Threat Actors may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Threat Actors may also disable updates to prevent the latest security patches from reaching tools on victim systems.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.