Fixed for FP issues

2020-10-06 19:51:55 +03:00
parent 0023a22ead
commit bbb9fed3e6
1 changed files with 10 additions and 5 deletions
@@ -17,13 +17,18 @@ detection:
    selection1:
        Image|endswith:
            - \print.exe
-        CommandLine|contains|all:
-            - .exe
-            - \\
+        CommandLine|startswith:
+            - print
    selection2:
        CommandLine|contains:
            - /D
-    condition: selection1 and selection2
+    exeCondition:
+        CommandLine|contains:
+            - .exe
+    cmdExclude:
+        CommandLine|contains:
+            - print.exe
+    condition: selection1 and selection2 and exeCondition and not cmdExclude
 falsepositives:
-    - Legitimate printer actions from a fileshare for an exe file
+    - Unknown
 level: medium