From 0109de49376e9599ef9d99e0cac9311e9f3eaf95 Mon Sep 17 00:00:00 2001
From: Alice <theliberalanimation@gmail.com>
Date: Wed, 15 Jun 2022 11:36:31 +0200
Subject: [PATCH] add new Tehtris driver

new name for the Tehtris driver
---
 EDRSandblast/EDRBypass/KernelCallbacks.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/EDRSandblast/EDRBypass/KernelCallbacks.c b/EDRSandblast/EDRBypass/KernelCallbacks.c
index e3796ce..a96a738 100644
--- a/EDRSandblast/EDRBypass/KernelCallbacks.c
+++ b/EDRSandblast/EDRBypass/KernelCallbacks.c
@@ -484,6 +484,7 @@ TCHAR const* EDR_DRIVERS[] = {
    _T("SE46Filter.sys"),
    // TEHTRI-Security
    _T("egambit.sys"),
+   _T("egfilterk.sys"),
    // Tencent
    _T("TesMon.sys"),
    _T("QQSysMonX64.sys"),
@@ -1852,4 +1853,4 @@ void RemoveAllEDRKernelCallbacks(struct FOUND_EDR_CALLBACKS* edrDrivers, BOOL ve
     RemoveEDR_X_Callbacks(CREATE_PROCESS_ROUTINE, edrDrivers, verbose);
     RemoveEDR_X_Callbacks(CREATE_THREAD_ROUTINE, edrDrivers, verbose);
     RemoveEDR_X_Callbacks(LOAD_IMAGE_ROUTINE, edrDrivers, verbose);
-}
\ No newline at end of file
+}