security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: FP on many systems

Browse Source
This commit is contained in:
phantinuss
2022-10-18 12:49:10 +02:00
parent 0b84ffa517
commit a1f4ef4d34
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/builtin/application/win_msi_install_from_susp_locations.yml
+2 -2
View File
@@ -6,7 +6,7 @@ author: Nasreddine Bencherchali
references:
- https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html
date: 2022/08/31
modified: 2022/10/12
modified: 2022/10/18
logsource:
product: windows
service: application
@@ -22,7 +22,7 @@ detection:
- '\Users\Public\'
- '\PerfLogs\'
- '\Desktop\'
- '\Downloads\'
# - '\Downloads\' # too many FPs, typical legitimate staging directory
# - '\AppData\Local\Temp\' # too many FPs
- 'C:\Windows\TEMP\'
- '\\\\'