countercept / chainsaw

Rapidly Search and Hunt through Windows Event Logs

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Latest release flagged in VirusTotal

curtisk opened this issue · comments

Pulled latest compiled release x64 windows

VirusTotal reports a few issues

Hey @curtisk

This is likely due to the event logs in the "evtx_attack_samples" directory. These are event logs (cloned from that contain examples of real attacks, and the AV's that are triggering above are likely just looking for simple string matches for 'known bad' strings. E.g. if you search the event logs for the string "mimikatz" you're going to find matches.

If I upload the chainsaw.exe seperately to VirusTotal ( you can see that it's only detected by one AV engine (cynet). I can only assume they're doing some kind of hueristics which is falsely triggering on chainsaw in this case.

I don't think this is an issue that I can do anything about. As such I'm going to close this issue.


@fscc-jamesd Thanks for the follow up, I do see those samples are triggering the majority of it and it makes sense

ezoic increase your site revenue