Home » MDAV


Microsoft Defender Antivirus (MDAV) is an antivirus program included with Windows 10, Windows 8.1 and Windows 7. It provides real-time protection from malware and can scan files, apps and settings for threats.

This feature focused on real-time protection is also the one that attackers usually try to disable. Indeed, Microsoft Defender Antivirus can be disabled or tampered using different techniques. These techniques can be classic PowerShell Commands such as “Set-MpPreference” but also a legitimate executable from MDAV, like MpCmdRun.exe. Tricky for defenders!

To protect you from these techniques, several Sigma detection rules are shared in this blogpost and in our public GitHub repository. Users of our SOC platform have access to these rules and more in Sekoia.io rules catalog.

Feel free to discover other glossary and read other TDR analysis here :

Others Terms

Others Terms


A modern SaaS SIEM provides a single detection capability for all IT assets and services of organizations. It is a cyber threat detection platform based on the fusion of Cyber Threat Intelligence and SIEM in the next-generation cloud.

SOC(Security Operations Center)

Security Operations Center (SOC) is an organizational structure dedicated to the implementation of all the security operations of an organization against cyberattacks. These actions include the supervision and protection of an organization’s information system (workstations, networks, website, applications, databases, etc.)

Échangez avec l’équipe

Vous souhaitez en savoir plus sur nos solutions de protection ?
Vous voulez découvrir nos produits de XDR et de CTI ?
Vous avez un projet de cybersécurité dans votre organisation ?
Prenez rendez-vous et rencontrons-nous !

Chat with our team !

Would you like to know more about our solutions ?
Do you want to discover our XDR and CTI products ?
Do you have a cyber security project in your organization ?
Make an appointment and meet us !