What is the recommended defense against Logon Scripts persistence?

The primary defense is to monitor the registry key `HKCU\Environment\UserInitMprLogonScript` for any unauthorized modifications. Unusual or unexpected scripts set as the value indicate a potential persistence mechanism. Additionally, security teams should track changes to environment variables under `HKCU\Environment`. For more context, refer to the Logon Scripts article.