Update rules/windows/image_load/image_load_alternate_powershell_hosts_moduleload.yml

2022-11-08 17:26:24 +01:00
parent ae2c09f866
commit f312455db5
1 changed files with 0 additions and 1 deletions
@@ -28,7 +28,6 @@ detection:
            - 'C:\Program Files\Citrix\ConfigSync\'
    filter_aurora:
        # This filter is to avoid a race condition FP with this specific ETW provider in aurora
-        Provider_Name: Microsoft-Windows-Kernel-Process
        Image: null
    condition: selection and not 1 of filter_*
 falsepositives: