search

tothi / serviceDetector

Detect whether a service is installed (blindly) and/or running (if exposing named pipes) on a remote machine without using local admin privileges.
215 stars 23 forks source link

Adding new AV/EDR detections #1

Closed therealtoastycat closed 1 year ago

therealtoastycat commented 1 year ago

Hi @tothi,

Thank you for the awesome tool! I'd like to add the following services / pipe names to detect Cybereason EDR and Symantec Endpoint Protection.

Cybereason;pipe;CybereasonAPConsoleMinionHostIpc_*;minionhost.exe
Cybereason;pipe;CybereasonAPServerProxyIpc_*;minionhost.exe
Cybereason;service;CybereasonActiveProbe;Cybereason Active Probe
Cybereason;service;CybereasonCRS;Cybereason Anti-Ransomware
Cybereason;service;CybereasonBlocki;Cybereason Execution Prevention
Symantec Endpoint Protection;service;SepMasterService;Symantec Endpoint Protection
Symantec Endpoint Protection;service;SepScanService;Symantec Endpoint Protection Scan Services
Symantec Endpoint Protection;service;SNAC;Symantec Network Access Control

1

Let me know your thoughts,

tothi commented 1 year ago

awesome, thanks! going to add it, but if you would like to add it as a pull request, feel free to do it (and I'll merge it).

tothi commented 1 year ago

merged https://github.com/tothi/serviceDetector/pull/2