
selection:
Data|contains|all:
- MsMpEng.exe
- mpengine.dll
EventID: 1000
Provider_Name: Application Error
Microsoft Malware Protection Engine Crash - WER
- source: sigma
- technicques:
- t1211
- t1562
- t1562.001
Description
This rule detects a suspicious crash of the Microsoft Malware Protection Engine
Detection logic
condition: selection
selection:
Data|contains|all:
- MsMpEng.exe
- mpengine.dll
EventID: 1001
Provider_Name: Windows Error Reporting