Florian Roth
0853dfd5e0
fix: FPs
2021-06-08 15:45:55 +02:00
Florian Roth
863307c137
fix: FPs and fixes
2020-11-06 12:44:26 +01:00
Florian Roth
7f939286d1
fix: FPs with chrome executables
2020-09-02 18:21:31 +02:00
ecco
7be6f3ff10
fix FP for wininit on win10 20H04
2020-07-09 09:34:31 -04:00
Hilko Bengen
0151322ae6
Fix uint32*() patterns that can't return values > 2^32-1
2020-06-25 22:01:15 +02:00
Florian Roth
4670cc70c0
fix: FPs with lsass.exe
2020-06-16 09:22:28 +02:00
Florian Roth
c523ec8d63
fix: big false positive cleanup
2019-10-24 16:49:56 +02:00
Florian Roth
0448d97e8f
FP: svchost.exe size
2019-02-19 12:53:01 +01:00
Florian Roth
50b0a91ee0
FP: adjusted size of svchost.exe rule
2019-02-16 07:49:25 +01:00
Florian Roth
6332f7c6ca
Kitty Fork Putty FP
2019-01-29 15:31:54 +01:00
Florian Roth
b5f6c82040
Suspicious RTF header anomaly
2019-01-20 17:36:32 +01:00
Florian Roth
ca7f252dc0
False Positive Reduction
2019-01-17 13:12:39 +01:00
Florian Roth
4349f58d37
Score adjustments
2019-01-08 09:18:54 +01:00
Florian Roth
6d9577a703
Putty anormal file sizes
2019-01-07 13:27:31 +01:00
Florian Roth
13b238f39f
Fixed character formatting to wide in SUSP_Scheduled_Task_BigSize
2018-12-14 08:58:10 +01:00
Florian Roth
1b959e2a3b
False Positives on Exchange with SUSP_Scheduled_Task_BigSize
2018-12-14 08:55:48 +01:00
Florian Roth
e4dd8c610c
Fixed some dates
2018-12-14 08:55:27 +01:00
Florian Roth
9d38c8f4b3
Suspicious Scheduled Task BigSize
2018-12-07 08:20:44 +01:00
Florian Roth
2ed2af38f8
Suspicious Pirated Office 2007
2018-12-07 08:20:31 +01:00
Florian Roth
0a3567621b
fix: bugfix in generic_anomalies rule
2018-12-01 13:32:26 +01:00
Florian Roth
9291c8c9a1
fix: bugfix in general_anomalies.yar rule
2018-12-01 13:02:18 +01:00
Florian Roth
8cd247169a
False Positive Reduction
2018-12-01 08:33:33 +01:00
Florian Roth
f0edb3c047
Suspicious size of ASUS tuning tool
2018-10-30 09:41:59 +01:00
Florian Roth
7c8745c59e
License notice on my own rules, removed rules with unclear/problematic licensing
2018-08-26 12:48:01 +02:00
Florian Roth
be2315b3cf
False Positive Reduction
2018-06-08 21:11:39 +02:00
r00t0vi4
7e95136760
Update generic_anomalies.yar
...
Replace external variable "filetype" with hex 0x4749463839 (GIF89).
It's a simplifies rules. You are using external variable "filetype" only in this place.
2018-05-07 15:17:14 +03:00
Florian Roth
525bb2d361
False Positive Reduction
2018-03-22 00:17:41 +01:00
Florian Roth
ef4e347960
Suspicious Autoit by Microsoft
2017-12-16 15:43:56 +01:00
Florian Roth
0e26cdfb37
Chrome file size anomaly false positive
2017-12-08 12:19:45 +01:00
Florian Roth
3f27b85df6
False Positive Reduction
2017-10-14 12:59:00 +02:00
Florian Roth
97c97a803c
Uncommon size adjustments for new Win10 files
2017-10-06 10:19:51 +02:00
Florian Roth
ae82dd03a8
False Positive Reduction
2017-09-27 16:35:14 +02:00
Florian Roth
81fc855b66
False Positive Reduction
2017-09-13 10:45:55 +02:00
Florian Roth
05ee5af114
Bugfix in Rule
2017-07-20 12:27:16 -06:00
Florian Roth
1f0cad89f1
Bugfixes and False Positive Reduction
2017-07-20 12:24:49 -06:00
Florian Roth
2f4147b6bb
Mirai Botnet Malware and Improvements
2016-10-06 08:48:52 +02:00
Florian Roth
f3fd2022d8
False Positive Reduction
2016-04-27 13:36:17 +02:00
Florian Roth
e3f04a6e71
False Positive Fixes
2016-04-26 10:04:19 +02:00
Florian Roth
62f3edda9f
False Positives with Common File Sizes
2016-04-13 00:51:08 +02:00
Florian Roth
02d2b41836
False Positives
...
- software_reporter_tool.exe
https://www.virustotal.com/en/file/4d83a4250113aabc303b29c99c26da1decc85
e7866db1922dc312799dccb8302/analysis/
- spoolsv.exe anomaly
2016-02-29 13:46:21 +01:00
Florian Roth
3a61922ceb
signatures > yara
2016-02-15 12:31:27 +01:00