security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update proc_creation_win_commandline_path_traversal_evasion.yml

Browse Source 
Fix FP with Citrix launcher
This commit is contained in:
Veramine
2022-09-20 17:20:19 -07:00
committed by GitHub
parent 43b62bf79f
commit fda2ca4308
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/proc_creation_win_commandline_path_traversal_evasion.yml
+3 -1
View File
@@ -24,8 +24,10 @@ detection:
selection2:
CommandLine|contains: '.exe\..\'
filter:
CommandLine|contains: '\Google\Drive\googledrivesync.exe\..\'
- CommandLine|contains: '\Google\Drive\googledrivesync.exe\..\'
- CommandLine|contains: '\Citrix\Virtual Smart Card\Citrix.Authentication.VirtualSmartcard.Launcher.exe\..\'
condition: 1 of selection* and not filter
falsepositives:
- Google Drive
- Citrix
level: high