sentinel-attack icon indicating copy to clipboard operation
sentinel-attack copied to clipboard

Published 20 hours ago verified publisher icon netevert

fixed InstallUtil.exe detection

Open slazaru opened this issue 4 years ago • 0 comments
trafficstars

I tested the detection for InstallUtil applocker bypass and found that the original sysmon configuration wasn't able to detect it. The version in this pull request was able to detect it. I'm not a sysmon expert so what I did might not be optimal, however

slazaru avatar Mar 02 '21 23:03 slazaru