增加白名单、进程链增加详细信息

增加白名单、进程链增加详细信息

Server/rules/py/action.py

@@ -17,7 +17,7 @@ rule = [
         'rules': [
             'action == "processaccess" and calltrace =~ ".*unknown.*" and not calltrace =~ ".*conpty\.node.*" and not calltrace =~ ".*java\.dll.*" and not calltrace =~ ".*appvisvsubsystems64\.dll.*" and not calltrace =~ ".*twinui\.dll.*" and not calltrace =~ ".*nativeimages.*" and not targetimage == "c:\\windows\\system32\\cmd.exe"',
         ],
-        'score': 40,
+        'score': 20,
         'name': '异常进程访问'
     },
     {