1. Home
  2. CAPEC
  3. CAPEC-578

CAPEC-578: Disable Security Software

ID CAPEC-578
Typical Severity Medium
Likelihood Of Attack Medium
Status Usable

An adversary exploits a weakness in access control to disable security tools so that detection does not occur. This can take the form of killing processes, deleting registry keys so that tools do not start at run time, deleting log files, or other methods.

https://capec.mitre.org/data/definitions/578.html

Weaknesses

# ID Name Type
CWE-284 Improper Access Control weakness

Taxonomiy Mapping

Type # ID Name
ATTACK 1556.006 Modify Authentication Process: Multi-Factor Authentication
ATTACK 1562.001 Impair Defenses: Disable or Modify Tools
ATTACK 1562.002 Impair Defenses: Disable Windows Event Logging
ATTACK 1562.004 Impair Defenses: Disable or Modify System Firewall
ATTACK 1562.007 Impair Defenses: Disable or Modify Cloud Firewall
ATTACK 1562.008 Impair Defenses: Disable Cloud Logs
ATTACK 1562.009 Impair Defenses: Safe Mode Boot