A future ENS update is expected to resolve this issue and allow enabling of these Exploit Prevention rules.
These Exploit Prevention rules have been removed in Exploit Prevention content 12103 released on March 8, 2022.
Equivalent Expert Rules for these signatures are available via the following links if you want to keep them in your environment:
T1561 - MBR protection through DISK_REGION matching criteria
T1561 - MBR protection through LBA matching criteria
NOTE: These rules are more aggressive than the ones that were present in Exploit Prevention content. So, you need to tune them per your environment and needs.
To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.
