Merge pull request #800 from SanWieb/win_system_exe_anomaly

Extended Windows processes: win_system_exe_anomaly
2020-05-26 14:28:47 +02:00
parent 0b398c5bf0 3681b8cb56
commit 5bb6770f53
1 changed files with 7 additions and 0 deletions
@@ -30,6 +30,13 @@ detection:
            - '*\winlogon.exe'
            - '*\explorer.exe'
            - '*\taskhost.exe'
+            - '*\Taskmgr.exe'
+            - '*\sihost.exe'
+            - '*\RuntimeBroker.exe'
+            - '*\smartscreen.exe'
+            - '*\dllhost.exe'
+            - '*\audiodg.exe'
+            - '*\wlanext.exe'
    filter:
        Image:
            - 'C:\Windows\System32\\*'