hollows_hunter
hollows_hunter copied to clipboard
False Positives
Hi, at first thank you a lot for your amazing work and thank you for sharing your awesome tools. I have tested Hollow Hunter on 2 Windows machines where I have installed the AV/EDR CrowdStrike and could observe that Hollow Hunter list 47 suspicious process, but I am 99,99% sure that the processes are clean and not malicous. Could it be, that this are false positives because of the installed EDR and the hooks from the EDR?
Hi! Thanks for your interest in my tools :) The scenario that you described is covered in the FAQ: https://github.com/hasherezade/pe-sieve/wiki/1.-FAQ#pe-sieve-gives-me-a-lot-of-false-positives-why - I hope it answers your question!
Oh sorry, I didn't saw that. Thank you for the information.
@VirtualAlllocEx - I added FAQ to the readme, I hope it will make all this information easier to find