Skip to content
Permalink
Browse files

Added and enhanced multiple Windows artifact definitions (#341)

  • Loading branch information...
recvfrom authored and joachimmetz committed Jun 10, 2019
1 parent 5c3291e commit 769e76f82d2bca2c61a888ce4ead66ba67afdf67
Showing with 544 additions and 20 deletions.
  1. +1 −0 ACKNOWLEDGEMENTS
  2. +21 −0 data/antivirus.yaml
  3. +522 −20 data/windows.yaml
@@ -5,3 +5,4 @@ Thanks to contributors (alphabetically based on last name):
Sean Gillespie
Andreas Moser
Sebastian Welsh
Andrew Williams
@@ -20,6 +20,27 @@ sources:
supported_os: [Windows]
labels: [Antivirus]
---
name: WindowsDefenderExclusions
doc: |
Directories, processes, and extensions configured not to be scanned by Windows Defender.
Certain malware families (for example, Tofsee) are known to add
directories to the Paths list in order to avoid being detected by
Windows Defender.
sources:
- type: REGISTRY_KEY
attributes:
keys:
- 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Exclusions\Paths\*'
- 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Exclusions\Processes\*'
- 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Exclusions\Extensions\*'
- 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Exclusions\TemporaryPaths\*'
supported_os: [Windows]
urls:
- 'https://blog.malwarebytes.com/detections/pum-optional-msexclusion/'
- 'https://answers.microsoft.com/en-us/protect/forum/all/windows-defender-how-to-remove-exclusions/2a0cc465-97b2-46ea-ae77-b87075ed124e'
- 'https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html'
---
name: SophosAVLogs
doc: Sophos Anti-Virus log files.
sources:

0 comments on commit 769e76f

Please sign in to comment.
You can’t perform that action at this time.