Cleaned up signature descriptions and metadata.

queries/windows/bypass_user_access_control.yml

@@ -1,12 +1,9 @@
 title: T1548.002 Bypass User Access Control
 description: Detection of UAC bypass through tampering with Shell Open for .ms-settings
-  or .msc file types. Beyond this Atomic test, and to further UAC bypass detection,
-  the below query includes detection for CMSTPLUA COM interface abuse by GUID. Noted
-  issues with Sentinel Agent 4.3.2.86 detecting by registry key. All registry key
-  paths were ControlSet001\Service\bam\State\UserSettings\GUID...
+  or .msc file types. Also includes detection for CMSTPLUA COM interface abuse by GUID.
 author: keyboardcrunch
 date: 10/10/2020
-modified: null
+modified: 05/12/2020
 mitre:
    tactic: Defense Evasion, Privilege Escalation
    technique: T1548
@@ -15,6 +12,6 @@ operating_system: windows
 query: (SrcProcCmdLine ContainsCIS "ms-settings\shell\open\command" OR SrcProcCmdLine
   ContainsCIS "mscfile\shell\open\command") OR (TgtProcDisplayName = "COM Surrogate"
   AND TgtProcCmdLine ContainsCIS "{3E5FC7F9-9A51-4367-9063-A120244FBEC7}")
-false_positives: null
-tags: null
+false_positives: 
+tags: