From 9f73e636b40a358cd8c40affeb57fc3301b392d2 Mon Sep 17 00:00:00 2001 From: Alexander Georgiev Date: Tue, 24 Jan 2023 14:16:44 +0100 Subject: [PATCH] Added Defender for Endpoint processes Added Defender for Endpoint processes based on https://medium.com/csis-techblog/silencing-microsoft-defender-for-endpoint-using-firewall-rules-3839a8bf8d18 Signed-off-by: Alexander Georgiev --- client/command/processes/ps.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/client/command/processes/ps.go b/client/command/processes/ps.go index 8eb342179c..eb743800b6 100644 --- a/client/command/processes/ps.go +++ b/client/command/processes/ps.go @@ -46,6 +46,12 @@ var ( "RepWSC.exe": {console.Red, "Carbon Black Cloud Sensor"}, // Carbon Black Cloud Sensor "scanhost.exe": {console.Red, "Carbon Black Cloud Sensor"}, // Carbon Black Cloud Sensor "MsMpEng.exe": {console.Red, "Windows Defender"}, // Windows Defender + "SenseIR.exe": {console.Red, "Windows Defender MDE"}, // Windows Defender Endpoint (Live Response Session) + "SenseCncProxy.exe": {console.Red, "Windows Defender MDE"}, // Windows Defender Endpoint + "MsSense.exe": {console.Red, "Windows Defender MDE"}, // Windows Defender Endpoint + "MpCmdRun.exe": {console.Red, "Windows Defender"}, // Windows Defender + "MonitoringHost.exe": {console.Red, "Windows Defender"}, // Microsoft Monitoring Agent + "HealthService.exe": {console.Red, "Windows Defender"}, // Microsoft Monitoring Agent "smartscreen.exe": {console.Red, "Windows Smart Screen"}, // Windows Defender Smart Screen "CSFalconService.exe": {console.Red, "CrowdStrike"}, // Crowdstrike Falcon Service "CSFalconContainer.exe": {console.Red, "CrowdStrike"}, // CrowdStrike Falcon Container Security