valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update win_susp_msmpeng_crash.yml

Browse Source
This commit is contained in:
Jonhnathan 2020-10-15 15:50:01 -03:00 committed by GitHub
parent c310d72e2b
commit 9b8817f489
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
rules/windows/builtin/win_susp_msmpeng_crash.yml
View File

@ -23,9 +23,9 @@ detection:
Source: 'Windows Error Reporting'
EventID: 1001
keywords:
Message:
- '*MsMpEng.exe*'
- '*mpengine.dll*'
Message|contains:
- 'MsMpEng.exe'
- 'mpengine.dll'
condition: 1 of selection* and all of keywords
falsepositives:
- MsMpEng.exe can crash when C:\ is full