MITRE ATT&CK Technique
Defense Evasion
T1089
Description
Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security scanning or event reporting.
Supported Platforms
Linux
macOS
Windows
Created
April 29, 2026
Last Updated
April 29, 2026
STIX Data
{'created': '2017-05-31T21:31:07.958Z',
'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'description': 'Adversaries may disable security tools to avoid possible '
'detection of their tools and activities. This can take the '
'form of killing security software or event logging processes, '
'deleting Registry keys so that tools do not start at run '
'time, or other methods to interfere with security scanning or '
'event reporting.',
'external_references': [{'external_id': 'T1089',
'source_name': 'mitre-attack',
'url': 'https://attack.mitre.org/techniques/T1089'},
{'external_id': 'CAPEC-578',
'source_name': 'capec',
'url': 'https://capec.mitre.org/data/definitions/578.html'}],
'id': 'attack-pattern--2e0dd10b-676d-4964-acd0-8a404c92b044',
'kill_chain_phases': [{'kill_chain_name': 'mitre-attack',
'phase_name': 'defense-evasion'}],
'modified': '2025-10-24T17:48:35.346Z',
'name': 'Disabling Security Tools',
'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
'revoked': True,
'spec_version': '2.1',
'type': 'attack-pattern',
'x_mitre_attack_spec_version': '3.2.0',
'x_mitre_deprecated': False,
'x_mitre_detection': '',
'x_mitre_domains': ['enterprise-attack'],
'x_mitre_is_subtechnique': False,
'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'x_mitre_platforms': ['Linux', 'macOS', 'Windows'],
'x_mitre_version': '1.1'}