MpEnum - dump all threat families from Windows Defender

Forum for announcements and questions about tools and software.
Post Reply
User avatar
Global Moderator
Posts: 4792
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation

MpEnum - dump all threat families from Windows Defender

Post by EP_X0FF » Mon Aug 06, 2018 4:02 pm

What it can: enumerate all "bad" threats (families) from AV DB, list it by category (> 50 categories) and save each category families list to file.
What it can't: enumerate actual definitions in each family. As you understand this is out of my interest.

Compiled binary included.

Mainly created when I was forced to bypass idiotic detection from Windows Defender on newest insider build.

Full categorized dump for WD AV Signature DB version 1.273.443.0

There exist PowerShell command, ... .630).aspx which also can enumerate AV DB, however it output is messed up as it seems doesn't take MPTHREAT_CATEGORY into account/output.
Ring0 - the source of inspiration

Post Reply