Commit Graph

41 Commits

Author SHA1 Message Date
Florian Roth
0853dfd5e0 fix: FPs 2021-06-08 15:45:55 +02:00
Florian Roth
863307c137 fix: FPs and fixes 2020-11-06 12:44:26 +01:00
Florian Roth
7f939286d1 fix: FPs with chrome executables 2020-09-02 18:21:31 +02:00
ecco
7be6f3ff10 fix FP for wininit on win10 20H04 2020-07-09 09:34:31 -04:00
Hilko Bengen
0151322ae6 Fix uint32*() patterns that can't return values > 2^32-1 2020-06-25 22:01:15 +02:00
Florian Roth
4670cc70c0 fix: FPs with lsass.exe 2020-06-16 09:22:28 +02:00
Florian Roth
c523ec8d63 fix: big false positive cleanup 2019-10-24 16:49:56 +02:00
Florian Roth
0448d97e8f FP: svchost.exe size 2019-02-19 12:53:01 +01:00
Florian Roth
50b0a91ee0 FP: adjusted size of svchost.exe rule 2019-02-16 07:49:25 +01:00
Florian Roth
6332f7c6ca Kitty Fork Putty FP 2019-01-29 15:31:54 +01:00
Florian Roth
b5f6c82040 Suspicious RTF header anomaly 2019-01-20 17:36:32 +01:00
Florian Roth
ca7f252dc0 False Positive Reduction 2019-01-17 13:12:39 +01:00
Florian Roth
4349f58d37 Score adjustments 2019-01-08 09:18:54 +01:00
Florian Roth
6d9577a703 Putty anormal file sizes 2019-01-07 13:27:31 +01:00
Florian Roth
13b238f39f Fixed character formatting to wide in SUSP_Scheduled_Task_BigSize 2018-12-14 08:58:10 +01:00
Florian Roth
1b959e2a3b False Positives on Exchange with SUSP_Scheduled_Task_BigSize 2018-12-14 08:55:48 +01:00
Florian Roth
e4dd8c610c Fixed some dates 2018-12-14 08:55:27 +01:00
Florian Roth
9d38c8f4b3 Suspicious Scheduled Task BigSize 2018-12-07 08:20:44 +01:00
Florian Roth
2ed2af38f8 Suspicious Pirated Office 2007 2018-12-07 08:20:31 +01:00
Florian Roth
0a3567621b fix: bugfix in generic_anomalies rule 2018-12-01 13:32:26 +01:00
Florian Roth
9291c8c9a1 fix: bugfix in general_anomalies.yar rule 2018-12-01 13:02:18 +01:00
Florian Roth
8cd247169a False Positive Reduction 2018-12-01 08:33:33 +01:00
Florian Roth
f0edb3c047 Suspicious size of ASUS tuning tool 2018-10-30 09:41:59 +01:00
Florian Roth
7c8745c59e License notice on my own rules, removed rules with unclear/problematic licensing 2018-08-26 12:48:01 +02:00
Florian Roth
be2315b3cf False Positive Reduction 2018-06-08 21:11:39 +02:00
r00t0vi4
7e95136760
Update generic_anomalies.yar
Replace external variable "filetype" with hex 0x4749463839 (GIF89). 
It's a simplifies rules. You are using external variable "filetype" only in this place.
2018-05-07 15:17:14 +03:00
Florian Roth
525bb2d361 False Positive Reduction 2018-03-22 00:17:41 +01:00
Florian Roth
ef4e347960 Suspicious Autoit by Microsoft 2017-12-16 15:43:56 +01:00
Florian Roth
0e26cdfb37 Chrome file size anomaly false positive 2017-12-08 12:19:45 +01:00
Florian Roth
3f27b85df6 False Positive Reduction 2017-10-14 12:59:00 +02:00
Florian Roth
97c97a803c Uncommon size adjustments for new Win10 files 2017-10-06 10:19:51 +02:00
Florian Roth
ae82dd03a8 False Positive Reduction 2017-09-27 16:35:14 +02:00
Florian Roth
81fc855b66 False Positive Reduction 2017-09-13 10:45:55 +02:00
Florian Roth
05ee5af114 Bugfix in Rule 2017-07-20 12:27:16 -06:00
Florian Roth
1f0cad89f1 Bugfixes and False Positive Reduction 2017-07-20 12:24:49 -06:00
Florian Roth
2f4147b6bb Mirai Botnet Malware and Improvements 2016-10-06 08:48:52 +02:00
Florian Roth
f3fd2022d8 False Positive Reduction 2016-04-27 13:36:17 +02:00
Florian Roth
e3f04a6e71 False Positive Fixes 2016-04-26 10:04:19 +02:00
Florian Roth
62f3edda9f False Positives with Common File Sizes 2016-04-13 00:51:08 +02:00
Florian Roth
02d2b41836 False Positives
- software_reporter_tool.exe
https://www.virustotal.com/en/file/4d83a4250113aabc303b29c99c26da1decc85
e7866db1922dc312799dccb8302/analysis/
- spoolsv.exe anomaly
2016-02-29 13:46:21 +01:00
Florian Roth
3a61922ceb signatures > yara 2016-02-15 12:31:27 +01:00