Threat Actor Defense Evasion: How Attackers Disable AV & EDR
ID: a558c6fb-fea1-5a09-b967-d05dde2e7428
STIX ID: report--a558c6fb-fea1-5a09-b967-d05dde2e7428
Feed Name: Huntress Blog
Threat Score
This Huntress report details how threat actors actively disable endpoint defenses—via privilege escalation, uninstalling agents, abusing Defender exclusions, and BYOVD attacks that load signed but vulnerable drivers to gain kernel access and kill AV/EDR processes—illustrating real 2026 incidents and Huntress detection/mitigation controls.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.