Merge pull request #2016 from albchen/patch-2

Mapped OriginalFileName in DeviceProcessEvents
2021-09-11 15:28:50 +02:00
parent 747fedb6c6 1dec1a49fa
commit a76dd5bedb
1 changed files with 1 additions and 0 deletions
@@ -83,6 +83,7 @@ class WindowsDefenderATPBackend(SingleTextQueryBackend):
                "ImageLoaded": ("FolderPath", self.default_value_mapping),
                "LogonType": (self.id_mapping, self.logontype_mapping),
                "NewProcessName": ("FolderPath", self.default_value_mapping),
+                "OriginalFileName": ("ProcessVersionInfoOriginalFileName", self.default_value_mapping),
                "ParentCommandLine": ("InitiatingProcessCommandLine", self.default_value_mapping),
                "ParentName": ("InitiatingProcessFileName", self.default_value_mapping),
                "ParentProcessName": ("InitiatingProcessFileName", self.default_value_mapping),