Hilko Bengen

Oh, sorry. For some reason, Github did not show me your PRs and now I have made conflicting changes. :-( I'm going to have a look anyway and see if...

Oh, sorry. For some reason, Github did not show me your PRs and now I have made conflicting changes. :-( I'm going to have a look anyway and see if...

Sure. It looks like libyara is not able to parse your rule files. Can you provide the `spyre.yaml` and the YARA rule files you are using? You may also be...

Alright. I think we'll need to provide a self-contained example.

I have just pushed a change that contains some example config + ruleset. Would this have helped you enough if it had been there when you found _Spyre_? If you...

@MesserBart ping?

Oh, sorry. For some reason, Github did not show me your PRs and now I have made conflicting changes. :-( I'm going to have a look anyway and see if...

Sure, that's pretty much what I had in mind as I made the report target an URL. PRs are welcome, of course. :-)

How can we identify the WinDefender process (and possibly other AV engines)?

Just get rid of the EULA. It annoys users and serves no purpose, especially if it `sysmon -accepteula` is run from automated installation procedures or via Ansible.