Giters

mthcht / ThreatHunting-Keywords

Awesome list of keywords and artifacts for Threat Hunting sessions

Home Page:https://mthcht.github.io/ThreatHunting-Keywords/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

false positives

ruppde opened this issue · comments

commented

hi,

these 3 filenames create false positives on windows:

C:\Windows\WinSxS\amd64_windows-senseclient-service_31bf3856ad364e35_10.0.22621.963_none_0a2748035863b8dc\r\SenseCncProxy.exe
C:\Windows\WinSxS\amd64_microsoft-windows-waasmedic_31bf3856ad364e35_10.0.22621.1_none_94e9973331d890c7\WaaSMedicCapsule.dll
C:\Windows\WinSxS\amd64_microsoft-windows-waasmedic_31bf3856ad364e35_10.0.22621.1_none_94e9973331d890c7\WaaSMedicPS.dll

thx
arnim

commented

Hi @ruppde, thanks for the feedback, I really appreciate it! I've removed the irrelevant keywords 7b192de mthcht/ThreatHunting-Keywords-yara-rules@fdbe20a

commented

cool, thx