Added recommended fix

why not lol
NtRaiseHardError · May 19, 2019 · d77cd0c · d77cd0c
1 parent db67e25
commit d77cd0c
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/Malwarebytes/README.md b/Malwarebytes/README.md
@@ -4,10 +4,16 @@
 
 ### Issues
 
-* Does not proactively scan files dropped to disk,
-* Executables with `.etl` and `.Manifest` file extensions ran using `CreateProcess` do not get scanned.
+1. Does not proactively scan files dropped to disk,
+2. Executables with `etl`, `Config`, and `Manifest` file extensions ran using `CreateProcess` do not get scanned.
+
+### Recommended Fix(?)
+
+1. Include `IRP_MJ_CLEANUP` (and optionally `IRP_MJ_WRITE`) minifilter callback operations,
+2. Do not whitelist `etl`, `Config`, and `Manifest` file extensions from scanning.
 
 ### Tested Environments
 
 * Windows 7 x64 Home Premium
+* Windows 7 x64 Ultimate
 * Windows 10 x64 Pro