EvilBytecode
commented
4 months ago you can add it in the :
edrgaylist = []string{
"activeconsole", "anti malware", "anti-malware",
"antimalware", "anti virus", "anti-virus",
"antivirus", "appsense", "authtap",
"avast", "avecto", "canary",
"carbonblack", "carbon black", "cb.exe",
"ciscoamp", "cisco amp", "countercept",
"countertack", "cramtray", "crssvc",
"crowdstrike", "csagent", "csfalcon",
"csshell", "cybereason", "cyclorama",
"cylance", "cyoptics", "cyupdate",
"cyvera", "cyserver", "cytray",
"darktrace", "defendpoint", "defender",
"eectrl", "elastic", "endgame",
"f-secure", "forcepoint", "fireeye",
"groundling", "GRRservic", "inspector",
"ivanti", "kaspersky", "lacuna",
"logrhythm", "malware", "mandiant",
"mcafee", "morphisec", "msascuil",
"msmpeng", "nissrv", "omni",
"omniagent", "osquery", "palo alto networks",
"pgeposervice", "pgsystemtray", "privilegeguard",
"procwall", "protectorservic", "qradar",
"redcloak", "secureworks", "securityhealthservice",
"semlaunchsv", "sentinel", "sepliveupdat",
"sisidsservice", "sisipsservice", "sisipsutil",
"smc.exe", "smcgui", "snac64",
"sophos", "splunk", "srtsp",
"servicehost.exe", "mcshield.exe",
"mcupdatemgr.exe", "QcShm.exe", "ModuleCoreService.exe", "PEFService.exe", "McAWFwk.exe", "mfemms.exe", "mfevtps.exe", "McCSPServiceHost.exe", "Launch.exe", "delegate.exe", "McDiReg.exe", "McPvTray.exe", "McInstruTrack.exe", "McUICnt.exe", "ProtectedModuleHost.exe", "MMSSHOST.exe", "MfeAVSvc.exe",
"symantec", "symcorpu", "symefasi",
"sysinternal", "sysmon", "tanium",
"tda.exe", "tdawork", "tpython",
"mcapexe.exe",
"vectra", "wincollect", "windowssensor",
"wireshark", "threat", "xagt.exe",
"xagtnotif.exe", "mssense", "efwd.exe", "ekrn.exe",
}just add the name of the process and make sure you add .exe to end of it.
sec13b
can you add cynet also.