LetsDefend Monitoring Alert

EDR Tampering Attempt via EDR-Freeze

Sep, 26, 2025, 05:26 PM

Event ID: 322

Event Time: Sep, 26, 2025, 05:26 PM

Rule Name: SOC344 - EDR Tampering Attempt via EDR-Freeze

Alert Type: Malware

MITRE Technique:
T1059.001 - Execution - Command and Scripting Interpreter: PowerShell,
T1078 - Initial Access - Valid Accounts,
T1489 - Impact - Service Stop,
T1055 - Defense Evasion - Process Injection,
T1562 - Defense Evasion - Impair Defenses,
T1562.001 - Defense Evasion - Impair Defenses: Disable or Modify Tools,

Severity: High

Incident Responder

2025 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166