Think you have a false positive on this rule?

Sid 1-49705

Message

OS-WINDOWS Microsoft Windows NtSetCachedSigningLevel Device Guard bypass attempt

Summary

This event is generated when an attacker attempts to bypass device guard in Microsoft Windows

Impact

policy violation Information disclosure

Detailed information

Affected systems

  • Microsoft Windows System

Ease of attack

False positives

None known

False negatives

None known

Corrective action

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0732