CAPEC Details
Name Disable Security Software
Likelyhood of attack Typical severity
Medium Medium
Summary An adversary exploits a weakness in access control to disable security tools so that detection does not occur. This can take the form of killing processes, deleting registry keys so that tools do not start at run time, deleting log files, or other methods.
Prerequisites The adversary must have the capability to interact with the configuration of the targeted system.
Solutions Ensure proper permissions are in place to prevent adversaries from altering the execution status of security tools.
Related Weaknesses
CWE ID Description
CWE-284 Improper Access Control
Related CAPECS
CAPEC ID Description
CAPEC-176 An attacker manipulates files or settings external to a target application which affect the behavior of that application. For example, many applications use external configuration files and libraries - modification of these entities or otherwise affecting the application's ability to use them would constitute a configuration/environment manipulation attack.
Taxonomy: ATTACK
Entry ID Entry Name
1562.001 Impair Defenses:Disable or Modify Tools