Update rules/windows/image_load/image_load_susp_python_image_load.yml

Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
2022-11-01 11:10:07 +01:00
parent 0aff47946d
commit 4bdc286a02
1 changed files with 1 additions and 4 deletions
@@ -25,11 +25,8 @@ detection:
            - 'C:\Program Files (x86)\'
            - 'C:\ProgramData\Anaconda3\' # Comment out if you don't use Anaconda in your environment
    filter_aurora:
-        # Example:
-        #   ImageLoaded: C:\ProgramData\Anaconda3\DLLs\_queue.pyd
-        #   ImageName: \Device\HarddiskVolume5\ProgramData\Anaconda3\DLLs\_queue.pyd
        Provider_Name: Microsoft-Windows-Kernel-Process
-        ImageName|contains: '\ProgramData\Anaconda3\DLLs\'
+        Image: null
    condition: selection and not 1 of filter_*
 fields:
    - Description