https://github.com/hfiref0x/MpEnum
What it can: enumerate all "bad" threats (families) from AV DB, list it by category (> 50 categories) and save each category families list to file.
What it can't: enumerate actual definitions in each family. As you understand this is out of my interest.
Compiled binary included.
Mainly created when I was forced to bypass idiotic detection from Windows Defender on newest insider build.
Full categorized dump for WD AV Signature DB version 1.273.443.0
https://github.com/hfiref0x/MpEnum/tree/master/Dump
P.S.
There exist PowerShell command, https://technet.microsoft.com/en-us/lib ... .630).aspx which also can enumerate AV DB, however it output is messed up as it seems doesn't take MPTHREAT_CATEGORY into account/output.
MpEnum - dump all threat families from Windows Defender
-
EP_X0FF
- Global Moderator
- Posts: 4812
- Joined: Sun Mar 07, 2010 5:35 am
- Location: Russian Federation
- Contact:
MpEnum - dump all threat families from Windows Defender
Ring0 - the source of inspiration
Re: MpEnum - dump all threat families from Windows Defender
Cool tool! What was the idiotic detection name you were bypassing EP_X0FF? Will look into it. What was the FP on?
-
EP_X0FF
- Global Moderator
- Posts: 4812
- Joined: Sun Mar 07, 2010 5:35 am
- Location: Russian Federation
- Contact:
Re: MpEnum - dump all threat families from Windows Defender
Windows Defender has a pure love to my WinObjEx64. MS schizophrenic automation sometimes cast various idiotic nonsense detection on it, because I use HDE/LDASM etc.
Ring0 - the source of inspiration