security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: FP with Code Integrity Attempted DLL Load

Browse Source
This commit is contained in:
Florian Roth
2022-10-28 16:28:49 +02:00
parent 1f8e37351e
commit 07cf7ae5fa
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/builtin/code_integrity/win_codeintegrity_attempted_dll_load.yml
+5
View File
@@ -77,6 +77,11 @@ detection:
- '\Windows\System32\svchost.exe'
RequestedPolicy: 12
ValidatedPolicy: 1
filter_gac:
FileNameBuffer|endswith: '\stdole.dll'
ProcessNameBuffer|endswith: '\mscorsvw.exe'
RequestedPolicy: 8
ValidatedPolicy: 2
condition: selection and not 1 of filter_*
falsepositives:
- Unknown