added more legitimate extensions to regsvr32 rule

2021-07-17 11:20:05 +02:00
parent b911175f28
commit 53c25969ab
1 changed files with 5 additions and 1 deletions
@@ -16,7 +16,11 @@ detection:
    selection:
        ParentImage|endswith: '\regsvr32.exe'
    filter:
-        CommandLine|contains: '.dll'
+        CommandLine|contains: 
+            - '.dll'
+            - '.ocx'
+            - '.cpl'
+            - '.ax'
    condition: selection and not filter
 fields:
    - CommandLine