Query Details
Defender Local Override
Query
Tags: Query: DeviceRegistryEvents | where ActionType == @"RegistryValueSet" | where RegistryKey == @"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths" References:
Explanation
The query is looking for events in the Device Registry where the ActionType is "RegistryValueSet" and the RegistryKey is "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths".
Details
Ali Hussein
Released: September 14, 2023
Tables
DeviceRegistryEvents
Keywords
DeviceRegistryEvents,ActionType,RegistryValueSet,RegistryKey,HKEY_LOCAL_MACHINE,SOFTWARE,Microsoft,WindowsDefender,Exclusions,TemporaryPaths
Operators
|======