MpEnum - dump all threat families from Windows Defender

Forum for announcements and questions about tools and software.
Post Reply
User avatar
EP_X0FF
Global Moderator
Posts: 4792
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

MpEnum - dump all threat families from Windows Defender

Post by EP_X0FF » Mon Aug 06, 2018 4:02 pm

https://github.com/hfiref0x/MpEnum

What it can: enumerate all "bad" threats (families) from AV DB, list it by category (> 50 categories) and save each category families list to file.
What it can't: enumerate actual definitions in each family. As you understand this is out of my interest.

Compiled binary included.

Mainly created when I was forced to bypass idiotic detection from Windows Defender on newest insider build.

Full categorized dump for WD AV Signature DB version 1.273.443.0

https://github.com/hfiref0x/MpEnum/tree/master/Dump

P.S.
There exist PowerShell command, https://technet.microsoft.com/en-us/lib ... .630).aspx which also can enumerate AV DB, however it output is messed up as it seems doesn't take MPTHREAT_CATEGORY into account/output.
Ring0 - the source of inspiration

Post Reply