ITM is an open framework - Submit your contributions now.

Insider Threat Matrix™

  • ID: PV033
  • Created: 24th July 2024
  • Updated: 24th July 2024
  • Platforms: Windows, Linux, MacOS
  • Contributor: Ismael Briones-Vilar

Native Anti-Tampering Protections

Commercial security software may include native anti-tampering protections that prevent attempts to interfere with its operations, such as deleting or renaming required files.

Sections

ID Name Description
PR018Circumventing Security Controls

A subject abuses their access or conducts unapproved changes to circumvent host-based security controls.

PR018.006Impairing an Anti-Virus Solution

A subject abuses their access or conducts unapproved changes to impair the effectiveness of an anti-virus solution, such as causing it to crash or killing any associated system processes.

PR018.005Uninstalling an Anti-Virus Solution

A subject abuses their access or conducts unapproved changes by uninstalling the anti-virus solution installed on a system.

PR018.002Impairing a Security Agent

A subject abuses their access or conducts unapproved changes to impair the effectiveness of a security agent, such as causing it to crash or killing any associated system processes.

PR018.001Uninstalling a Security Agent

A subject abuses their access or conducts unapproved changes to uninstall a security agent that is present on a system.