DET0687 Detection of Impair Defenses

Technique Detected: T1629 (Impair Defenses)

Analytics

Android

AN1797

Application vetting can detect many techniques associated with impairing device defenses.(Citation: Samsung Knox Mobile Threat Defense) Mobile security products integrated with Samsung Knox for Mobile Threat Defense can monitor processes to see if security tools are killed or stop running.

Log Sources

Mutable Elements