Skip to content

Commit

Permalink
Added Defender for Endpoint processes
Browse files Browse the repository at this point in the history 
Added Defender for Endpoint processes based on https://medium.com/csis-techblog/silencing-microsoft-defender-for-endpoint-using-firewall-rules-3839a8bf8d18

Signed-off-by: Alexander Georgiev <[email protected]>
  • Loading branch information
@realalexandergeorgiev
realalexandergeorgiev authored Jan 24, 2023
1 parent 4a8cc93 commit 9f73e63
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions client/command/processes/ps.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,12 @@ var (
"RepWSC.exe": {console.Red, "Carbon Black Cloud Sensor"}, // Carbon Black Cloud Sensor
"scanhost.exe": {console.Red, "Carbon Black Cloud Sensor"}, // Carbon Black Cloud Sensor
"MsMpEng.exe": {console.Red, "Windows Defender"}, // Windows Defender
"SenseIR.exe": {console.Red, "Windows Defender MDE"}, // Windows Defender Endpoint (Live Response Session)
"SenseCncProxy.exe": {console.Red, "Windows Defender MDE"}, // Windows Defender Endpoint
"MsSense.exe": {console.Red, "Windows Defender MDE"}, // Windows Defender Endpoint
"MpCmdRun.exe": {console.Red, "Windows Defender"}, // Windows Defender
"MonitoringHost.exe": {console.Red, "Windows Defender"}, // Microsoft Monitoring Agent
"HealthService.exe": {console.Red, "Windows Defender"}, // Microsoft Monitoring Agent
"smartscreen.exe": {console.Red, "Windows Smart Screen"}, // Windows Defender Smart Screen
"CSFalconService.exe": {console.Red, "CrowdStrike"}, // Crowdstrike Falcon Service
"CSFalconContainer.exe": {console.Red, "CrowdStrike"}, // CrowdStrike Falcon Container Security
Expand Down

0 comments on commit 9f73e63

Please sign in to comment.