(Provider_Name:Service\ Control\ Manager EventID:7023) ((param1:\ Antivirus* OR param1:\ Firewall* OR param1:Application\ Guard* OR param1:BitLocker\ Drive\ Encryption\ Service* OR param1:Encrypting\ File\ System* OR param1:Microsoft\ Defender* OR param1:Threat\ Protection* OR param1:Windows\ Event\ Log*) OR (Binary:770069006e0064006500660065006e006400* OR Binary:4500760065006e0074004c006f006700* OR Binary:6d0070007300730076006300* OR Binary:530065006e0073006500* OR Binary:450046005300* OR Binary:420044004500530056004300*))