From ae90a158bd13172233d31c882c912c7e5b8b3ced Mon Sep 17 00:00:00 2001
From: huoji <root@key08.com>
Date: Mon, 29 Aug 2022 20:00:02 +0800
Subject: [PATCH] Update prcoess_chain_detect.py

---
 Server/plugins/uac_bypass_detect/prcoess_chain_detect.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Server/plugins/uac_bypass_detect/prcoess_chain_detect.py b/Server/plugins/uac_bypass_detect/prcoess_chain_detect.py
index 0133c7e..1c0cb0d 100644
--- a/Server/plugins/uac_bypass_detect/prcoess_chain_detect.py
+++ b/Server/plugins/uac_bypass_detect/prcoess_chain_detect.py
@@ -30,7 +30,7 @@ def rule_new_process_create(current_process: process.Process, host, raw_log_data
             print('[uac bypass detect] detect uac bypass in process chain {}'.format(
                 current_process.path))
             current_process.chain.root_process.plugin_var['uac_flag'] = integritylevel
-            current_process.set_score(300, "[UAC提权]进程权限等级变动")
+            current_process.set_score(30, "进程权限等级变动")
             return global_vars.THREAT_TYPE_PROCESS
         # print('process chain: {} path: {} level: {} log level: {}'.format(
         #    current_process.chain_hash, current_process.path, integritylevel, current_process.chain.root_process.plugin_var['uac_flag']))