.. /fltMC.exe
Star

Filter Manager Control Program used by Windows

Paths:

C:\Windows\System32\fltMC.exe

Resources:

https://www.darkoperator.com/blog/2018/10/5/operating-offensively-against-sysmon

Acknowledgements:

Carlos Perez (@Carlos_Perez)

Detection:

Tamper

Unloads a driver used by security agents
```
fltMC.exe unload SysmonDrv
```
Use case
Defense evasion

Privileges required
Admin

Operating systems
Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11

ATT&CK® technique
T1562.001