Threat actors are increasingly employing defense evasion techniques to actively disable or blind endpoint security controls like AV and EDR. Common methods include manipulating Windows Firewall rules to block telemetry, uninstalling agents via rogue RMMs, and leveraging Bring Your Own Vulnerable Driver (BYOVD) attacks to terminate protected security processes from the kernel.