Fix falsepositives list

2021-05-21 12:26:37 +02:00
parent 48a7e80192
commit 2197514fc5
1 changed files with 3 additions and 1 deletions
@@ -4,6 +4,7 @@ description: Detects Execution via runAfterCancelProcess in CL_Mutexverifiers.ps
 status: experimental
 author: oscd.community, Natalia Shornikova
 date: 2020/10/14
+modified: 2021/05/21
 references:
    - https://github.com/LOLBAS-Project/LOLBAS/blob/master/yml/OSScripts/CL_mutexverifiers.yml
    - https://twitter.com/pabraeken/status/995111125447577600
@@ -22,5 +23,6 @@ detection:
    condition: selection2 | count(ScriptBlockText) by Computer > 2
      # PS > Import-Module c:\Windows\diagnostics\system\Audio\CL_Mutexverifiers.ps1
      # PS > runAfterCancelProcess c:\Evil.exe
-falsepositives: Unknown
+falsepositives:
+    - Unknown
 level: high