Mirrors/wavestone-cdt-edrsandblast
1
0
Fork 0
mirror of https://github.com/wavestone-cdt/EDRSandblast.git synced 2026-06-11 09:51:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #17 from nuts7/new-edr-drivers

Browse Source 
New EDR drivers
This commit is contained in:
Maxime Meignan
2023-10-10 16:18:42 +02:00
committed by GitHub
parent 4d414edb77 3ed5638366
commit 02490ec4ca
1 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
EDRSandblast/Utils/IsEDRChecks.c
+16
View File
@@ -140,6 +140,7 @@ TCHAR const* EDR_DRIVERS[] = {
_T("Atc.sys"), _T("Atc.sys"),
_T("AVC3.SYS"), _T("AVC3.SYS"),
_T("TRUFOS.SYS"), _T("TRUFOS.SYS"),
_T("BDSandBox.sys"),
// Bkav Corporation // Bkav Corporation
_T("BkavAutoFlt.sys"), _T("BkavAutoFlt.sys"),
_T("BkavSdFlt.sys"), _T("BkavSdFlt.sys"),
@@ -372,6 +373,9 @@ TCHAR const* EDR_DRIVERS[] = {
_T("mfencoas.sys"), _T("mfencoas.sys"),
_T("mfehidk.sys"), _T("mfehidk.sys"),
_T("swin.sys"), _T("swin.sys"),
_T("MfeEEFF.sys"),
_T("mfprom.sys"),
_T("hdlpflt.sys"),
// Meidensha Corp // Meidensha Corp
_T("WhiteShield.sys"), _T("WhiteShield.sys"),
// Microsoft // Microsoft
@@ -538,6 +542,7 @@ TCHAR const* EDR_DRIVERS[] = {
_T("TmEsFlt.sys"), _T("TmEsFlt.sys"),
_T("TmEyes.sys"), _T("TmEyes.sys"),
_T("tmevtmgr.sys"), _T("tmevtmgr.sys"),
_T("TmFileEncDmk.sys"),
// Verdasys Inc // Verdasys Inc
_T("STKrnl64.sys"), _T("STKrnl64.sys"),
// VisionPower Co.,Ltd. // VisionPower Co.,Ltd.
@@ -582,6 +587,9 @@ TCHAR const* EDR_DRIVERS[] = {
_T("Qutmdrv.sys"), _T("Qutmdrv.sys"),
// Absolute Software // Absolute Software
_T("cbfsfilter2017.sys"), _T("cbfsfilter2017.sys"),
_T("psepfilter.sys"),
// Absolute Software Corp.
_T("cve.sys"),
// Acronis // Acronis
_T("NgScan.sys"), _T("NgScan.sys"),
// Actifio Inc // Actifio Inc
@@ -751,8 +759,12 @@ TCHAR const* EDR_DRIVERS[] = {
// Check Point Software // Check Point Software
_T("epregflt.sys"), _T("epregflt.sys"),
_T("epklib.sys"), _T("epklib.sys"),
_T("medlpflt.sys"),
_T("dsfa.sys"),
_T("cposfw.sys"),
// Checkpoint Software // Checkpoint Software
_T("cpepmon.sys"), _T("cpepmon.sys"),
_T("cpbak.sys"),
// ChemoMetec // ChemoMetec
_T("ChemometecFilter.sys"), _T("ChemometecFilter.sys"),
// Cigent Technology Inc // Cigent Technology Inc
@@ -1477,6 +1489,7 @@ TCHAR const* EDR_DRIVERS[] = {
_T("symevent.sys"), _T("symevent.sys"),
// Symantec Corp. // Symantec Corp.
_T("diflt.sys"), _T("diflt.sys"),
_T("SISIPSFileFilter.sys"),
// Syncopate // Syncopate
_T("thetta.sys"), _T("thetta.sys"),
// Systemneeds, Inc // Systemneeds, Inc
@@ -1628,6 +1641,8 @@ TCHAR const* EDR_DRIVERS[] = {
_T("ctifile.sys"), _T("ctifile.sys"),
_T("ctinet.sys"), _T("ctinet.sys"),
_T("parity.sys"), _T("parity.sys"),
_T("cbstream.sys"),
_T("cbk7.sys"),
// Cisco // Cisco
_T("csacentr.sys"), _T("csacentr.sys"),
_T("csaenh.sys"), _T("csaenh.sys"),
@@ -1677,6 +1692,7 @@ TCHAR const* EDR_DRIVERS[] = {
_T("symrg.sys"), _T("symrg.sys"),
// Verdasys Inc // Verdasys Inc
_T("ndgdmk.sys"), _T("ndgdmk.sys"),
_T("dgdmk.sys"),
/* /*
* Invoke-EDRCheck.ps1 - END * Invoke-EDRCheck.ps1 - END
*/ */