|
|
|
|
|
|
by Hilift
401 days ago
|
|
|
If you are a threat actor, you could get lucky and there isn't another Endpoint Detection and Response product installed, which would almost certainly intercept this. If you are an EDR vendor, this is an obfuscated API call that EDR vendors can use to suppress or disable the Windows Firewall. CrowdStrike for example, can do either I believe, use Windows Firewall or use their implementation. |
|
|