Filter Manager Control Program used by Windows
Paths:
- C:\Windows\System32\fltMC.exe
Tamper
-
Unloads a driver used by security agents
fltMC.exe unload SysmonDrv
- Use case
- Defense evasion
- Privileges required
- Admin
- Operating systems
- Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
- ATT&CKĀ® technique
- T1562.001: Disable or Modify Tools