Empty Provider #6
Comments
|
The following code: https://github.com/netero1010/EDRSilencer/blob/main/EDRSilencer.c#L62 is used to manage the filter name with which rules are created. You can modify this with your custom (or existing) filter name. |
|
Hi,
|
|
My bad. misread as filter. I think it's possible: by doing something like filter.providerKey = (GUID*)&WFPSAMPLER_PROVIDER; here: https://github.com/netero1010/EDRSilencer/blob/main/EDRSilencer.c#L147-L157 While I play around, I'd wait for @netero1010 to check the references above and see if it's an easy fix for him. |
|
Hi. I believe adding provider to the custom rule will help in OPSEC perspective. I will check if it is better to get existing provider or creating a new one. I will include this to my to-do list in the next update. Thanks @k4nfr3 and @pbssubhash. |
|
Updated in version 1.2. A new WFP provider will be created for the custom WFP filter. |
Hi,
Is this meant by you that it doesn't add or link to an existing WFP Provider ?
The rules do stand out due to this (for OPSEC perspective)
Regards
K4nfr3
The text was updated successfully, but these errors were encountered: