Merge pull request #796 from EccoTheFlintstone/fp

add more false positives
2020-05-26 13:20:23 +02:00
parent 30861b558c 7037e77569
commit e131f3476e
1 changed files with 3 additions and 0 deletions
@@ -32,6 +32,9 @@ detection:
            - '\WmiAPsrv.exe'
            - '\svchost.exe'
            - '\DeviceCensus.exe'
+            - '\CompatTelRunner.exe'
+            - '\sdiagnhost.exe'
+            - '\SIHClient.exe'
    condition: selection and not filter
 fields:
    - ComputerName