fix: Uncommon AppX Package Locations - filter out system32
fix: Unauthorized System Time Modification - filter out vmwaretools
fix: Files With System Process Name In Unsuspected Locations - filter windows temp
fix: Startup Folder File Write - filter out wuauclt.exe and C:$WinREAgent\Scratch\Mount\ directory
fix: Potentially Suspicious WDAC Policy File Creation - filter wuaucltcore.exe
fix: Creation of WerFault.exe/Wer.dll in Unusual Folder - filter C:\Windows\UUS\arm64\
fix: Potentially Suspicious Volume Shadow Copy Vsstrace.dll Load - filter C:$WinREAgent\Scratch\
fix: Potential System DLL Sideloading From Non System Locations - filter legitimate ARM based locations
fix: Potential Defense Evasion Via Raw Disk Access By Uncommon Tools - filter legitimate ARM based locations
---------
Co-authored-by: Nasreddine Bencherchali <nasbench@users.noreply.github.com>
Swachchhanda Shrawan Poudel
f7f61a9f95