search

spyre-project / spyre

simple YARA-based IOC scanner
GNU Lesser General Public License v3.0
164 stars 27 forks source link

Exclude WinDefender from procscan #43

Open anna-g-arbeiter opened 4 years ago

anna-g-arbeiter commented 4 years ago

There are a tons of FP matches on the WinDefender svchost process. Testet on Win 7 32bit.

hillu commented 4 years ago

How can we identify the WinDefender process (and possibly other AV engines)?