This project contains the CSV files of malware detection names from antivirus software, and a PowerShell script for dumping the detection entries.
Each subfolder contains dump CSV files with vendor's name and date. File name ends with BASE contains names from a vendor's scan engine, and others may be different depended on the sources of detection (e.g. behavior protection).
To run PowerShell script
-
Download Windows Sysinternals and add to
PATH
or install from Microsoft Store. -
Disable PPL(Protected Processes Light) using PPLKiller.
-
Disable Self-Protection Module of AV if possible.
powershell -executionpolicy bypass -File .\AV_DUMP.ps1 $Name
Name | PPL | Need to Disable SP | Detection Source | Accuracy |
---|---|---|---|---|
Huorong | No | No | BASE | High |
Kaspersky | Yes | Yes | BASE, PDM | Medium |
Malwarebytes | Yes | No | BASE, DDS | High |