``<TargetObject name="technique_id=T1562.001,technique_name=Disable or Modify Tools" condition="contains all">HKLM\software\lmicrosoft\microsoft antimalware\exclusions\</TargetObject>

<TargetObject name="technique_id=T1089,technique_name=Disabling Security Tools" condition="begin with">HKLM\software\microsoft\microsoft antimalware\exclusions\paths\</TargetObject>

I don't know if that is correct. But in my opinion it should be called microsoft...

many greetings
Dean

you are right, thanks for spotting it! I've addressed it