Merge pull request #305 from Karneades/patch-3

Remove too loose filter in notepad++ updater rule
2019-04-19 12:40:24 +02:00
parent e32708154f 612a7642d2
commit d5fa51eab9
1 changed files with 5 additions and 1 deletions
@@ -15,7 +15,11 @@ detection:
    selection:
        Image: '*\GUP.exe'
    filter:
-        Image: '*\updater\*'
+        Image:
+            - 'C:\Users\*\AppData\Local\Notepad++\updater\gup.exe'
+            - 'C:\Users\*\AppData\Roaming\Notepad++\updater\gup.exe'
+            - 'C:\Program Files\Notepad++\updater\gup.exe'
+            - 'C:\Program Files (x86)\Notepad++\updater\gup.exe'
    condition: selection and not filter
 falsepositives:
    - Execution of tools named GUP.exe and located in folders different than Notepad++\updater