LoFP / unlikely as this weakens defenses and normally would not be done even if using another av.

Techniques

Sample rules

Delete Defender Scan ShellEx Context Menu Registry Key

• source: sigma
• technicques:

Description

Detects deletion of registry key that adds ‘Scan with Defender’ option in context menu. Attackers may use this to make it harder for users to scan files that are suspicious.

Detection logic

condition: selection
selection:
  TargetObject|contains: shellex\ContextMenuHandlers\EPP