Mirrors/wavestone-cdt-edrsandblast
1
0
Fork 0
mirror of https://github.com/wavestone-cdt/EDRSandblast.git synced 2026-06-08 16:37:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

New EDR drivers

Browse Source 
This commit add some EDR drivers: BDSandBox.sys (BitDefender), MfeEEFF.sys mfprom.sys hdlpflt.sys (McAfee Inc.), TmFileEncDmk.sys (Trend Micro Inc.), psepfilter.sys (Absolute Software), cve.sys (Absolute Software Corp.), medlpflt.sys dsfa.sys cposfw.sys (Check Point Software), cpbak.sys (Checkpoint Software), SISIPSFileFilter.sys (Symantec Corp.), cbstream.sys cbk7.sys (Carbon Black) and dgdmk.sys (Verdasys Inc)
This commit is contained in:
nuts7
2023-09-22 16:14:11 +02:00
parent bafddfbced
commit 3ed5638366
1 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
EDRSandblast/Utils/IsEDRChecks.c
+16
View File
@@ -139,6 +139,7 @@ TCHAR const* EDR_DRIVERS[] = {
_T("Atc.sys"), _T("Atc.sys"),
_T("AVC3.SYS"), _T("AVC3.SYS"),
_T("TRUFOS.SYS"), _T("TRUFOS.SYS"),
_T("BDSandBox.sys"),
// Bkav Corporation // Bkav Corporation
_T("BkavAutoFlt.sys"), _T("BkavAutoFlt.sys"),
_T("BkavSdFlt.sys"), _T("BkavSdFlt.sys"),
@@ -371,6 +372,9 @@ TCHAR const* EDR_DRIVERS[] = {
_T("mfencoas.sys"), _T("mfencoas.sys"),
_T("mfehidk.sys"), _T("mfehidk.sys"),
_T("swin.sys"), _T("swin.sys"),
_T("MfeEEFF.sys"),
_T("mfprom.sys"),
_T("hdlpflt.sys"),
// Meidensha Corp // Meidensha Corp
_T("WhiteShield.sys"), _T("WhiteShield.sys"),
// Microsoft // Microsoft
@@ -537,6 +541,7 @@ TCHAR const* EDR_DRIVERS[] = {
_T("TmEsFlt.sys"), _T("TmEsFlt.sys"),
_T("TmEyes.sys"), _T("TmEyes.sys"),
_T("tmevtmgr.sys"), _T("tmevtmgr.sys"),
_T("TmFileEncDmk.sys"),
// Verdasys Inc // Verdasys Inc
_T("STKrnl64.sys"), _T("STKrnl64.sys"),
// VisionPower Co.,Ltd. // VisionPower Co.,Ltd.
@@ -581,6 +586,9 @@ TCHAR const* EDR_DRIVERS[] = {
_T("Qutmdrv.sys"), _T("Qutmdrv.sys"),
// Absolute Software // Absolute Software
_T("cbfsfilter2017.sys"), _T("cbfsfilter2017.sys"),
_T("psepfilter.sys"),
// Absolute Software Corp.
_T("cve.sys"),
// Acronis // Acronis
_T("NgScan.sys"), _T("NgScan.sys"),
// Actifio Inc // Actifio Inc
@@ -750,8 +758,12 @@ TCHAR const* EDR_DRIVERS[] = {
// Check Point Software // Check Point Software
_T("epregflt.sys"), _T("epregflt.sys"),
_T("epklib.sys"), _T("epklib.sys"),
_T("medlpflt.sys"),
_T("dsfa.sys"),
_T("cposfw.sys"),
// Checkpoint Software // Checkpoint Software
_T("cpepmon.sys"), _T("cpepmon.sys"),
_T("cpbak.sys"),
// ChemoMetec // ChemoMetec
_T("ChemometecFilter.sys"), _T("ChemometecFilter.sys"),
// Cigent Technology Inc // Cigent Technology Inc
@@ -1476,6 +1488,7 @@ TCHAR const* EDR_DRIVERS[] = {
_T("symevent.sys"), _T("symevent.sys"),
// Symantec Corp. // Symantec Corp.
_T("diflt.sys"), _T("diflt.sys"),
_T("SISIPSFileFilter.sys"),
// Syncopate // Syncopate
_T("thetta.sys"), _T("thetta.sys"),
// Systemneeds, Inc // Systemneeds, Inc
@@ -1627,6 +1640,8 @@ TCHAR const* EDR_DRIVERS[] = {
_T("ctifile.sys"), _T("ctifile.sys"),
_T("ctinet.sys"), _T("ctinet.sys"),
_T("parity.sys"), _T("parity.sys"),
_T("cbstream.sys"),
_T("cbk7.sys"),
// Cisco // Cisco
_T("csacentr.sys"), _T("csacentr.sys"),
_T("csaenh.sys"), _T("csaenh.sys"),
@@ -1676,6 +1691,7 @@ TCHAR const* EDR_DRIVERS[] = {
_T("symrg.sys"), _T("symrg.sys"),
// Verdasys Inc // Verdasys Inc
_T("ndgdmk.sys"), _T("ndgdmk.sys"),
_T("dgdmk.sys"),
/* /*
* Invoke-EDRCheck.ps1 - END * Invoke-EDRCheck.ps1 - END
*/ */