Iterat0r
Iterat0r
Hi @rabbitstack ok, I'm going to check this out... thanks
@rabbitstack, the filter you mentioned works, it would be like this in `controller_windows.go`/`NewController` : ``` if ktype == ktypes.VirtualAlloc && c.Yara.Enabled { c.Kstream.EnableMemKevents = true continue } ``` Another option...