sysmon-modular Suggested additions to TrendMicro ProcessCreation event exclusion

Suggested additions to TrendMicro ProcessCreation event exclusion

Open cyb3rxp opened this issue 10 months ago • 0 comments

Hi Olaf,

I would recommend to add those exclusions for latest TrendMicro AV/EDR versions (with Cloud One console):

C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\EndpointBasecamp.Exe C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\modules\ceta\CETASvc.exe C:\Program Files (x86)\Trend Micro\Endpoint Basecamp\modules\wsc\WSCommunicator.exe C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe C:\Program Files\Trend Micro\Cloud Endpoint\CloudEndpointService.exe C:\Program Files\Trend Micro\Deep Security Agent\nuagent\ds_nuagent.Exe C:\Program Files\Trend Micro\Deep Security Agent\dsa-connect.Exe

Congrats for your Git content! HTH.

Phil

Aug 21 '23 13:08 cyb3rxp

sysmon-modular sysmon-modular copied to clipboard

Suggested additions to TrendMicro ProcessCreation event exclusion

sysmon-modular
sysmon-modular copied to clipboard