Windows/Discovery/Security_Software_Discovery.md

# Security Software Discovery

MITRE ATT&CK Technique: [T1063](https://attack.mitre.org/wiki/Technique/T1063)

### netsh

    netsh.exe advfirewall firewall show all profiles

### tasklist

Input:

    tasklist.exe

Input:

    tasklist.exe | findstr virus

Input:

    tasklist.exe | findstr cb

Input:

    tasklist.exe | findstr defender


### PowerShell

    powershell.exe get-process | ?{$_.Description -like "*virus*"}

#### CarbonBlack

    powershell.exe get-process | ?{$_.Description -like "*carbonblack*"}

#### Windows Defender

    powershell.exe get-process | ?{$_.Description -like "*defender*"}
Adds 2017-11-01 16:02:40 -07:00			`# Security Software Discovery`

Mac Discovery 2018-01-09 14:53:47 -07:00			`MITRE ATT&CK Technique: [T1063](https://attack.mitre.org/wiki/Technique/T1063)`
Adds 2017-11-01 16:02:40 -07:00
			`### netsh`

Discovery Updates 2017-11-13 11:02:39 -07:00			`netsh.exe advfirewall firewall show all profiles`
Adds 2017-11-01 16:02:40 -07:00
			`### tasklist`

Discovery Updates 2017-11-13 11:02:39 -07:00			`Input:`

Adds 2017-11-01 16:02:40 -07:00			`tasklist.exe`

Discovery Updates 2017-11-13 11:02:39 -07:00			`Input:`

			`tasklist.exe \| findstr virus`

			`Input:`

			`tasklist.exe \| findstr cb`

			`Input:`

			`tasklist.exe \| findstr defender`

Adds 2017-11-01 16:02:40 -07:00
			`### PowerShell`

			`powershell.exe get-process \| ?{$_.Description -like "virus"}`

			`#### CarbonBlack`

			`powershell.exe get-process \| ?{$_.Description -like "carbonblack"}`

			`#### Windows Defender`

			`powershell.exe get-process \| ?{$_.Description -like "defender"}`