admin/RmEye
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update sysmon.xml

Browse Source
This commit is contained in:
huoji
2022-09-21 15:37:24 +08:00
parent 9cda67c636
commit 643bd9f103
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
sysmon.xml
View File

@@ -376,6 +376,11 @@
<RuleGroup name="" groupRelation="or">
<NetworkConnect onmatch="exclude">
<Image condition="end with">clash-win64.exe</Image>
<Image condition="end with">dasHost.exe</Image>
<Image condition="end with">DingTalk.exe</Image>
<Image condition="end with">vmnat.exe</Image>
<!--SECTION: Microsoft-->
<Image condition="begin with">C:\ProgramData\Microsoft\Windows Defender\Platform\</Image>
<Image condition="is">C:\Windows\system32\svchost.exe</Image> <!--Microsoft: svchost-->