Skip to content

EspressoCake/Defender-Exclusions-Creator-BOF

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
dist
dist
 
 
images
images
 
 
src
src
 
 
README.md
README.md
 
 

Repository files navigation

Defender Exclusions Creator BOF

What

A BOF to add or remove Windows Defender exclusions:

  • Extensions
  • Processes
  • Folders

Why

Examples of using the C++ compiler to create BOFs without the need for the intermediary vtable dereferences.

As well, to prove it was indeed possible to do so without accessing the managed variant exposed via Powershell cmdlets; e.g. Set-MpPreference.

Supported Methods

  • Add
  • Remove

Supported Exception Types

  • Path
  • Process
  • Extension

Building

cd src
make all

Usage

  1. Load dist/cGenerateDefenderExclusion.cna
  2. Run in a Beacon:
    • cEnumDefenderException (add|remove) (extension|path|process) thing_to_add_or_remove_exception_for [optional computer name]

Outputs

image info

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

76 stars

Watchers

2 watching

Forks

11 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages