• XSS.stack #1 – первый литературный журнал от юзеров форума

VM/XDR/EDR/AV Process Name Lists

Отслеживать
br0

br0

старый школьник
Premium
Регистрация
17.07.2021
Сообщения
123
Реакции
32
Гарант сделки
1
Здравствуйт! Поискал по форуму не нашел ничего похожего, по этому решил создать новый топик.
Подскажите пожалуйста, где можно посмотреть актуальный большой список имен процессов XDR/EDR/AV/виртуалок именно в процесс листе, желательно в том числе и инструментов отладки типа разных Process Hacker и sysinternals утилит, IDA/x64dbg естественно и гидра итп...
есть ли где-то актуальный, большой и желательно обновляемый такой список со всеми подозрительными процессами при нахождении которых в системе можно задетектить машину реверсера/виртуалку и/или какой конкретно AV/EDR в системе ?
Интересует именно список процессов, конкретно имена процессов, другие артефакты типа записей в реестр или файлов не интересны.
сразу внесу свои 5 копеек:

Код: 
VM:
--------
vboxservice.exe
vboxtray.exe
vmtoolsd.exe
vmwaretray.exe
vmwareuser.exe
vmware.exe
vmount2.exe
VGAuthService.exe
vmacthlp.exe
vmsrvc.exe
vmusrvc.exe
prl_cc.exe
prl_tools.exe
prl_cc.exe
xenservice.exe
xsvc_depriv.exe
joeboxserver.exe
joeboxcontrol.exe
qemu-ga.exe
WPE Pro.exe

TOOLS:
--------
pd64.exe
ida64.exe
ida32.exe
x64dbg.exe
x32dbg.exe
hiew32.exe
sysanalyzer.exe
petools.exe
dnSpy.exe
lordpe.exe
CFF Explorer.exe
PE-bear.exe
Procmon.exe
Procmon64.exe
Autoruns.exe
Autoruns64.exe
Dbgview.exe
dbgview64.exe
Diskmon.exe
Diskmon64.exe
portmon.exe
procdump.exe
procdump64.exe
tcpview.exe
tcpview64.exe
procexp.exe
procexp64.exe
die.exe
ProcessHacker.exe
Wireshark.exe
dumpcap.exe

мало конечно, но хоть что-то, предлагаю создать в этом топике большой список обновляемый, думаю многим будет полезно
 
Последнее редактирование:
WinDefender:
"SecurityHealthHost.exe", "MpCmdRun.exe", "MsMpEng.exe", "SecurityHealthSystray.exe", "SecurityHealthService.exe", "SecHealthUI.exe", "smartscreen.exe", "wss_client.exe"
Symantec:
"ccSvcHst.exe", "sepWscSvc64.exe", "snac64.exe", "SavUI.exe", "SymCorpUI.exe", "SRTSP_CA.exe","symerr.exe", "WSCSAvNotifier.exe", "smcinst.exe", "SmcGui.exe"
Nod:
"egui.exe", "dlpsrv.exe", "ekrn.exe", "eguiproxy.exe", "ekm.exe"
BitDefender:
"bdagent.exe", "bdntwrk.exe", "bdredline.exe", "bdreinit.exe", "BDSubWiz.exe", "DiscoverySrv.exe", "ProductAgentService.exe", "WatchDog.exe", "bdservicehost.exe", "bdtrackersnmh.exe", "bdwtxag.exe", "updatesrv.exe", "wsccommunicator.exe", "seccenter.exe", "EPSecurityService.exe", "EPProtectedService.exe", "EPIntegrationService.exe", "EPUpdateService.exe", "EPConsole.exe", "BASupSrvcUpdater.exe", "EPHost.Integrity.exe",
Sentinel: "SentinelAgent.exe", "SentinelAgentUI.exe", "SentinelAgentWorker.exe", "SentinelBrowserNativeHost.exe", "SentinelCtl.exe", "SentinelHelperService.exe", "SentinelInstaller.msi", "SentinelMemoryScanner.exe", "SentinelRemediation.exe", "SentinelRemoteShellHost.exe", "SentinelScanFromContextMenu.exe", "SentinelServiceHost.exe", "SentinelStaticEngine.exe", "SentinelStaticEngineScanner.exe", "SentinelStaticEngineScann.exe"
 
paamsrv.exe | Acronis Privacy Expert Suite
psh_svc.exe | Acronis Privacy Expert Suite
aupdrun.exe | Agnirum Outpost Firewall
ACAAS.exe | AhnLab
ACAEGMgr.exe | AhnLab
acaif.exe | AhnLab
ACAIS.exe | AhnLab
ahnsd.exe | AhnLab
ahnsdsv.exe | AhnLab
autoup.exe | AhnLab
v3clnsrv.exe | AhnLab
V3Medic.exe | AhnLab
V3Svc.exe | AhnLab
aflogvw.exe | AhnLab Spy Zero
ahnrpt.exe | AhnLab Spy Zero
atwsctsk.exe | AhnLab V3 Internet Security
v3exec.exe | AhnLab V3 Internet Security
v3imscn.exe | AhnLab V3 Internet Security
V3LITE.EXE | AhnLab V3 Light
V3MAIN.EXE | AhnLab V3 Light
V3SP.EXE | AhnLab V3 Light
monsvcnt.exe | Ahnsd Korean AV
monsysnt.exe | Ahnsd Korean AV
AeXNSRcvSvc.exe | Altiris
aexsvc.exe | Altiris
AtrsHost.exe | Altiris
CTDataLoad.exe | Altiris
AeXAgentUIHost.exe | Altiris Agent
aexnsagent.exe | Altiris Agent
AeXNSAgent.exe | Altiris Agent
AClntUsr.EXE | Altiris Client
aexswdusr.exe | Altiris Express NS Client Manager
PXEMTFTP.exe | Altiris Process
aclient.exe | Altiris remote login client
securitycenter.exe | Aluria Security Center
securitycenter.exe | Aluria Security Center
starta.exe | AntiVir Security Management Center Agent Module
starta.exe | AntiVir Security Management Center Agent Module
stopa.exe | AntiVir Security Management Center Agent Module
stopa.exe | AntiVir Security Management Center Agent Module
AnVir.exe | AnVir.exe
csrss_tc.exe | Atompark StaffCop
ashAvast.exe | Avast
ashBug.exe | Avast
ashChest.exe | Avast
ashCmd.exe | Avast
ashdisp.exe | Avast
ashDisp.exe | Avast
ashDisp.exe | Avast
ashEnhcd.exe | Avast
ashLogV.exe | Avast
ashmaisv.exe | Avast
ashMaiSv.exe | Avast
ashPopWz.exe | Avast
ashQuick.exe | Avast
ashserv.exe | Avast
ashServ.exe | Avast
ashSimp2.exe | Avast
ashSimpl.exe | Avast
ashSkPcc.exe | Avast
ashSkPck.exe | Avast
ashUpd.exe | Avast
ashwebsv.exe | Avast
ashWebSv.exe | Avast
aswDisp.exe | Avast
aswRegSvr.exe | Avast
aswServ.exe | Avast
aswupdsv.exe | Avast
aswUpdsv.exe | Avast
aswUpdSv.exe | Avast
aswWebSv.exe | Avast
AvastSvc.exe | Avast
avEngine.exe | Avast
afwServ.exe | Avast Firewall Service
AvastUI.exe | Avast GUI
avastemupdate.exe | Avast Internet Security
unsecapp.exe | Avast Internet Security
avgamsvr.exe | AVG
avgas.exe | AVG
avgcc32.exe | AVG
avgcc.exe | AVG
avgctrl.exe | AVG
avgdiag.exe | AVG
avgemc.exe | AVG
avgfws8.exe | AVG
avgfwsrv.exe | AVG
avginet.exe | AVG
avgmsvr.exe | AVG
avgrssvc.exe | AVG
avgscanx.exe | AVG
avgserv9.exe | AVG
avgserv.exe | AVG
avgupd.exe | AVG
avgupdln.exe | AVG
avgupsvc.exe | AVG
avgupsvc.exe | AVG
avgvv.exe | AVG
avgwb.dat | AVG
avgw.exe | AVG
avgw.exe | AVG
avgwizfw.exe | AVG
guard.exe | AVG
guard.exe | AVG
avgcsrvx.exe | AVG 8.5
AVGIDSAgent.exe | AVG 8.5/9.0 IDS
AVGIDSMonitor.exe | AVG 8.5/9.0 IDS
AVGIDSUI.exe | AVG 8.5 IDS
AVGIDSWatcher.exe | AVG 8.5 IDS
avgam.exe | AVG 8/8.5
avgnsx.exe | AVG 8/8.5
avgfws9.exe | AVG 9.0 FW
avgrsx.exe | AVG Anti-Virus
avgtray.exe | AVG Anti-Virus
avgwdsvc.exe | AVG Anti-Virus
sidebar.exe | AVG Anti-Virus
AVGCHSVX.EXE | AVG Internet Security
AVGCSRVX.EXE | AVG Internet Security
AVGNSX.EXE | AVG Internet Security
AVGSVC.EXE | AVG Internet Security
AVGUI.EXE | AVG Internet Security
avgcmgr.exe | AVG Internet Security (32-bit)
avgemcx.exe | AVG Internet Security (32-bit)
avgfws.exe | AVG Internet Security (32-bit)
avgmfapx.exe | AVG Internet Security (32-bit)
avgcefrend.exe | AVG Internet Security (64-bit)
avgcsrva.exe | AVG Internet Security (64-bit)
avgemca.exe | AVG Internet Security (64-bit)
avgfws.exe | AVG Internet Security (64-bit)
avgmfapx.exe | AVG Internet Security (64-bit)
avgnsa.exe | AVG Internet Security (64-bit)
avgrsa.exe | AVG Internet Security (64-bit)
loggingserver.exe | AVG Internet Security (64-bit)
toolbarupdater.exe | AVG Internet Security (64-bit)
wtusystemsuport.exe | AVG Internet Security (64-bit)
avgregcl.exe | AVG Registry Cleaner
avgsystx.exe | AVG SysTools
vprot.exe | AVG VProtect Application for SafeSearch
avcenter.exe | Avira
avcenter.exe | Avira
avconfig.exe | Avira
avconfig.exe | Avira
avesvc.exe | Avira
avesvc.exe | Avira
avgnt.exe | Avira
avgnt.exe | Avira
avmailc.exe | Avira
avmailc.exe | Avira
avmcdlg.exe | Avira
avmcdlg.exe | Avira
avnotify.exe | Avira
avnotify.exe | Avira
avscan.exe | Avira
avscan.exe | Avira
avshadow.exe | Avira
guardgui.exe | Avira
guardgui.exe | Avira
avguard.exe | Avira AntiVir
avadmin.exe | AVIRA Personal Edition Classic
avfwsvc.exe | AVIRA Personal Edition Classic
avwebgrd.exe | AVIRA Personal Edition Classic
fwinst.exe | AVIRA Personal Edition Classic
SysOptEngineSvc.exe | Baidu AV
BavTray.exe | Baidu AV
Bhipssvc.exe | Baidu AV
bmrt.exe | Barracuda Malware Removal Tool
bmrt.exe | Barracuda Malware Removal Tool | SECURITY_PRODUCT
seccenter.exe | Bitdefender
gziface.exe | Bitdefender Free
gzserv.exe | Bitdefender Free
bdagent.exe | BitDefender Security Suite
bdc.exe | BitDefender Security Suite
bdlite.exe | BitDefender Security Suite
bdmcon.exe | BitDefender Security Suite
bdmcon.exe | BitDefender Security Suite
bdss.exe | BitDefender Security Suite
bdsubmit.exe | BitDefender Security Suite
deloeminfs.exe | BitDefender Security Suite
livesrv.exe | BitDefender Security Suite
setloadorder.exe | BitDefender Security Suite
vsserv.exe | BitDefender Security Suite
xcommsvr.exe | BitDefender Security Suite
bka.exe | Bkav AV
BkavSystemServer.exe | Bkav AV
BluPro.exe | Bkav AV
blackd.exe | BlackIce Firewall
blackice.exe | BlackIce Firewall
ProUtil.exe | BlackIce Firewall
rapapp.exe | BlackIce Firewall
RapApp.exe | BlackIce Firewall
RapApp.exe | BlackIce Firewall
BLACKD.exe | Black Ice IDS
basfipm.exe | Broadcom ASF IP monitoring service
BULLGUARDBHVSCANNER.EXE | BullGuard Internet Security
BULLGUARDSCANNER.EXE | BullGuard Internet Security
BULLGUARD.EXE | BullGuard Internet Security
BULLGUARDTRAY.EXE | BullGuard Internet Security
BULLGUARDUPDATE.EXE | BullGuard Internet Security
isafe.exe | CA AntiVirus ISafe Service
cavrid.exe | CA AntiVirus Realtime Infection Report
vetmsg.exe | CA AntiVirus VET Message Service
amswmagt | CA eTrust Integrated Threat Management 8.1
caf.exe | CA eTrust Integrated Threat Management 8.1
capmuamagt.exe | CA eTrust Integrated Threat Management 8.1
ccnfagent.exe | CA eTrust Integrated Threat Management 8.1
ccsmagtd.exe | CA eTrust Integrated Threat Management 8.1
cfftplugin.exe | CA eTrust Integrated Threat Management 8.1
cfnotsrvd.exe | CA eTrust Integrated Threat Management 8.1
cfsmsmd.exe | CA eTrust Integrated Threat Management 8.1
ALERT.EXE | CA eTrust Integrated Threat Management 8.1/CA Jinchen Kill
igateway.exe | CA eTrust Integrated Threat Management 8.1/CA Jinchen Kill
inotask.exe | CA eTrust Integrated Threat Management 8.1/CA Jinchen Kill
InoTask.exe | CA eTrust Integrated Threat Management 8.1/CA Jinchen Kill
CAAntiSpyware.exe | CA Internet Security Suite 2007
caavcmdscan.exe | CA Internet Security Suite 2007
caav.exe | CA Internet Security Suite 2007
caavguiscan.exe | CA Internet Security Suite 2007
cafw.exe | CA Internet Security Suite 2007
CALogDump.exe | CA Internet Security Suite 2007
capfaem.exe | CA Internet Security Suite 2007
capfsem.exe | CA Internet Security Suite 2007
CAPPActiveProtection.exe | CA Internet Security Suite 2007
casecuritycenter.exe | CA Internet Security Suite 2007
caunst.exe | CA Internet Security Suite 2007
cavrep.exe | CA Internet Security Suite 2007
cctray.exe | CA Internet Security Suite 2007
ccupdate.exe | CA Internet Security Suite 2007
isafinst.exe | CA Internet Security Suite 2007
ITMRT_SupportDiagnostics.exe | CA Internet Security Suite 2007
ITMRT_SupportDiagnostics.exe | CA Internet Security Suite 2007
ITMRTSVC.exe | CA Internet Security Suite 2007
ITMRT_TRACE.exe | CA Internet Security Suite 2007
PPClean.exe | CA Internet Security Suite 2007
UmxAgent.exe | CA Internet Security Suite 2007
UmxCfg.exe | CA Internet Security Suite 2007
UmxFwHlp.exe | CA Internet Security Suite 2007
UmxPol.exe | CA Internet Security Suite 2007
unvet32.exe | CA Internet Security Suite 2007
CAPPActiveProtection.exe | CA Internet Security Suite 2007/8/9
capfasem.exe | CA Internet Security Suite 2008
ccprovsp.exe | CA Internet Security Suite 2008/9
PPCtlPriv.exe | CA Internet Security Suite 2008 Antispyware
casc.exe | CA Internet Security Suite 2009
ccschedulersvc.exe | CA Internet Security Suite 2009
ccsystemreport.exe | CA Internet Security Suite 2009
inonmsrv.exe | CA Jinchen Kill
InoNmSrv.exe | CA Jinchen Kill
InoWeb.exe | CA Jinchen Kill
Auth8021x.exe | CA Jinchen KILL / eTrust Antivirus
krbcc32s.exe | CA Jinchen KILL / eTrust Antivirus
pep.exe | CA Jinchen KILL / eTrust Antivirus
realmon.exe | CA Jinchen Kill Realtime Monitor
Realmon.exe | CA Jinchen Kill Realtime Monitor
RealMon.exe | CA Jinchen Kill Realtime Monitor
RepMgr64.exe | Carbon Black | NGAV EDR
RepMgr64.exe | Carbon Black | NGAV EDR
csacontrol.exe | Cisco Security Agent
leventmgr.exe | Cisco Security Agent
okclient.exe | Cisco Security Agent
csacontrol.exe | Cisco Security Agent 5.1
leventmgr.exe | Cisco Security Agent 5.1
okclient.exe | Cisco Security Agent 5.1
clamscan.exe | ClamAV
ClamTray.exe | ClamAV
ClamWin.exe | ClamAV
ccemflsv.exe | Client and Host Security Platform
ccemflsv.exe | Client and Host Security Platform
cssauth.exe | Client Security Solution
cssauth.exe | Client Security Solution
cavscan.exe | Comodo
CLPS.exe | Comodo
CLPSLA.exe | Comodo
CLPSLS.exe | Comodo
cmdinstall.exe | Comodo
cfpconfig.exe | Comodo Firewall Pro
cfp.exe | Comodo Firewall Pro
cfplogvw.exe | Comodo Firewall Pro
cfpsbmit.exe | Comodo Firewall Pro
cfpupdat.exe | Comodo Firewall Pro
cmdagent.exe | Comodo Firewall Pro
crashrep.exe | Comodo Firewall Pro
CIS.EXE | Comodo Internet Security
CISTRAY.EXE | Comodo Internet Security
cpf.exe | Comodo Personal Firewall
cfpconfg.exe | COMODO VIRUS SCANNER
CSFalconService.exe | CrowdStrike Falcon | EDR NGAV
CSFalconService.exe | CrowdStrike Falcon | EDR NGAV
CylanceUI.exe | Cylance | NGAV EDR
CylanceUI.exe | Cylance | NGAV EDR
CylanceSvc.exe | Cylance | NGAV EDR
CylanceSvc.exe | Cylance | NGAV EDR
CrAmTray.exe | Cybereason | EDR
CrsSvc.exe | Cybereason | EDR
AmSvc.exe | Cybereason | EDR
FrzState2k.exe | Deep Freeze
DRWAGNUI.EXE | DrWeb
drweb32.exe | DrWeb
drweb32w.exe | DrWeb
DRWEB32W.EXE | DrWeb
drweb386.exe | DrWeb
drwebcgp.exe | DrWeb
drwebdc.exe | DrWeb
drweb.exe | DrWeb
drwebmng.exe | DrWeb
drwebscd.exe | DrWeb
DRWEBSCD.EXE | DrWeb
drwebupw.exe | DrWeb
DRWEBUPW.EXE | DrWeb
drwebwcl.exe | DrWeb
drwebwin.exe | DrWeb
DRWINST.EXE | DrWeb
dwengine.exe | DrWeb
spiderml.exe | DrWeb
SPIDERML.EXE | DrWeb
spidernt.exe | DrWeb
SPIDERNT.EXE | DrWeb
spiderui.exe | DrWeb
SpIDerAgent.exe | Dr Web
drwagntd.exe | DrWeb Enterprise
DRWAGNTD.EXE | DrWeb Enterprise
drwupgrade.exe | DrWeb Enterprise
drwebcom.exe | DrWeb Plesk COM for Windows
DWARKDAEMON.EXE | DrWeb Total Security
DWNETFILTER.EXE | DrWeb Total Security
spideragent.exe | DrWeb Total Security
eeyeevnt.exe | eEye Retina Digital Security
RetinaEngine.exe | eEye Retina Digital Security
RetinaEngine.exe | eEye Retina Digital Security
A2GUARD.EXE | Emsisoft Internet Security
A2SERVICE.EXE | Emsisoft Internet Security
A2START.EXE | Emsisoft Internet Security
Administrator.exe | Entensys UserGate 5
control_panel.exe | Entensys UserGate 5
usergate.exe | Entensys UserGate 5
esmagent.exe | Enterprise Security Agent
era.exe | ESET Remote Administrator
ppmcativedetection.exe | eTrust
ppmcativedetection.exe | eTrust
vettray.exe | eTrust
cavtray.exe | eTrust Antivirus
inorpc.exe | eTrust Antivirus
InoRpc.exe | eTrust Antivirus
inort.exe | eTrust Antivirus
InoRT.exe | eTrust Antivirus
ca.exe | eTrust Firewall
caissdt.exe | eTrust Internet Security Suite
etagent.exe | EventTracker by Prism Microsystems
ETLogAnalyzer.exe | EventTracker by Prism Microsystems
ETRssFeeds.exe | EventTracker by Prism Microsystems
evtarmgr.exe | EventTracker by Prism Microsystems
evtmgr.exe | EventTracker by Prism Microsystems
ETReporter.exe | EventTracker by Prism Microsystems change
ETConsole3.exe | EventTracker Console
EtwControlPanel.exe | EventTracker Console
UserAnalysis.exe | EventTracker Console
ETCorrel.exe | EventTracker log cache
evtProcessEcFile.exe | EventTracker , pops up and disappears
EtScheduler.exe | EventTracker Scheduler
UserActivity.exe | EventTracker Scheduler
TrapTrackerMgr.exe | EventTracker SNMP Trap service
ewidoctrl.exe | Ewido Security Suite
ewidoctrl.exe | Ewido Security Suite
ewidoguard.exe | Ewido Security Suite
ewidoguard.exe | Ewido Security Suite
FCDBLog.exe | FortiClient Host Security
fmon.exe | FortiClient Host Security 3.0.459
fortifw.exe | FortiClient Host Security 3.0.459
FortiProxy.exe | FortiClient Host Security 3.0.459
FortiTray.exe | FortiClient Host Security 3.0.459
FortiWF.exe | FortiClient Host Security 3.0.459
update_task.exe | FortiClient Host Security 3.0.459
FCAPPDB.EXE | Fortinet Smart Security
FCDBLOG.EXE | Fortinet Smart Security
FCHELPER64.EXE | Fortinet Smart Security
FORTIESNAC.EXE | Fortinet Smart Security
FORTIPROXY.EXE | Fortinet Smart Security
FORTISSLVPNDAEMON.EXE | Fortinet Smart Security
FORTITRAY.EXE | Fortinet Smart Security
FORTIWF.EXE | Fortinet Smart Security
FPAVServer.exe | F-PROT Antivirus
FProtTray.exe | F-PROT Antivirus
fameh32.exe | F-Secure Alert and Management Extension Handler
fspex.exe | F-Secure Anti-Virus Updater
fsaa.exe | F-Secure Authentication Agent
bwgo0000 | F-Secure Backweb Temporary Files
fch32.exe | F-Secure Configuration Handler
fih32.exe | F-Secure Installation Launcher
FAMEH32.exe | F-Secure Internet Security
FCH32.exe | F-Secure Internet Security
fsaua.exe | F-Secure Internet Security
fsav32.exe | F-Secure Internet Security
fscuif.exe | F-Secure Internet Security
FSCUIF.exe | F-Secure Internet Security
fsdfwd.exe | F-Secure Internet Security
fsgk32.exe | F-Secure Internet Security
fsgk32st.exe | F-Secure Internet Security
fsguidll.exe | F-Secure Internet Security
fsguiexe.exe | F-Secure Internet Security
fshdll32.exe | F-Secure Internet Security
FSHDLL32.exe | F-Secure Internet Security
FSHOSTER32.EXE | F-Secure Internet Security
FSHOSTER64.EXE | F-Secure Internet Security
fsm32.exe | F-Secure Internet Security
FSM32.exe | F-Secure Internet Security
fsma32.exe | F-Secure Internet Security
FSMA32.exe | F-Secure Internet Security
fsmb32.exe | F-Secure Internet Security
FSMB32.exe | F-Secure Internet Security
fsorsp.exe | F-Secure Internet Security
fspc.exe | F-Secure Internet Security
fsqh.exe | F-Secure Internet Security
fssm32.exe | F-Secure Internet Security
setupguimngr.exe | F-Secure Internet Security
SetupGUIMngr.exe | F-Secure Internet Security
tnbutil.exe | F-Secure Internet Security
fsavgui.exe | F-Secure Internet Security GUI
GDScan.exe | G Data
AVKProxy.exe | G Data Internet Security 2007
AVKService.exe | G Data Internet Security 2007
AVKTray.exe | G Data Internet Security 2007
AVKWCtl.exe | G Data Internet Security 2007
GDFirewallTray.exe | G Data Internet Security 2007
GDFwSvc.exe | G Data Internet Security 2007
EndPointSecurity.exe | GFI EndPointSecurity
esecservice.exe | GFI EndPointSecurity
gfireporterservice.exe | GFI EndPointSecurity
esecagntservice.exe | GFI EndPoint Security
rcsvcmon.exe | GFI EndPointSecurity
DolphinCharge.e | GoldenDolphin Chinese IDS
DolphinCharge.exe | GoldenDolphin Chinese IDS
LogGetor.exe | GoldenDolphin Chinese IDS
netalertclient.exe | GoldenDolphin Chinese IDS
PrintDevice.exe | GoldenDolphin Chinese IDS
PwdFiltHelp.exe | GoldenDolphin Chinese IDS
pthosttr.exe | HP Protecttools Security Manager
hpqWmiEx.exe | HP ProtectTools Security Manager
hpqWmiEx.exe | HP ProtectTools Security Manager
ntcaagent.exe | Huawei SACC Agent
ntcadaemon.exe | Huawei SACC Agent
ntcaservice.exe | Huawei SACC Agent
PrivacyIconClient.exe | Intel Management and Security
PrivacyIconClient.exe | Intel Management and Security
rapuisvc.exe | ISS_Proventia_Agent 9.0 from IBM
vpatch.exe | ISS_Proventia_Agent 9.0 from IBM
tclproc.exe | ISS RealSecure IDS
isscsf.exe | ISS Security Scanner
isscsf.exe | ISS Security Scanner
issCSF.exe | ISS Security Scanner
issCSF.exe | ISS Security Scanner
issdaemon.exe | ISS Security Scanner
issdaemon.exe | ISS Security Scanner
issDaemon.exe | ISS Security Scanner
issDaemon.exe | ISS Security Scanner
kvdetech.exe | Jiangmin AV and FW
kvmonxp_2.kxp | Jiangmin AV and FW
KVMonXP_2.kxp | Jiangmin AV and FW
kvmonxp.kxp | Jiangmin AV and FW
KVMonXP.kxp | Jiangmin AV and FW
kvolself.exe | Jiangmin AV and FW
kvsrvxp_1.exe | Jiangmin AV and FW
kvsrvxp.exe | Jiangmin AV and FW
KVSrvXP.exe | Jiangmin AV and FW
kvxp.kxp | Jiangmin AV and FW
KvXP.kxp | Jiangmin AV and FW
PpPpWallRun.exe | Jiangmin AV and FW
avpcc.exe | Kaspersky
avpexec.exe | Kaspersky
avp.exe | Kaspersky
AVP.exe | Kaspersky
AVP.EXE | Kaspersky
avpm.exe | Kaspersky
AvpM.exe | Kaspersky
avpncc.exe | Kaspersky
avps.exe | Kaspersky
avps.exe | Kaspersky
avpupd.exe | Kaspersky
kav.exe | Kaspersky
kavisarv.exe | Kaspersky
kavisarv.exe | Kaspersky
kavmm.exe | Kaspersky
kavss.exe | Kaspersky
kavsvc.exe | Kaspersky
kis.exe | Kaspersky
klnagent.exe | Kaspersky
KLNAGENT.EXE | Kaspersky
klswd.exe | Kaspersky
klwtblfs.exe | Kaspersky
kwsprod.exe | Kaspersky
KWSProd.exe | Kaspersky
AVPUI.EXE | Kaspersky
Up2date.exe | Kaspersky Administration Kit
klserver.exe | Kaspersky Administration Server
oespamtest.exe | Kaspersky Anti-Spam for Outlook or Outlook Express
KavAdapterExe.exe | Kaspersky Anti-Virus for Lotus Notes
kavlotsingleton.exe | Kaspersky Anti-Virus for Lotus Notes
kavfsgt.exe | Kaspersky Anti-Virus management service process
kavfsrcn.exe | Kaspersky Anti-Virus remote management process
kavfs.exe | Kaspersky Anti-Virus service process
KAVFS.EXE | Kaspersky Anti-Virus service process
kavfswp.exe | Kaspersky Anti-Virus working process
kavshell.exe | Kaspersky command line utility process
klnacserver.exe | Kaspersky Lab Cisco NAC Posture Validation Server
AVPDTAgt.exe | Kaspersky Lab Deployment Tool Agent
klnagent.exe | Kaspersky Network Agent
netcfg.exe | Kaspersky Network Configuration Tool
kavfsscs.exe | Kaspersky script interception dispatcher service process
kavtray.exe | Kaspersky task tray process
persfw.exe | Kerio Personal Firewall 2.1.5
avserver.exe | Kerio Winroute Firewall
winroute.exe | Kerio Winroute Firewall
WinRoute.exe | Kerio Winroute Firewall
WinRoute.exe | Kerio Winroute Firewall
wrctrl.exe | Kerio Winroute Firewall
KABackReport.exe | Kingsoft
kaccore.exe | Kingsoft
KANMCMain.exe | Kingsoft
kastray.exe | Kingsoft
kislive.exe | Kingsoft
kmailmon.exe | Kingsoft
KMailMon.exe | Kingsoft
KNUpdateMain.exe | Kingsoft
KSWebShield.exe | Kingsoft
kxeserv.exe | Kingsoft
uplive.exe | Kingsoft
kansgui.exe | Kingsoft Antivirus
kansvr.exe | Kingsoft Antivirus
kavstart.exe | Kingsoft Internet Security
KAVStart.exe | Kingsoft Internet Security
kpfwsvc.exe | Kingsoft Internet Security
kpfwsvc.exe | Kingsoft Internet Security
KPFWSvc.exe | Kingsoft Internet Security
kwatch.exe | Kingsoft Internet Security
KWatch.exe | Kingsoft Internet Security
kav32.exe | Kingsoft Internet Security 2008
kissvc.exe | Kingsoft Internet Security 2008
kpfw32.exe | Kingsoft Internet Security 2008
system.exe | LanAgent Monitoring
wssfcmai.exe | LanAgent Monitoring
aawservice.exe | Lavasoft Ad-Aware
Ad-Aware2007.exe | Lavasoft Ad-Aware
nlsvc.exe | LockTime NetLimiter 2 Monitor
MBAMSERVICE.EXE | Malwarebytes Anti-Malware
MBAMTRAY.EXE | Malwarebytes Anti-Malware
engineserver.exe | Mcafee
EngineServer.exe | McAfee
EventParser.exe | McAfee
log_qtine.exe | McAfee
mfeann.exe | McAfee
NAIlgpip.exe | McAfee
RPCServ.exe | McAfee
RPCServ.exe | McAfee
srvmon.exe | McAfee
mcagent.exe | McAfee Agent
mfemactl.exe | McAfee Agent AAC Host
macmnsvc.exe | McAfee Agent Common Services
masvc.exe | McAfee Agent Service
masalert.exe | McAfee AntiSpyware
msssrv.exe | McAfee Anti Spyware
massrv.exe | McAfee AntiSpyware application
msscli.exe | McAfee AntiSpyware Component
mcshld9x.exe | McAfee AntiVirus Component
mgavrtcl.exe | McAfee antivirus software
mcappins.exe | McAfee Application Installer
mfecanary.exe | McAfee Canary Process
macompatsvc.exe | McAfee Compat service
mcvsrte.exe | McAfee.com VirusScan Online Realtime Engine
mfefire.exe | McAfee Core Firewall Service
DAO_Log.exe | McAfee DAO Logger
firesvc.exe | McAfee Desktop Firewall
FireSvc.exe | McAfee Desktop Firewall
FireTray.exe | McAfee Desktop Firewall
firetray.exe | McAfee Desktop Firewall Traybar Helper
MCAPEXE.EXE | McAfee Endpoint Protection
MCSACORE.EXE | McAfee Endpoint Protection
MCSVHOST.EXE | McAfee Endpoint Protection
mfeesp.exe | McAfee Endpoint Security Platform component hosting server
naprdmgr.exe | McAfee ePolicy Orchestrator
naPrdMgr.exe | McAfee ePolicy Orchestrator
cpd.exe | McAfee Firewall
mfefw.exe | McAfee Firewall Business Object Hosting Server
FrameworkServic | McAfee Framework Services
cmgrdian.exe | McAfee Guardian Tray Icon
mcshell.exe | McAfee GUI
mfehcs.exe | McAfee HookCore Service
mcinfo.exe | McAfee Internet Security
HWAPI.exe | McAfee Internet Security Suite
McAfeeDataBackup.exe | McAfee Internet Security Suite
mcmscsvc.exe | McAfee Internet Security Suite
McNASvc.exe | McAfee Internet Security Suite
mcods.exe | McAfee Internet Security Suite
mcpromgr.exe | McAfee Internet Security Suite
McProxy.exe | McAfee Internet Security Suite
mcuimgr.exe | McAfee Internet Security Suite
MpfSrv.exe | McAfee Internet Security Suite
mpsevh.exe | McAfee Internet Security Suite
mps.exe | McAfee Internet Security Suite
msksrver.exe | McAfee Internet Security Suite
RedirSvc.exe | McAfee Internet Security Suite
SAService.exe | McAfee Internet Security Suite
siteadv.exe | McAfee Internet Security Suite
SiteAdv.exe | McAfee Internet Security Suite
mfemms.exe | McAfee Management Service
neotrace.exe | McAfee NeoTrace
vshwin32.exe | McAfee On-access scanner
mpfagent.exe | McAfee Personal Firewall
MpfAgent.exe | McAfee Personal Firewall
mpfconsole.exe | McAfee Personal Firewall
mpf.exe | McAfee Personal Firewall
mpfservice.exe | McAfee Personal Firewall Component
mpftray.exe | McAfee Personal Firewall Tray icon
mscifapp.exe | McAfee Privacy Service
mfevtps.exe | McAfee Process Validation
qclean.exe | McAfee QuickClean
mcregwiz.exe | McAfee Registration Wizard
RSSensor.exe | McAfee Rogue System Sensor
SAFeService.exe | McAfee SAFe Common Technology
NCDaemon.exe | Mcafee Scanner for Lotus Notes
mcdash.exe | McAfee Security Center Dashboard
mcdetect.exe | McAfee Security Centre Module
SSScheduler.exe | McAfee Security Scan
saHookMain.exe | McAfee SiteAdvisor
mskdetct.exe | McAfee Spamkiller
msksrvr.exe | McAfee Spamkiller
mskagent.exe | McAfee SpamKiller Module
stinger.exe | McAfee Stinger
mcsysmon.exe | McAfee System Monitor
mctskshd.exe | McAfee Task Scheduler
mfetp.exe | McAfee Threat Prevention Service
myagttry.exe | McAfee Total Protection for Small Business
mcupdmgr.exe | McAfee Update Manager
rulaunch.exe | McAfee User Interface
mcshield.exe | McAfee VirusScan
Mcshield.exe | McAfee VirusScan
Mcshield.exe | McAfee VirusScan
MCSHIELD.EXE | McAfee VirusScan
mcvsshld.exe | McAfee VirusScan
tbmon.exe | McAfee VirusScan
TBMon.exe | McAfee VirusScan
TBMon.exe | McAfee VirusScan
alogserv.exe | McAfee VirusScan Activity Log Server
AlogServ.exe | McAfee VirusScan Activity Log Server
mcmnhdlr.exe | McAfee VirusScan Command Handler
mghtml.exe | McAfee VirusScan Component
edisk.exe | McAfee VirusScan Emergency Disk Creator
scan32.exe | McAfee Virusscan Enterprise
frameworkservice.exe | McAfee VirusScan Enterprise
FrameworkService.exe | McAfee VirusScan Enterprise
mcconsol.exe | McAfee VirusScan Enterprise
mcscript_inuse.exe | McAfee VirusScan Enterprise
McScript_InUse.exe | McAfee VirusScan Enterprise
Mctray.exe | McAfee VirusScan Enterprise
mcupdate.exe | McAfee VirusScan Enterprise
shstat.exe | McAfee VirusScan Enterprise
UdaterUI.exe | McAfee VirusScan Enterprise
updaterui.exe | McAfee VirusScan Enterprise
UpdaterUI.exe | McAfee VirusScan Enterprise
mcepoc.exe | McAfee VirusScan for EPOC OS
McEPOC.exe | McAfee VirusScan for EPOC OS
mcepocfg.exe | McAfee VirusScan for EPOC OS
McEPOCfg.exe | McAfee VirusScan for EPOC OS
mcpalmcfg.exe | McAfee VirusScan for Palm OS
mcwcecfg.exe | McAfee VirusScan for WindowsCE OS
McWCECfg.exe | McAfee VirusScan for WindowsCE OS
mcwce.exe | McAfee VirusScan for WindowsCE OS
McWCE.exe | McAfee VirusScan for WindowsCE OS
frameworkservic.exe | Mcafee VirusScan Framework Service
vsmain.exe | McAfee VirusScan Main Console
oasclnt.exe | McAfee VirusScan Module
vsstat.exe | McAfee VirusScan On-Access Scanner
VsStat.exe | McAfee VirusScan On-Access Scanner
VSStat.exe | McAfee VirusScan On-Access Scanner
mcvsftsn.exe | McAfee VirusScan Online
avconsol.exe | McAfee VirusScan Scheduler
Avconsol.exe | McAfee VirusScan Scheduler
avsynmgr.exe | McAfee VirusScan Synchronization Manager
Avsynmgr.exe | McAfee VirusScan Synchronization Manager
vstskmgr.exe | McAfee VirusScan Task Manager
VsTskMgr.exe | McAfee VirusScan Task Manager
webscanx.exe | McAfee Web and ActiveX Scanner
WebScanX.exe | McAfee Web and ActiveX Scanner
mfewc.exe | McAfee Web Control Service
mfewch.exe | McAfee Web Control Service
giantantispywaremain.exe | Microsoft AntiSpyware
giantantispywareupdater.exe | Microsoft AntiSpyware
gcasservalert.exe | Microsoft AntiSpyware Alert Process
gcascleaner.exe | Microsoft AntiSpyware Cleaner Process
gcasinstallhelper.exe | Microsoft AntiSpyware Helper Process
gcasnotice.exe | Microsoft AntiSpyware Notifier Process
gcasdtserv.exe | Microsoft AntiSpyware Server Process
gcasserv.exe | Microsoft AntiSpyware Server Process
gcasswupdater.exe | Microsoft AntiSpyware Updater Process
fcsms.exe | Microsoft Forefront Client Security Management Service
fcsms.exe | Microsoft Forefront Client Security Management Service
FcsMs.exe | Microsoft Forefront Client Security Management Service
FcsMs.exe | Microsoft Forefront Client Security Management Service
fcssas.exe | Microsoft Forefront Client Security State Assessment Service
fcssas.exe | Microsoft Forefront Client Security State Assessment Service
FcsSas.exe | Microsoft Forefront Client Security State Assessment Service
FcsSas.exe | Microsoft Forefront Client Security State Assessment Service
nissrv.exe | Microsoft Network Inspection System
DPMRA.exe | Microsoft Security Center Data Protection Manager
DPMRA.exe | Microsoft Security Center Data Protection Manager
msseces.exe | Microsoft Security Essentials
wscntfy.exe | Microsoft Windows Security Center | CORE_OS
wscntfy.exe | Microsoft Windows Security Center | CORE_OS
SecurityManager.exe | MSC BAM Services
SecurityManager.exe | MSC BAM Services
AESecurityService.exe | MS Content Management Service
AESecurityService.exe | MS Content Management Service
Deteqt.Agent.exe | MWR Deteqt Suite EDR
OmniAgent.exe | MWR OmniAgent
nerosvc.exe | Nero Security Service
nerosvc.exe | Nero Security Service
SeAnalyzerTool.exe | Netgate Spy Emergency
SpyEmergency.exe | Netgate Spy Emergency
SpyEmergencySrv.exe | Netgate Spy Emergency
NLClient.exe | Netlimiter Traffic Monitor
crdm.exe | Netsys Enterprise Security (Encryption)
crdm.exe | Netsys Enterprise Security (Encryption)
NMAGENT.EXE | Network Monitor Agent
egui.exe | Nod32
EHttpSrv.exe | Nod32
ekrn.exe | Nod32
nod32.exe | Nod32
nod32krn.exe | Nod32
nod32kui.exe | Nod32
NOD32view.exe | NOD32 Update Viewer
cclaw.exe | Norman Ad-Aware SE Plus Antivirus 1.06r1 and Firewall 1
CClaw.exe | Norman Ad-Aware SE Plus Antivirus 1.06r1 and Firewall 1
elogsvc.exe | Norman Ad-Aware SE Plus Antivirus 1.06r1 and Firewall 1
nip.exe | Norman Ad-Aware SE Plus Antivirus 1.06r1 and Firewall 1
Nip.exe | Norman Ad-Aware SE Plus Antivirus 1.06r1 and Firewall 1
NIP.exe | Norman Ad-Aware SE Plus Antivirus 1.06r1 and Firewall 1
nipsvc.exe | Norman Ad-Aware SE Plus Antivirus 1.06r1 and Firewall 1
njeeves.exe | Norman Ad-Aware SE Plus Antivirus 1.06r1 and Firewall 1
Njeeves.exe | Norman Ad-Aware SE Plus Antivirus 1.06r1 and Firewall 1
NJeeves.exe | Norman Ad-Aware SE Plus Antivirus 1.06r1 and Firewall 1
Npfmsg2.exe | Norman Ad-Aware SE Plus Antivirus 1.06r1 and Firewall 1
npfmsg.exe | Norman Ad-Aware SE Plus Antivirus 1.06r1 and Firewall 1
NPFMSG.exe | Norman Ad-Aware SE Plus Antivirus 1.06r1 and Firewall 1
Npfsvice.exe | Norman Ad-Aware SE Plus Antivirus 1.06r1 and Firewall 1
nrmenctb.exe | Norman Ad-Aware SE Plus Antivirus 1.06r1 and Firewall 1
NRMENCTB.exe | Norman Ad-Aware SE Plus Antivirus 1.06r1 and Firewall 1
nvcoas.exe | Norman Ad-Aware SE Plus Antivirus 1.06r1 and Firewall 1
Nvcoas.exe | Norman Ad-Aware SE Plus Antivirus 1.06r1 and Firewall 1
NVCOAS.exe | Norman Ad-Aware SE Plus Antivirus 1.06r1 and Firewall 1
nvcsched.exe | Norman Ad-Aware SE Plus Antivirus 1.06r1 and Firewall 1
Nvcsched.exe | Norman Ad-Aware SE Plus Antivirus 1.06r1 and Firewall 1
NVCSched.exe | Norman Ad-Aware SE Plus Antivirus 1.06r1 and Firewall 1
nymse.exe | Norman Ad-Aware SE Plus Antivirus 1.06r1 and Firewall 1
Nymse.exe | Norman Ad-Aware SE Plus Antivirus 1.06r1 and Firewall 1
zanda.exe | Norman Ad-Aware SE Plus Antivirus 1.06r1 and Firewall 1
Zanda.exe | Norman Ad-Aware SE Plus Antivirus 1.06r1 and Firewall 1
Zanda.exe | Norman Ad-Aware SE Plus Antivirus 1.06r1 and Firewall 1
zlh.exe | Norman Ad-Aware SE Plus Antivirus 1.06r1 and Firewall 1
Zlh.exe | Norman Ad-Aware SE Plus Antivirus 1.06r1 and Firewall 1
ZLH.exe | Norman Ad-Aware SE Plus Antivirus 1.06r1 and Firewall 1
NORTONSECURITY.EXE | Norton Security Deluxe
ixAptSvc.exe | nProtect
ixAvSvc.exe | nProtect
ixFwSvc.exe | nProtect
EMLPROUI.exe | Omniquad Total Security 3.0.0
EMLPROXY.exe | Omniquad Total Security 3.0.0
mpsvc.exe | Omniquad Total Security 3.0.0
ONLINENT.exe | Omniquad Total Security 3.0.0
ONLNSVC.exe | Omniquad Total Security 3.0.0
SCANMSG.exe | Omniquad Total Security 3.0.0
SCANWSCS.exe | Omniquad Total Security 3.0.0
TSAnSrf.exe | Omniquad Total Security 3.0.0
TSAtiSy.exe | Omniquad Total Security 3.0.0
TScutyNT.exe | Omniquad Total Security 3.0.0
TSmpNT.exe | Omniquad Total Security 3.0.0
UPSCHD.exe | Omniquad Total Security 3.0.0
xfilter.exe | Omniquad Total Security 3.0.0
aps.exe | Outpost Security
aus.exe | Outpost Security
outpost.exe | Outpost Security
AdminServer.exe | Panda
Avtask.exe | Panda
ClShield.exe | Panda
Console.exe | Panda
CPntSrv.exe | Panda
PadFSvr.exe | Panda
PASystemTray.exe | Panda
PavFnSvr.exe | Panda
Pavkre.exe | Panda
PavProt.exe | Panda
PavReport.exe | Panda
PNmSrv.exe | Panda
PSIMSVC.EXE | Panda
pavupg.exe | Panda AdminSecure upgrade utility
remupd.exe | Panda Agent
avengine.exe | Panda Anti-Virus
iface.exe | Panda Anti-Virus
pavfires.exe | Panda Anti-Virus
pavkre.exe | Panda Anti-Virus
pavmail.exe | Panda Anti-Virus
pavprot.exe | Panda Anti-Virus
pavprsrv.exe | Panda Anti-Virus
pavsched.exe | Panda Anti-Virus
pavsrv50.exe | Panda Anti-Virus
pavsrv51.exe | Panda Anti-Virus
pavsrv52.exe | Panda Anti-Virus
prevsrv.exe | Panda Anti-Virus
psimsvc.exe | Panda Anti-Virus
tpsrv.exe | Panda Anti-Virus
pagent.exe | Panda Enterprise
Pagent.exe | Panda Enterprise
pagentwd.exe | Panda Enterprise
Pagentwd.exe | Panda Enterprise
psctris.exe | Panda Enterprise
apvxdwin.exe | Panda Internet Security
AVENGINE.exe | Panda Internet Security
inicio.exe | Panda Internet Security
pavbckpt.exe | Panda Internet Security
PavBckPT.exe | Panda Internet Security
pavfnsvr.exe | Panda Internet Security
PAVFNSVR.exe | Panda Internet Security
pavjobs.exe | Panda Internet Security
PavPrSrv.exe | Panda Internet Security
PAVSRV51.exe | Panda Internet Security
PSANHOST.EXE | Panda Internet Security
PsCtrlS.exe | Panda Internet Security
PSHost.exe | Panda Internet Security
psimreal.exe | Panda Internet Security
psimreal.exe | Panda Internet Security
PsImSvc.exe | Panda Internet Security
pskmssvc.exe | Panda Internet Security
PSUAMAIN.EXE | Panda Internet Security
PSUASERVICE.EXE | Panda Internet Security
srvload.exe | Panda Internet Security
webproxy.exe | Panda Internet Security
WebProxy.exe | Panda Internet Security
WEBPROXY.EXE | Panda Internet Security
pnmsrv.exe | Panda Network Manager
avltmain.exe | Panda Titanium
FirewallGUI.exe | PC Tools Firewall Plus
pviewer.exe | Process Explode process viewer
pview.exe | Process Explode process viewer
pmon.exe | Process Monitor
qoeloader.exe | Qurb/CA Internet Security 2008/9 AntiSpam
Qoeloader.exe | Qurb/CA Internet Security 2008/9 AntiSpam
fws.exe | Radialpoint Security Services PCGuard
fws.exe | Radialpoint Security Services PCGuard
CCenter.exe | Rising
ravxp.exe | Rising
RavXP.exe | Rising
RAVXP.exe | Rising
rfwproxy.exe | Rising
rfwstub.exe | Rising
knownsvr.exe | Rising Antispyware
ras.exe | Rising Antispyware
rasupd.exe | Rising Antispyware
upfile.exe | Rising Antispyware
rstray.exe | Rising Anti-Spyware
RavAlert.exe | Rising AntiVirus
Rav.exe | Rising AntiVirus
ravmond.exe | Rising AntiVirus
RavMonD.exe | Rising AntiVirus
RAVMOND.exe | Rising AntiVirus
ravmon.exe | Rising AntiVirus
RavMon.exe | Rising AntiVirus
RavService.exe | Rising AntiVirus
ravstub.exe | Rising AntiVirus
RavStub.exe | Rising AntiVirus
RavTask.exe | Rising AntiVirus
RavTray.exe | Rising AntiVirus
RavUpdate.exe | Rising AntiVirus
RNReport.exe | Rising AntiVirus
rsnetsvr.exe | Rising Anti-Virus
scanfrm.exe | Rising Anti-Virus
rfwmain.exe | Rising Firewall
rfwsrv.exe | Rising Firewall
winlog.exe | Salfeld Personal Security Manager
OMSLogManager.exe | Secret Net
SnHwSrv.exe | Secret Net
SnICheckAdm.exe | Secret Net
SnicheckSrv.exe | Secret Net
SnIcon.exe | Secret Net
SnSrv.exe | Secret Net
smsx.exe | Security Technology Solutions SMSexpress
svcharge.exe | SiliVaccine Antivirus
SVCharge.exe | SiliVaccine Antivirus
svdealer.exe | SiliVaccine Antivirus
SVDealer.exe | SiliVaccine Antivirus
svframe.exe | SiliVaccine Antivirus
SVFrame.exe | SiliVaccine Antivirus
svtray.exe | SiliVaccine Antivirus
SVTray.exe | SiliVaccine Antivirus
sschk.exe | Simply Super Software Trojan Scanner
trjscan.exe | Simply Super Software Trojan Scanner
trupd.exe | Simply Super Software Trojan Scanner
SSecurityManager.exe | SIWF BAM Services
SSecurityManager.exe | SIWF BAM Services
DLTray.EXE | SmartLine DeviceLock
DLService.exe | SmartLine DeviceLock Service
DLTray.exe | SmartLine DeviceLock Tray Notifier
ALMon.exe | Sophos Anti-Virus
lmon.exe | Sophos Anti-Virus
SAVAdminService.exe | Sophos Anti-Virus
savservice.exe | Sophos Anti-Virus
SavService.exe | Sophos Anti-Virus
SDRSERVICE.EXE | Sophos Anti-Virus
SWC_SERVICE.EXE | Sophos Anti-Virus
sweepsrv.sys | Sophos Anti-Virus
SWI_SERVICE.EXE | Sophos Anti-Virus
swnetsup.exe | Sophos Anti-Virus
SWNETSUP.EXE | Sophos Anti-Virus
alsvc.exe | Sophos Anti-Virus AutoUpdate
ALsvc.exe | Sophos Anti-Virus AutoUpdate
ALUpdate.exe | Sophos Anti-Virus AutoUpdate
SAVMain.exe | Sophos Anti-Virus GUI is OPEN
sav32cli.exe | Sophos Anti-Virus Scanner
CertificationManagerServiceNT.exe | Sophos Control Center
EMLibUpdateAgentNT.exe | Sophos Control Center
ManagementAgentNT.exe | Sophos Control Center
MgntSvc.exe | Sophos Control Center
RouterNT.exe | Sophos Control Center
schdsrvc.exe | Sophos Control Center
SSP.EXE | Sophos Endpoint Security
SCFManager.exe | Sophos FIREWALL
SCFService.exe | Sophos FIREWALL
SCFTray.exe | Sophos FIREWALL
op_viewer.exe | Sophos FIREWALL GUI is OPEN
sgbhp.exe | SpywareBlaster Internet Security Tool
sgbhp.exe | SpywareBlaster Internet Security Tool
pctsAuxs.exe | Spyware Doctor
pctsGui.exe | Spyware Doctor
pctsSvc.exe | Spyware Doctor
pctsTray.exe | Spyware Doctor
RegMech.exe | Spyware Doctor
SDTrayApp.exe | Spyware_Doctor 5 from PC Tools
svcntaux.exe | Spyware_Doctor 5 from PC Tools
swdsvc.exe | Spyware_Doctor 5 from PC Tools
swnxt.exe | Spyware Nuker
execstat.exe | StatWin
seestat.exe | StatWin
swserver.exe | StatWin Total
slee81.exe | Steganos Security Suite Component
slee81.exe | Steganos Security Suite Component
kpf4gui.exe | Sunbelt Personal Firewall
kpf4ss.exe | Sunbelt Personal Firewall
kpf4gui.exe | Sunbelt Personal Firewall 4
kpf4ss.exe | Sunbelt Personal Firewall 4
WrSpySetup.exe | Super WinSpy
acctmgr.exe | Symantec
AcctMgr.exe | Symantec
alertsvc.exe | Symantec
AlertSvc.exe | Symantec
ALERTSVC.EXE | Symantec
alunotify.exe | Symantec
ALUNotify.exe | Symantec
aluschedulersvc.exe | Symantec
AluSchedulerSvc.exe | Symantec
AppSvc32.exe | Symantec
ccap.exe | Symantec
CCAP.EXE | Symantec
ccapp.exe | Symantec
ccApp.exe | Symantec
ccevtmgr.exe | Symantec
ccEvtMgr.exe | Symantec
ccproxy.exe | Symantec
ccProxy.exe | Symantec
ccpxysvc.exe | Symantec
ccsetmgr.exe | Symantec
ccSetmgr.exe | Symantec
ccSetMgr.exe | Symantec
ccSvcHst.exe | Symantec
checkup.exe | Symantec
cka.exe | Symantec
comHost.exe | Symantec
cpdclnt.exe | Symantec
csinject.exe | Symantec
csinsm32.exe | Symantec
csinsmnt.exe | Symantec
dbserv.exe | Symantec
dbsrv9.exe | Symantec
defwatch.exe | Symantec
DefWatch.exe | Symantec
Defwatch | Symantec
diskmon.exe | Symantec
djsnetcn.exe | Symantec
doscan.exe | Symantec
dwhwizrd.exe | Symantec
DWHWizrd.exe | Symantec
FWCfg.exe | Symantec
ghost_2.exe | Symantec
ghosttray.exe | Symantec
icepack.exe | Symantec
IcePack.exe | Symantec
IdsInst.exe | Symantec
isPwdSvc.exe | Symantec
issvc.exe | Symantec
ISSVC.exe | Symantec
isUAC.exe | Symantec
luall.exe | Symantec
LUALL.exe | Symantec
LUALL.EXE | Symantec
lucallbackproxy.exe | Symantec
lucoms~1.exe | Symantec
lucoms.exe | Symantec
MCUI32.exe | Symantec
navapsvc.exe | Symantec
Navapsvc.exe | Symantec
NAVAPSVC.EXE | Symantec
navapw32.exe | Symantec
NAVAPW32.EXE | Symantec
NaveCtrl.exe | Symantec
NaveLog.exe | Symantec
NaveSP.exe | Symantec
NavShcom.exe | Symantec
navw32.exe | Symantec
Navw32.exe | Symantec
Navwnt.exe | Symantec
ndetect.exe | Symantec
ngctw32.exe | Symantec
ngserver.exe | Symantec
nisoptui.exe | Symantec
nisserv.exe | Symantec
nisum.exe | Symantec
nmain.exe | Symantec
npfmntor.exe | Symantec
nprotect.exe | Symantec
NPROTECT.EXE | Symantec
npscheck.exe | Symantec
npssvc.exe | Symantec
nscsrvce.exe | Symantec
nsctop.exe | Symantec
NscTop.exe | Symantec
nsmdtr.exe | Symantec
NSMdtr.exe | Symantec
olfsnt40.exe | Symantec
OLFSNT40.EXE | Symantec
opscan.exe | Symantec
poproxy.exe | Symantec
POProxy.exe | Symantec
POPROXY.EXE | Symantec
pqibrowser.exe | Symantec
PQIBrowser.exe | Symantec
pqv2isvc.exe | Symantec
pxemtftp.exe | Symantec
pxeservice.exe | Symantec
qdcsfs.exe | Symantec
qserver.exe | Symantec
ReporterSvc.exe | Symantec
rnav.exe | Symantec
rtvscan.exe | Symantec
Rtvscan.exe | Symantec
RTVscan.exe | Symantec
SAVFMSESp.exe | Symantec
savroam.exe | Symantec
SavRoam.exe | Symantec
savscan.exe | Symantec
SAVScan.exe | Symantec
SavUI.exe | Symantec
sbserv.exe | Symantec
scanexplicit.exe | Symantec
SemSvc.exe | Symantec
SescLU.exe | Symantec
SEVINST.EXE | Symantec
SmcGui.exe | Symantec
SMSECtrl.exe | Symantec
SMSELog.exe | Symantec
SMSESJM.exe | Symantec
smsesp.exe | Symantec
SMSESp.exe | Symantec
SMSESrv.exe | Symantec
SMSETask.exe | Symantec
SMSEUI.exe | Symantec
sms.exe | Symantec
sndmon.exe | Symantec
SNDMon.exe | Symantec
sndsrvc.exe | Symantec
SNDSrvc.exe | Symantec
spbbcsvc.exe | Symantec
SPBBCSvc.exe | Symantec
symlcsvc.exe | Symantec
symproxysvc.exe | Symantec
symsport.exe | Symantec
SymSPort.exe | Symantec
symtray.exe | Symantec
symwsc.exe | Symantec
sysdoc32.exe | Symantec
UcService.exe | Symantec
updtnv28.exe | Symantec
urllstck.exe | Symantec
UrlLstCk.exe | Symantec
usrprmpt.exe | Symantec
UsrPrmpt.exe | Symantec
v2iconsole.exe | Symantec
vpc32.exe | Symantec
VPC32.exe | Symantec
VPDN_LU.exe | Symantec
vprosvc.exe | Symantec
wfxctl32.exe | Symantec
WFXCTL32.EXE | Symantec
wfxmod32.exe | Symantec
WFXMOD32.EXE | Symantec
wfxsnt40.exe | Symantec
WFXSNT40.EXE | Symantec
ccSvcHst.exe | Symantec Endpoint Protection
lucomserver.exe | Symantec LiveUpdate
SAVFMSELog.exe | Symantec Mail Security
SAVFMSESJM.exe | Symantec Mail Security
SAVFMSECTRL.exe | Symantec Mail Security
SAVFMSECTRL.exe | Symantec Mail Security
SAVFMSELog.exe | Symantec Mail Security
SAVFMSESJM.exe | Symantec Mail Security
SAVFMSESpamStatsManager.exe | Symantec Mail Security
SAVFMSESpamStatsManager.exe | Symantec Mail Security
SAVFMSESrv.exe | Symantec Mail Security
SAVFMSESrv.exe | Symantec Mail Security
SAVFMSETask.exe | Symantec Mail Security
SAVFMSETask.exe | Symantec Mail Security
SAVFMSEUI.exe | Symantec Mail Security
SAVFMSEUI.exe | Symantec Mail Security
SNAC.exe | Symantec Network Access Control
SNAC.EXE | Symantec Network Access List
smc.exe | Symantec (or possibly Sygate, check path)
SSM.exe | Symantec or Veritas Net Backup
reportsvc.exe | Symantec Reporting Service
vptray.exe | Symantec System Tray Icon
VPTray.exe | Symantec System Tray Icon
procexp.exe | Sysinternals Process Explorer
tdimon.exe | SysInternals TDI Monitor
TFun.exe | Threatfire
TFGui.exe | Threatfire GUI
TFService.exe | ThreatFire PSP
TFTray.exe | ThreatFire PSP
TIASPN~1.EXE | Traffic Inspector 2.0
Traflnsp.exe | Traffic Inspector 2.0
asupport.exe | TrendMicro
IsntSmtp.exe | TrendMicro
nSMDemf.exe | TrendMicro
nSMDmon.exe | TrendMicro
nSMDreal.exe | TrendMicro
nSMDsch.exe | TrendMicro
ofcdog.exe | TrendMicro
pccNT.exe | TrendMicro
PccNTUpd.exe | TrendMicro
pcctlcom.exe | TrendMicro
PcCtlCom.exe | TrendMicro
PcScnSrv.exe | TrendMicro
schupd.exe | TrendMicro
TmListen.exe | TrendMicro
Tmntsrv.exe | TrendMicro
tmpfw.exe | TrendMicro
TmPfw.exe | TrendMicro
tmproxy.exe | TrendMicro
tmas.exe | TrendMicro Anti-Spyware
EntityMain.exe | Trend Micro Control Manager
aphost.exe | TrendMicro Infrastructure
LWDMServer.exe | TrendMicro Infrastructure
mrf.exe | TrendMicro Infrastructure
COREFRAMEWORKHOST.EXE | Trend Micro Internet Security
CORESERVICESHELL.EXE | Trend Micro Internet Security
UISEAGNT.EXE | Trend Micro Internet Security
UIWATCHDOG.EXE | Trend Micro Internet Security
ISNTSysMonitor | TrendMicro InterScan System Monitor
CNTAoSMgr.exe | TrendMicro OfficeScan
ntrtscan.exe | TrendMicro OfficeScan
NTRtScan.exe | TrendMicro OfficeScan
ofcpfwsvc.exe | TrendMicro OfficeScan Personal Firewall
dwwin.exe | TrendMicro or DrWatson
patch.exe | TrendMicro PC-cillin
pccclient.exe | TrendMicro PC-cillin
pccguide.exe | TrendMicro PC-cillin
pcclient.exe | TrendMicro PC-cillin
pccnt.exe | TrendMicro PC-cillin
pccntmon.exe | TrendMicro PC-cillin
PccNTMon.exe | TrendMicro PC-cillin
pccntupd.exe | TrendMicro PC-cillin
pccpfw.exe | TrendMicro PC-cillin
pcscan.exe | TrendMicro PC-cillin
pntiomon.exe | TrendMicro PC-cillin
pop3pack.exe | TrendMicro PC-cillin
pop3trap.exe | TrendMicro PC-cillin
scanmailoutlook.exe | TrendMicro PC-cillin
ScanMailOutLook.exe | TrendMicro PC-cillin
smoutlookpack.exe | TrendMicro PC-cillin
smOutlookPack.exe | TrendMicro PC-cillin
tmlisten.exe | TrendMicro PC-cillin
tmntsrv.exe | TrendMicro PC-cillin
tmproxy.exe | TrendMicro PC-cillin
webtrapnt.exe | TrendMicro PC-cillin
OfcPfwSvc.exe | TrendMicro Personal Firewall
EUQMonitor.exe | TrendMicro ScanMail for Exchange
SMEX_ActiveUpda | TrendMicro ScanMail for Exchange
SMEX_Master.exe | TrendMicro ScanMail for Exchange
SMEX_RemoteConf | TrendMicro ScanMail for Exchange
SMEX_SystemWatc | TrendMicro ScanMail for Exchange
svcGenericHost | TrendMicro ScanMail for Exchange
spntsvc.exe | TrendMicro ServerProtect
SpntSvc.exe | TrendMicro ServerProtect
stopp.exe | TrendMicro ServerProtect
StOPP.exe | TrendMicro ServerProtect
stwatchdog.exe | TrendMicro ServerProtect
StWatchDog.exe | TrendMicro ServerProtect
USBGuard.exe | USB Disk Security
USBGuard.exe | USB Disk Security
UploadRecord.exe | USB thumb drive security
UploadRecord.exe | USB thumb drive security
SBAMSvc.exe | Vipre
vrvmail.exe | VRV Security Software
vrvmon.exe | VRV Security Software
vrvnet.exe | VRV Security Software
vrv.exe | VRV Security Software
WRSA.exe | Webroot SecureAnywhere
NetworkAgent.exe | Websense Web Security / Web Filter
NetworkAgent.exe | Websense Web Security / Web Filter
WebsenseControlService.exe | Websense Web Security / Web Filter
WebsenseControlService.exe | Websense Web Security / Web Filter
mpcmdrun.exe | Windows Defender
MpCmdRun.exe | Windows Defender
MSASCui.exe | Windows Defender
MsMpEng.exe | Windows Defender
msascui.exe | Windows Defender or Microsoft Forefront (Check Registry Keys)
msmpeng.exe | Windows Defender or Microsoft Forefront (Check Registry Keys)
MsPMSPSv.exe | Windows Media Device Manager Pre-Message Security Protocol Service
kb891711.exe | Windows Security Update
ZavAux.exe | Zillya Antivirus
ZavCore.exe | Zillya Antivirus
zillya.exe | Zillya Antivirus
zlclient.exe | ZoneAlarm
vsmon.exe | ZoneAlarm Component
ForceField.exe | ZoneAlarm ForceField
ISWMGR.exe | ZoneAlarm ForceField
zapro.exe | ZoneAlarm IDS
zonealarm.exe | ZoneAlarm IDS
mantispm.exe | ZoneAlarm Internet Security Suite 2007
mantispm.exe | ZoneAlarm Internet Security Suite 2007
 
Отлично! Спасибо большое! Оформите только пожалуйста в тег CODE что бы читаемо было, и если есть у кого-то еще может список процессов виртуалок дополнить чем из первого поста, был бы весьма признателен! 👍
 
Последнее редактирование:
C-подобный: 
Comodo sandbox: cmdvrt32.dll
Qihoo360Sandbox: SxIn.dll.dll; SbieDll.dll
WSandbox: \\\\.\\GLOBALROOT\\device\\vmsmb
 
[en]
Thats a very good topic, unfortunately. I don have suck a list, but I think you should consider other artifacts as for example kernel filter drivers, and other modules that is know to be an AV/EDR module. EDRs like crowdstrike have some proccesses for telemetry and some machine learning, but they can be not running even that the EDR is enabled. For someone trying to detect if those protection softwares are in place, it will be nice to check all modules (maybe with DriverQuery) and match against a list.

[ru]
К сожалению, это очень хорошая тема. У меня есть список, но я думаю, что вы должны рассмотреть другие артефакты как, например, драйверы фильтров ядра и другие модули, которые, как известно, являются модулем AV/EDR. EDR, такие как Crowdstrike, имеют некоторые перенаправления для телеметрии и некоторого машинного обучения, но они могут не работать даже в том, что EDR включен. Для кого -то, кто пытается обнаружить, если эти защитные программные обеспечения на месте, будет приятно проверить все модули (возможно, с DriverQuery) и сочетаться против списка.
 
докину еще
Код: 
MsSense.exe:Microsoft  Endpoint Detection and Response
 
Чтобы не использовать длинные списки имен файлов, достаточно вызывать на каждый процесс QueryFullProcessImageName для получения полного пути, а далее GetFileVersionInfo/VerQueryValue из version.dll для получения имени компании файла из VersionInfo. После этого сравнивать название компании например из такого списка:
trend micro,heimdal,tanium,malwarebytes,emsisoft,elastic,eset,carbonblack,mcafee,crowdstrike,cylance,fireeye,kaspersky,sentinelone,symantec,bitdefender,comodo,doctor web,f-secure,panda software,sophos,webroot,avast
 
Пожалуйста, обратите внимание, что пользователь заблокирован
Viktor3852 сказал(а):
Чтобы не использовать длинные списки имен файлов, достаточно вызывать на каждый процесс QueryFullProcessImageName для получения полного пути, а далее GetFileVersionInfo/VerQueryValue из version.dll для получения имени компании файла из VersionInfo
Ну да, но в зависимости от текущих прав доступа и конкретного антивируса, он информацию о версии прочитать может и не дать.
 

Allocated Filter Altitudes - Windows drivers

Lists file system filter altitudes allocated by Microsoft
learn.microsoft.com

GitHub - molangning/fire-av: Fire-AV is a collection of lists that you can use to block av providers and bad ips

Fire-AV is a collection of lists that you can use to block av providers and bad ips - molangning/fire-av
github.com

GitHub - Mr-Un1k0d3r/EDRs

Contribute to Mr-Un1k0d3r/EDRs development by creating an account on GitHub.
github.com

AvList/AvList.txt at master · AV1080p/AvList

Antivirus Process List. Contribute to AV1080p/AvList development by creating an account on GitHub.
github.com

TCHAR const* EDR_DRIVERS[] = {
/*
* FSFilter Anti-Virus - BEGIN
*/
// 360 Software (Beijing)
_T("360qpesv.sys"),
// 5nine Software Inc.
_T("5nine.cbt.sys"),
// Ahkun Co.
_T("AhkSvPro.sys"),
_T("AhkUsbFW.sys"),
_T("AhkAMFlt.sys"),
// Ahnlab
_T("V3MifiNt.sys"),
_T("V3Ift2k.sys"),
_T("V3IftmNt.sys"),
_T("ArfMonNt.sys"),
_T("AhnRghLh.sys"),
_T("AszFltNt.sys"),
_T("OMFltLh.sys"),
_T("V3Flu2k.sys"),
_T("AdcVcsNT.sys"),
// AhnLab Inc.
_T("TfFregNt.sys"),
// AhnLab, Inc.
_T("SMDrvNt.sys"),
_T("ATamptNt.sys"),
_T("V3Flt2k.sys"),
// Alwil
_T("aswmonflt.sys"),
// Anvisoft
_T("avfsmn.sys"),
// Arcdo
_T("ANVfsm.sys"),
_T("CDrRSFlt.sys"),
// Ashampoo GmbH & Co. KG
_T("AshAvScan.sys"),
// Australian Projects
_T("ZxFsFilt.sys"),
// Authentium
_T("avmf.sys"),
// AVG Grisoft
_T("avgmfx86.sys"),
_T("avgmfx64.sys"),
_T("avgmfi64.sys"),
_T("avgmfrs.sys"),
// Avira GmbH
_T("avgntflt.sys"),
// AVNOS
_T("kavnsi.sys"),
// AvSoft Technologies
_T("strapvista.sys"),
_T("strapvista64.sys"),
// AxBx
_T("vk_fsf.sys"),
// Baidu (beijing)
_T("BDFileDefend.sys"),
// Baidu (Hong Kong) Limited
_T("Bfilter.sys"),
// Baidu online network technology (beijing)Co.
_T("BDsdKit.sys"),
_T("bd0003.sys"),
// Beijing Kingsoft
_T("ksfsflt.sys"),
// Beijing Majorsec
_T("majoradvapi.sys"),
// Beijing Rising Information Technology Corporation Limited
_T("HookSys.sys"),
// Beijing Venus
_T("TxFileFilter.sys"),
_T("VTSysFlt.sys"),
// Binary Defense Systems
_T("Osiris.sys"),
// Bit9 Inc
_T("b9kernel.sys"),
// Bitdefender
_T("bdsvm.sys"),
// BitDefender SRL
_T("hbflt.sys"),
_T("vlflt.sys"),
_T("gzflt.sys"),
_T("bddevflt.sys"),
_T("ignis.sys"),
_T("AVCKF.SYS"),
_T("gemma.sys"),
_T("Atc.sys"),
_T("AVC3.SYS"),
_T("TRUFOS.SYS"),
// Bkav Corporation
_T("BkavAutoFlt.sys"),
_T("BkavSdFlt.sys"),
// BLACKFORT SECURITY
_T("bSyirmf.sys"),
_T("bSysp.sys"),
_T("bSydf.sys"),
_T("bSywl.sys"),
_T("bSyrtm.sys"),
_T("bSyaed.sys"),
_T("bSyar.sys"),
// BullGuard
_T("BdFileSpy.sys"),
// C-NetMedia Inc
_T("antispyfilter.sys"),
// CheckMAL Inc
_T("AppCheckD.sys"),
// Cheetah Mobile Inc.
_T("wdocsafe.sys"),
_T("lbprotect.sys"),
// Cisco Systems
_T("csaav.sys"),
_T("CiscoSAM.sys"),
_T("immunetselfprotect.sys"),
_T("immunetprotect.sys"),
_T("CiscoAMPCEFWDriver.sys"),
_T("CiscoAMPHeurDriver.sys"),
// CJSC Returnil Software
_T("rvsmon.sys"),
// CodeProof Technologies Inc
_T("CpAvFilter.sys"),
_T("CpAvKernel.sys"),
// Comodo Group Inc.
_T("cmdccav.sys"),
_T("cmdguard.sys"),
// Computer Assoc
_T("caavFltr.sys"),
_T("ino_fltr.sys"),
// ConeSecurity Inc
_T("CSFlt.sys"),
// Confluera Inc
_T("tbmninifilter.sys"),
// Coranti Inc.
_T("crnsysm.sys"),
_T("crncache32.sys"),
_T("crncache64.sys"),
// CoreTrace Corporation
_T("bouncer.sys"),
// CrowdStrike Ltd.
_T("csagent.sys"),
// Dakota State University
_T("EdnemFsFilter.sys"),
// Deep Instinct
_T("DeepInsFS.sys"),
// Deep Instinct Ltd.
_T("DeepInsFS.sys"),
// Digitalonnet
_T("ADSpiderDoc.sys"),
// Doctor Web
_T("drwebfwft.sys"),
_T("DwShield.sys"),
_T("DwShield64.sys"),
_T("dwprot.sys"),
// Doctor Web Ltd.
_T("Spiderg3.sys"),
// DriveSentry Inc
_T("drivesentryfilterdriver2lite.sys"),
// EasyAntiCheat Solutions
_T("easyanticheat.sys"),
// eEye Digital Security
_T("eeyehv.sys"),
_T("eeyehv64.sys"),
// Egnyte Inc
_T("egnfsflt.sys"),
// EMC
_T("ECATDriver.sys"),
// Emsi Software GmbH
_T("a2ertpx86.sys"),
_T("a2ertpx64.sys"),
_T("a2gffx86.sys"),
_T("a2gffx64.sys"),
_T("a2gffi64.sys"),
_T("a2acc.sys"),
_T("a2acc64.sys"),
// EnigmaSoft
_T("EnigmaFileMonDriver.sys"),
// ESET, spol. s r.o.
_T("eamonm.sys"),
// ESTsecurity Corp
_T("RSRtw.sys"),
_T("RSPCRtw.sys"),
// ESTsoft
_T("AYFilter.sys"),
_T("Rtw.sys"),
// ESTsoft corp.
_T("EstRkmon.sys"),
_T("EstRkr.sys"),
// ETRI
_T("vrSDetri.sys"),
_T("vrSDetrix.sys"),
// Everyzone
_T("TvMFltr.sys"),
// EveryZone Inc.
_T("IProtect.sys"),
// EveryZone INC.
_T("TvFiltr.sys"),
_T("TvDriver.sys"),
_T("TvSPFltr.sys"),
_T("TvPtFile.sys"),
// f-protect
_T("fpav_rtp.sys"),
// f-secure
_T("fsgk.sys"),
// Filseclab
_T("fildds.sys"),
// Fortinet Inc.
_T("FortiAptFilter.sys"),
_T("fortimon2.sys"),
_T("fortirmon.sys"),
_T("fortishield.sys"),
// Fujitsu Social Science
_T("wscm.sys"),
// FXSEC LTD
_T("pfkrnl.sys"),
// G Data
_T("HookCentre.sys"),
_T("PktIcpt.sys"),
_T("MiniIcpt.sys"),
// GAS Tecnologia
_T("GbpKm.sys"),
// Greatsoft Corp.Ltd
_T("vcdriv.sys"),
_T("vcreg.sys"),
_T("vchle.sys"),
// GRGBanking Equipment
_T("SECOne_USB.sys"),
_T("SECOne_Proc10.sys"),
_T("SECOne_REG10.sys"),
_T("SECOne_FileMon10.sys"),
// GridinSoft LLC
_T("gtkdrv.sys"),
// HAURI
_T("VrARnFlt.sys"),
_T("VrBBDFlt.sys"),
_T("vrSDfmx.sys"),
_T("vrSDam.sys"),
_T("VrAptDef.sys"),
_T("VrSdCore.sys"),
_T("VrFsFtM.sys"),
_T("VrFsFtMX.sys(AMD64)"),
_T("vradfil2.sys"),
// HAURI Inc.
_T("VRAPTFLT.sys"),
// Hidden Reflex
_T("epicFilter.sys"),
// Hitachi Solutions
_T("hsmltwhl.sys"),
_T("hssfwhl.sys"),
// HSM IT-Services Gmbh
_T("oavfm.sys"),
// Huorong Security
_T("sysdiag.sys"),
// IBM
_T("issregistry.sys"),
// IKARUS Security
_T("ntguard.sys"),
// Imperva Inc.
_T("mfdriver.sys"),
// INCA Internet Co.
_T("npxgd.sys"),
_T("npxgd64.sys"),
_T("tkpl2k.sys"),
_T("tkpl2k64.sys"),
_T("GKFF.sys"),
_T("GKFF64.sys"),
_T("tkdac2k.sys"),
_T("tkdacxp.sys"),
_T("tkdacxp64.sys"),
_T("tksp2k.sys"),
_T("tkspxp.sys"),
_T("tkspxp64.sys"),
// INCA Internet Co., Ltd
_T("tkfsft.sys"),
_T("tkfsft64.sys"),
_T("tkfsavxp.sys"),
_T("tkfsavxp64.sys"),
// Individual developer (Soft3304)
_T("AntiLeakFilter.sys"),
// IObit Information Tech
_T("IMFFilter.sys"),
// ISS
_T("issfltr.sys"),
// K7 Computing Private Ltd.
_T("K7Sentry.sys"),
// Kaspersky
_T("klbg.sys"),
_T("kldback.sys"),
_T("kldlinf.sys"),
_T("kldtool.sys"),
_T("klif.sys"),
// Kaspersky Lab
_T("klam.sys"),
_T("klif.sys"),
// KINGSOFT
_T("dgsafe.sys"),
// knowwheresoft Ltd
_T("securoFSD_x64.sys"),
// Komoku Inc.
_T("kmkuflt.sys"),
// Lavasoft AB
_T("lbd.sys"),
// Leith Bade
_T("cwdriver.sys"),
// Lenovo
_T("lnvscenter.sys"),
// Lightspeed Systems Inc.
_T("SAFsFilter.sys"),
// Malwarebytes Corp.
_T("FlightRecorder.sys"),
_T("mbam.sys"),
// MastedCode Ltd
_T("fsfilter.sys"),
// Max Secure Software
_T("MaxProc64.sys"),
_T("MaxProtector.sys"),
_T("maxcryptmon.sys"),
_T("SDActMon.sys"),
// McAfee Inc.
_T("epdrv.sys"),
_T("mfencoas.sys"),
_T("mfehidk.sys"),
_T("swin.sys"),
// Meidensha Corp
_T("WhiteShield.sys"),
// Microsoft
_T("WdFilter.sys"),
_T("mpFilter.sys"),
_T("SysmonDrv.sys"),
// MicroWorld Software Services Pvt. Ltd.
_T("mwfsmfltr.sys"),
// NeoAutus
_T("NeoKerbyFilter"),
// Netlor SAS
_T("KUBWKSP.sys"),
// NetSecurity Corp
_T("trfsfilter.sys"),
// NHN
_T("nsminflt.sys"),
_T("nsminflt64.sys"),
// Norman
_T("nvcmflt.sys"),
// Norman ASA
_T("nprosec.sys"),
_T("nregsec.sys"),
// Novatix Corporation
_T("NxFsMon.sys"),
// NPcore Ltd
_T("FileScan.sys"),
// Odyssey Cyber Security
_T("ODFsFimFilter.sys"),
_T("ODFsTokenFilter.sys"),
_T("ODFsFilter.sys"),
// OKUMA Corp
_T("ospfile_mini.sys"),
// OnMoon Company LLC
_T("acdrv.sys"),
// Palo Alto Networks
_T("CyvrFsfd.sys"),
// Panda Security
_T("PSINPROC.SYS"),
_T("PSINFILE.SYS"),
_T("amfsm.sys"),
_T("amm8660.sys"),
_T("amm6460.sys"),
// Panda Software
_T("NanoAVMF.sys"),
_T("shldflt.sys"),
// Panzor Cybersecurity
_T("pavdrv.sys"),
// Paretologic
_T("PLGFltr.sys"),
// PC Tools Pty. Ltd.
_T("PCTCore64.sys"),
_T("PCTCore.sys"),
_T("ikfilesec.sys"),
// Perfect World Co. Ltd
_T("PerfectWorldAntiCheatSys.sys"),
// PerfectWorld Ltd
_T("PWProtect.sys"),
// PerSystems SA
_T("pervac.sys"),
// Pooyan System
_T("RanPodFS.sys"),
// PWI, Inc.
_T("pwipf6.sys"),
// Qihoo 360
_T("dsark.sys"),
_T("360avflt.sys"),
// Quick Heal Technologies Pvt. Ltd.
_T("snsrflt.sys"),
_T("bdsflt.sys"),
_T("arwflt.sys"),
// Quick Heal TechnologiesPvt. Ltd.
_T("ggc.sys"),
_T("catflt.sys"),
// ReaQta Ltd.
_T("reaqtor.sys"),
// Redstor Limited
_T("RsFlt.sys"),
// refractionPOINT
_T("hcp_kernel_acq.sys"),
// REVE Antivirus
_T("ReveFltMgr.sys"),
_T("ReveProcProtection.sys"),
// S.N.Safe&Software
_T("snscore.sys"),
// Sangfor Technologies
_T("sfavflt.sys"),
// Savant Protection, Inc.
_T("savant.sys"),
// Scargo Inc
_T("si32_file.sys"),
_T("si64_file.sys"),
// SECUI Corporation
_T("sciptflt.sys"),
_T("scifsflt.sys"),
// SecuLution GmbH
_T("ssvhook.sys"),
// SecureAge Technology
_T("sascan.sys"),
// SecureBrain Corporation
_T("mscan-rt.sys"),
// SecureLink Inc.
_T("zwPxeSvr.sys"),
_T("zwASatom.sys"),
// Securitas Technologies,Inc.
_T("NovaShield.sys"),
// SecurityCoverage, Inc.
_T("SCFltr.sys"),
// Segira LLC
_T("SegiraFlt.sys"),
// Segurmatica
_T("SegMD.sys"),
_T("SegMP.sys"),
_T("SegF.sys"),
// Sequretek IT
_T("KawachFsMinifilter.sys"),
// SGA
_T("EPSMn.sys"),
// SGRI Co., LTD.
_T("vcMFilter.sys"),
// SheedSoft Ltd
_T("SheedAntivirusFilterDriver.sys"),
// Shenzhen Tencent Computer Systems Company Limited
_T("TSysCare.sys"),
_T("TFsFlt.sys"),
// Softwin
_T("bdfsfltr.sys"),
_T("bdfm.sys"),
// Sophos
_T("SophosED.sys"),
_T("SAVOnAccess.sys"),
_T("savonaccess.sys"),
_T("sld.sys"),
// SpellSecurity
_T("spellmon.sys"),
// Sybonic Systems Inc
_T("THFilter.sys"),
// symantec
_T("eeCtrl.sys"),
_T("eraser.sys"),
_T("SRTSP.sys"),
_T("SRTSPIT.sys"),
_T("SRTSP64.SYS"),
// Symantec
_T("VirtualAgent.sys"),
// Tall Emu
_T("OADevice.sys"),
// Technology Nexus AB
_T("SE46Filter.sys"),
// TEHTRI-Security
_T("egambit.sys"),
// Tencent
_T("TesMon.sys"),
_T("QQSysMonX64.sys"),
_T("QQSysMon.sys"),
// Teramind
_T("tmfsdrv2.sys"),
// TRAPMINE A.S.
_T("trpmnflt.sys"),
// Trend
_T("tmpreflt.sys"),
// Trend Micro Inc.
_T("TmKmSnsr.sys"),
_T("fileflt.sys"),
_T("TmEsFlt.sys"),
_T("TmEyes.sys"),
_T("tmevtmgr.sys"),
// Verdasys Inc
_T("STKrnl64.sys"),
// VisionPower Co.,Ltd.
_T("PZDrvXP.sys"),
// VMware, Inc.
_T("vsepflt.sys"),
_T("VFileFilter.sys(renamed)"),
// WardWiz
_T("WrdWizSecure64.sys"),
_T("wrdwizscanner.sys"),
// Webroot Inc.
_T("WRAEKernel.sys"),
_T("WRKrn.sys"),
_T("WRCore.sys"),
// Webroot Software, Inc.
_T("ssfmonm.sys"),
// White Cloud Security
_T("WCSDriver.sys"),
// WidgetNuri Corp
_T("SoftFilterxxx.sys"),
_T("RansomDefensexxx.sys"),
// WINS CO. LTD
_T("agentrtm64.sys"),
_T("rswmon.sys"),
// Yoggie
_T("UFDFilter.sys"),
// ZhengYong InfoTech LTD.
_T("Zyfm.sys"),
/*
* FSFilter Anti-Virus - END
*/
/*
* FSFilter Activity Monitor - BEGIN
*/
// (c)SMS
_T("isafermon"),
// 1mill
_T("FSMon.sys"),
// 360 Software (Beijing)
_T("AtdrAgent.sys"),
_T("AtdrAgent64.sys"),
_T("Qutmdrv.sys"),
// Absolute Software
_T("cbfsfilter2017.sys"),
// Acronis
_T("NgScan.sys"),
// Actifio Inc
_T("aaf.sys"),
// Adaptiva
_T("AdaptivaClientCache32.sys"),
_T("AdaptivaclientCache64.sys"),
// Adtrustmedia
_T("browserMon.sys"),
// AhnLab, Inc.
_T("VPDrvNt.sys"),
// AI Consulting
_T("aictracedrv_am.sys"),
// Airlock Digital Pty Ltd
_T("alcapture.sys"),
// AIRWare Technology Ltd
_T("airship-filter.sys"),
// Alfa
_T("AlfaFF.sys"),
// Aliaksander Lebiadzevich
_T("SDDrvLdr.sys"),
// AlphaAntiLeak
_T("AALProtect.sys"),
// ALPS SYSTEM INTERGRATION CO.
_T("ISIRMFmon.sys"),
// Altaro Ltd.
_T("altcbt.sys"),
// ALWIL Software
_T("aswFsBlk.sys"),
// Amazon Web Services Inc
_T("AmznMon.sys"),
// Analytik Jena AG
_T("ajfsprot.sys"),
// ApexSQL LLC
_T("ApexSqlFilterDriver.sys"),
// AppGuard LLC
_T("AGSysLock.sys"),
_T("AGSecLock.sys"),
// AppiXoft
_T("axfsysmon.sys"),
_T("scensemon.sys"),
// AppSense Ltd
_T("DataNow_Driver.sys"),
_T("UcaFltDriver.sys"),
// AppStream, Inc.
_T("rflog.sys"),
// ApSoft
_T("CwMem2k64.sys"),
// Aqua Security
_T("ContainerMonitor.sys"),
// Arcserve
_T("xoiv8x64.sys"),
// Arkoon Network Security
_T("heimdall.sys"),
// Ashampoo Development
_T("IFS64.sys"),
// AsiaInfo Technologies
_T("kFileFlt.sys"),
// Aternity Ltd
_T("AternityRegistryHook.sys"),
// Atlansys Software
_T("atflt.sys"),
_T("amfd.sys"),
// Avanite Limited
_T("AvaPsFD.sys"),
// Avast Software
_T("aswSP.sys"),
// AVG Technologies CZ
_T("avgtpx86.sys"),
_T("avgtpx64.sys"),
// Avira GmbH
_T("avipbb.sys"),
// AvSoft Technologies
_T("strapvista.sys"),
// Axact Pvt Ltd
_T("axfltdrv.sys"),
// Axur Information Sec.
_T("amsfilter.sys"),
// Backup Systems Ltd
_T("cbfltfs4.sys"),
// Baidu (beijing)
_T("BdRdFolder.sys"),
// Baidu (Hong Kong) Limited
_T("Bfmon.sys"),
// Baidu Online Network
_T("bdsysmon.sys"),
// Barkly Protects Inc.
_T("BOsCmFlt.sys"),
_T("BOsFsFltr.sys"),
// Basein Networks
_T("cbfsfilter2017.sys"),
// BattlEye Innovations
_T("BEDaisy.sys"),
// Beijing CA-JinChen Software Co.
_T("kfac.sys"),
// Beijing QiAnXin Tech.
_T("QmInspec.sys"),
// Beijing Qihoo Technology Co.
_T("360fsflt.sys"),
// Beijing Shu Yan Science
_T("GagSecurity.sys"),
// Beijing Zhong Hang Jiaxin Computer Technology Co.,Ltd.
_T("filefilter.sys"),
// Best Security
_T("rpwatcher.sys"),
// BeyondTrust Inc.
_T("BlackbirdFSA.sys"),
// BicDroid Inc.
_T("QDocumentREF.sys"),
// Bit9 Inc.
_T("CarbonBlackK.sys"),
// BitArmor Systems, Inc
_T("bapfecpt.sys"),
_T("bamfltr.sys"),
// Bitdefender SRL
_T("edrsensor.sys"),
_T("bdprivmon.sys"),
// bitFence Inc.
_T("bfaccess.sys"),
// BiZone LLC
_T("bzsenyaradrv.sys"),
_T("bzsenspdrv.sys"),
_T("bzsenth.sys"),
// Blue Ridge Networks
_T("BrnFileLock.sys"),
_T("BrnSecLock.sys"),
// Bluzen Inc
_T("ipcomfltr.sys"),
// Broadcom
_T("symevnt.sys"),
_T("symevnt32.sys"),
// Bromium Inc
_T("brfilter.sys"),
_T("BrCow_x_x_x_x.sys"),
_T("BemK.sys"),
// ByStorm
_T("BssAudit.sys"),
// C-DAC Hyderabad
_T("pecfilter.sys"),
// CA
_T("xomfcbt8x64.sys"),
_T("KmxAgent.sys"),
_T("KmxFile.sys"),
_T("KmxSbx.sys"),
// Carbonite Inc
_T("MozyNextFilter.sys"),
_T("MozyCorpFilter.sys"),
_T("MozyEntFilter.sys"),
_T("MozyOEMFilter.sys"),
_T("MozyEnterpriseFilter.sys"),
_T("MozyProFilter.sys"),
_T("MozyHomeFilter.sys"),
_T("BDSFilter.sys"),
_T("CSBFilter.sys"),
// cEncrypt
_T("dsflt.sys"),
// Centennial Software Ltd
_T("msiodrv4.sys"),
// Centre for Development of Advanced Computing
_T("USBPDH.SYS"),
// Centrify Corp
_T("CentrifyFSF.sys"),
// Certero
_T("cmflt.sys"),
// Chaewool
_T("cFSfdrv"),
// Check Point Software
_T("epregflt.sys"),
_T("epklib.sys"),
// Checkpoint Software
_T("cpepmon.sys"),
// ChemoMetec
_T("ChemometecFilter.sys"),
// Cigent Technology Inc
_T("Spotlight.sys"),
// Cigital, Inc.
_T("fmdrive.sys"),
// Cisco Systems
_T("csaam.sys"),
// Citrix Systems
_T("srminifilterdrv.sys"),
// Clonix Co
_T("rsfdrv.sys"),
// Clumio Inc
_T("ClumioChangeBlockMf.sys"),
// Code42
_T("Code42Filter.sys"),
// ColorTokens
_T("FFDriver.sys"),
// Comae Tech
_T("windd.sys"),
// CommVault Systems, Inc.
_T("CVCBT.sys"),
// Comodo Security Solutions Inc.
_T("CmdCwagt.sys"),
_T("cfrmd.sys"),
// ComTrade
_T("ctamflt.sys"),
// Comtrue Technology
_T("shdlpSf.sys"),
_T("ctrPAMon.sys"),
_T("shdlpMedia.sys"),
// Conduant Corporation
_T("ConduantFSFltr.sys"),
// Condusiv Technologies
_T("hiofs.sys"),
// CondusivTechnologies
_T("vintmfs.sys"),
_T("intmfs.sys"),
_T("excfs.sys"),
// Confio
_T("IridiumSwitch.sys"),
// CONNECT SHIFT LTD
_T("DTPL.sys"),
// CoSoSys
_T("cssdlp.sys"),
// Crawler Group
_T("tbrdrv.sys"),
// Credant Technologies
_T("XendowFLT.sys"),
// CristaLink
_T("mtsvcdf.sys"),
// CRU Data Security Group
_T("CdsgFsFilter.sys"),
// CyberArk Software
_T("vfpd.sys"),
_T("CybKernelTracker.sys"),
// CyberSight Inc
_T("csmon.sys"),
// Cygna Labs
_T("FileMonitor.sys"),
// Cylance Inc.
_T("CyOptics.sys"),
_T("CyProtectDrv32.sys"),
_T("CyProtectDrv64.sys"),
// Cytrence Inc
_T("cytmon.sys"),
// Datacloak Tech
_T("dcfsgrd.sys"),
// DataGravity Inc.
_T("dgfilter.sys"),
// Datto Inc
_T("DattoFSF.sys"),
// Dell Secureworks
_T("groundling32.sys"),
_T("groundling64.sys"),
// Dell Software Inc.
_T("DgeDriver.sys"),
// DELL Technologies
_T("DTDSel.sys"),
// Dell Technologies
_T("NWEDriver.sys"),
// derivo GmbH
_T("bbfilter.sys"),
// Digitalsense Co
_T("dsfltfs.sys"),
// Diskeeper Corporation
_T("nowonmf.sys"),
_T("dktlfsmf.sys"),
_T("DKDrv.sys"),
_T("DKRtWrt.sys"),
_T("HBFSFltr.sys"),
// Dmitry Stefankov
_T("WinTeonMiniFilter.sys"),
_T("wiper.sys"),
_T("DevMonMiniFilter.sys"),
// Doctor Web
_T("Drwebfwflt.sys"),
_T("EventMon.sys"),
// Douzone Bizon Co
_T("rswctrl.sys"),
_T("mcstrg.sys"),
_T("fmkkc.sys"),
_T("nmlhssrv01.sys"),
// DreamCrafts
_T("SaMFlt.sys"),
// Dtex Systems
_T("dnaFSMonitor.sys"),
// EaseVault Technologies Inc.
_T("EaseFlt.sys"),
// Egis Technology Inc.
_T("eLock2FSCTLDriver.sys"),
// Egnyte Inc
_T("egnfsflt.sys"),
// eIQnetworks Inc.
_T("FIM.sys"),
// Elex Tech Inc
_T("iSafeKrnl.sys"),
_T("iSafeKrnlMon.sys"),
// eMingSoftware Inc
_T("NetPeeker.sys"),
// Encourage Technologies
_T("asiofms.sys"),
// Enterprise Data Solutions, Inc.
_T("edsigk.sys"),
// Entrust Inc.
_T("eetd32.sys"),
_T("eetd64.sys"),
// ESET, spol. s r.o.
_T("ehdrv.sys"),
// ESTsoft corp.
_T("EstPrmon.sys"),
_T("Estprp.sys"),
_T("EstRegmon.sys"),
_T("EstRegp.sys"),
// F-Secure
_T("fshs.sys"),
_T("fsatp.sys"),
// Faronics Corporation
_T("AeFilter.sys"),
// FastTrack Software ApS
_T("AbrPmon.sys"),
// FFC Limited
_T("FFCFILT.SYS"),
// FileTek, Inc.
_T("TrustedEdgeFfd.sys"),
// FireEye Inc
_T("WFP_MRT.sys"),
// FireEye Inc.
_T("FeKern.sys"),
// Fitsec Ltd
_T("kconv.sys"),
_T("trace.sys"),
_T("SandDriver.sys"),
// Flexera Software Inc.
_T("ISRegFlt.sys"),
_T("ISRegFlt64.sys"),
// ForcePoint LLC.
_T("fpepflt.sys"),
// Fujian Shen Kong
_T("wats_se.sys"),
// FUJITSU ENGINEERING
_T("ibr2fsk.sys"),
// FUJITSU LIMITED
_T("FJGSDis2.sys"),
_T("FJSeparettiFilterRedirect.sys"),
_T("Fsw31rj1.sys"),
_T("da_ctl.sys"),
// FUJITSU SOCIAL SCIENCE
_T("secure_os.sys"),
// FUJITSU SOFTWARE
_T("PsAcFileAccessFilter.sys"),
// Fusion-io
_T("fiometer.sys"),
_T("dcSnapRestore.sys"),
// Futuresoft
_T("PointGuardVistaR32.sys"),
_T("PointGuardVistaR64.sys"),
_T("PointGuardVistaF.sys"),
_T("PointGuardVista64F.sys"),
// G Data Software AG
_T("gddcv.sys"),
// GameHi Co.
_T("Codex.sys"),
// GemacmbH
_T("GcfFilter.sys"),
// Glarysoft Ltd.
_T("GUMHFilter.sys"),
// Google, Inc.
_T("MRxGoogle.sys"),
// Gorizonty Rosta Ltd
_T("GoFSMF.sys"),
// GrammaTech, Inc.
_T("drvhookcsmf.sys"),
_T("drvhookcsmf_amd64.sys"),
// Group-IB LTD
_T("gibepcore.sys"),
// HA Unix Pt
_T("hafsnk.sys"),
// Hangzhou Yifangyun
_T("fangcloud_autolock_driver.sys"),
// HAURI
_T("secure_os_mf.sys"),
// Hauri Inc
_T("VrVBRFsFilter.sys"),
_T("VrExpDrv.sys"),
// HAVELSAN A.
_T("HVLMinifilter.sys"),
// HEAT Software
_T("SK.sys"),
// Heilig Defense LLC
_T("HDRansomOffDrv.sys"),
_T("HDCorrelateFDrv.sys"),
_T("HDFileMon.sys"),
// HeroBravo Technology
_T("sysdiag.sys"),
// Hexis Cyber Solutions
_T("HexisFSMonitor.sys"),
// HFN Inc.
_T("RGNT.sys"),
// Hitachi Solutions
_T("hsmltmon.sys"),
// Honeycomb Technologies
_T("dskmn.sys"),
// HP
_T("hpreg.sys"),
// i-Guard SAS
_T("iGuard.sys"),
// I-O DATA DEVICE
_T("sConnect.sys"),
// IBM
_T("NmpFilter.sys"),
_T("FsMonitor.sys"),
// Idera
_T("IderaFilterDriver.sys"),
// Idera Software
_T("SQLsafeFilterDriver.sys"),
// IGLOO SECURITY, Inc.
_T("kmNWCH.sys"),
// IKARUS Security
_T("Sonar.sys"),
// Immidio B.V.
_T("immflex.sys"),
// in-soft Kft.
_T("LmDriver.sys"),
// INCA Internet Co.
_T("GKPFCB.sys"),
_T("GKPFCB64.sys"),
// INCA Internet Co.,Ltd.
_T("TkPcFtCb.sys"),
_T("TkPcFtCb64.sys"),
// Industrial Technology
_T("icrlmonitor.sys"),
// InfoCage
_T("IccFilterSc.sys"),
// Informzaschita
_T("SnDacs.sys"),
_T("SnExequota.sys"),
// Infotecs
_T("filenamevalidator.sys"),
_T("KC3.sys"),
// InfoWatch
_T("iwhlp2.sys"),
_T("iwhlpxp.sys"),
_T("iwhlp.sys"),
_T("iwdmfs.sys"),
// Initech Inc.
_T("INISBDrv64.sys"),
// Int3 Software AB
_T("equ8_helper.sys"),
// Intel Corporation
_T("ielcp.sys"),
_T("IESlp.sys"),
_T("IntelCAS.sys"),
// Intercom Inc.
_T("tsifilemon.sys"),
_T("MarSpy.sys"),
// Interset Inc.
_T("WDCFilter.sys"),
// Intronis Inc
_T("VHDTrack.sys"),
// Invincea
_T("InvProtectDrv.sys"),
_T("InvProtectDrv64.sys"),
// Ionx Solutions LLP
_T("AuditFlt.sys"),
// ioScience
_T("iothorfs.sys"),
// iSecure Ltd.
_T("isecureflt.sys"),
// ITsMine
_T("imfilter.sys"),
// ITSTATION Inc
_T("aUpDrv.sys"),
// Ivanti
_T("IvAppMon.sys"),
// J's Communication Co.
_T("RevoNetDriver.sys"),
// Jinfengshuntai
_T("IPFilter.sys"),
// JiranData Co. Ltd
_T("JDPPWF.sys"),
_T("JDPPSF.sys"),
// Jiransoft Co., Ltd
_T("offsm.sys"),
_T("xkfsfd.sys"),
_T("JKPPOB.sys"),
_T("JKPPXK.sys"),
_T("JKPPPF.sys"),
_T("JKPPOK.sys"),
_T("pcpifd.sys"),
// k4solution Co.
_T("zsfprt.sys"),
// Kalpataru
_T("GPMiniFIlter.sys"),
// Kaspersky Lab
_T("klboot.sys"),
_T("klfdefsf.sys"),
_T("klrsps.sys"),
_T("klsnsr.sys"),
_T("klifks.sys"),
_T("klifaa.sys"),
_T("Klifsm.sys"),
// KEBA AG
_T("KeWF.sys"),
// Kenubi
_T("boxifier.sys"),
// Keysight Technologies
_T("KtFSFilter.sys"),
// kingsoft
_T("Kisknl.sys"),
// Kits Ltd.
_T("cbfsfilter2017.sys"),
// KnowledgeTree Inc.
_T("ktsyncfsflt.sys"),
// Koby Kahane
_T("NpEtw.sys"),
// Ladislav Zezula
_T("MSpy.sys"),
// LANDESK Software
_T("LDSecDrv.sys"),
// Lenovo Beijing
_T("slb_guard.sys"),
_T("lrtp.sys"),
// LINK co.
_T("NetAccCtrl.sys"),
_T("NetAccCtrl64.sys"),
// Livedrive Internet Ltd
_T("LivedriveFilter.sys"),
// Logichron Inc
_T("CatMF.sys"),
// LogRhythm Inc.
_T("LRAgentMF.sys"),
// Lovelace Network Tech
_T("MPKernel.sys"),
// Lumension
_T("eps.sys"),
// Magic Softworks, Inc.
_T("MagicBackupMonitor.sys"),
// magrasoft Ltd
_T("zqFilter.sys"),
// MailRu
_T("mracdrv.sys"),
// Malwarebytes
_T("mbamshuriken.sys"),
// Man Technology Inc
_T("bsrfsflt.sys"),
_T("fsrfilter.sys"),
_T("vollock.sys"),
_T("drbdlock.sys"),
// ManageEngine Zoho
_T("DFMFilter.sys"),
_T("DCFAFilter.sys"),
_T("RMPHVMonitor.sys"),
_T("FAPMonitor.sys"),
_T("MEARWFltDriver.sys"),
// ManTech
_T("topdogfsfilt.sys"),
// March Hare Software Ltd
_T("evscase.sys"),
_T("inuse.sys"),
_T("cvsflt.sys"),
// McAfee
_T("mfencfilter.sys"),
// McAfee Inc.
_T("mfeaskm.sys"),
// Micro Focus
_T("FilrDriver.sys"),
// Microsoft
_T("DhWatchdog.sys"),
_T("mssecflt.sys"),
_T("Backupreader.sys"),
_T("MsixPackagingToolMonitor.sys"),
_T("AppVMon.sys"),
_T("DpmFilter.sys"),
_T("Procmon11.sys"),
_T("minispy.sys"),
_T("fdrtrace.sys"),
_T("filetrace.sys"),
_T("uwfreg.sys"),
_T("uwfs.sys"),
_T("locksmith.sys"),
_T("winload.sys"),
_T("CbSampleDrv.sys"),
_T("simrep.sys"),
_T("change.sys"),
_T("delete_flt.sys"),
_T("SmbResilFilter.sys"),
_T("usbtest.sys"),
_T("NameChanger.sys"),
_T("failMount.sys"),
_T("failAttach.sys"),
_T("stest.sys"),
_T("cdo.sys"),
_T("ctx.sys"),
_T("fmm.sys"),
_T("cancelSafe.sys"),
_T("message.sys"),
_T("passThrough.sys"),
_T("nullFilter.sys"),
_T("ntest.sys"),
_T("iiscache.sys"),
_T("wrpfv.sys"),
_T("msnfsflt.sys"),
// Mobile Content Mgmt
_T("cbfsfilter2017.sys"),
// MRY Inc.
_T("drsfile.sys"),
// NanJing Geomarking
_T("MagicProtect.sys"),
_T("cbfsfilter2017.sys"),
_T("cbfsfilter2020.sys"),
// NEC Corporation
_T("UVMCIFSF.sys"),
// NEC Soft
_T("flyfs.sys"),
_T("serfs.sys"),
_T("hdrfs.sys"),
// NEC System Technologies
_T("IccFilterAudit.sys"),
// NEC System Technologies,Ltd.
_T("ICFClientFlt.sys"),
_T("IccFileIoAd.sys"),
// Neowiz Corporation
_T("MWatcher.sys"),
// NetIQ
_T("CGWMF.sys"),
// NetLib
_T("nlcbhelpx86.sys"),
_T("nlcbhelpx64.sys"),
_T("nlcbhelpi64.sys"),
// NetVision, Inc.
_T("nvmon.sys"),
// Network Appliance
_T("flashaccelfs.sys"),
_T("changelog.sys"),
// NetworkProfi Ltd
_T("laFS.sys"),
// New Net Technologies Limited
_T("NNTInfo.sys"),
// NewSoftwares.net,Inc.
_T("WinFLAHdrv.sys"),
_T("WinFLAdrv.sys"),
_T("WinDBdrv.sys"),
_T("WinFLdrv.sys"),
_T("WinFPdrv.sys"),
// NEXON KOREA
_T("BlackCat.sys"),
// NextLabs
_T("nxrmflt.sys"),
// Niriva LLC
_T("VHDDelta.sys"),
_T("FSTrace.sys"),
// Nomadesk
_T("cbfltfs4.sys"),
// Novell
_T("zesfsmf.sys"),
// NTP Software
_T("ntps_fa.sys"),
// Nurd Yazilim A.S.
_T("edrdrv.sys"),
// NURILAB
_T("pfracdrv.sys"),
_T("nrcomgrdki.sys"),
_T("nrcomgrdka.sys"),
_T("nrpmonki.sys"),
_T("nrpmonka.sys"),
_T("nravwka.sys"),
_T("bhkavki.sys"),
_T("bhkavka.sys"),
_T("docvmonk.sys"),
_T("docvmonk64.sys"),
// NVELO Inc.
_T("SamsungRapidFSFltr.sys"),
// OCZ Storage
_T("OczMiniFilter.sys"),
// OnGuard Systems LLC
_T("NlxFF.sys"),
// OpenText Corp
_T("enmon.sys"),
// OPSWAT Inc.
_T("libwamf.sys"),
// ORANGE WERKS Inc
_T("wgfile.sys"),
// PA File Sight
_T("FileSightMF.sys"),
// Packeteer
_T("mblmon.sys"),
// Palo Alto Networks
_T("tedrdrv.sys"),
// PHD Virtual Tech Inc.
_T("phdcbtdrv.sys"),
// PJSC KP VTI
_T("RW7FsFlt.sys"),
// PolyLogyx LLC
_T("vast.sys"),
// Positive Technologies
_T("mpxmon.sys"),
// Protected Networks
_T("minitrc.sys"),
// Qihoo 360
_T("360box.sys"),
// Qingdao Ruanmei Network Technology Co.
_T("RMDiskMon.sys"),
_T("diskactmon.sys"),
// Quality Corporation
_T("qfmon.sys"),
// Qualys Inc.
_T("QMON.sys"),
_T("qfimdvr.sys"),
// Quantum Corporation.
_T("cvofflineFlt32.sys"),
_T("cvofflineFlt64.sys"),
// Quest Software
_T("QFAPFlt.sys"),
// Quest Software Inc.
_T("BWFSDrv.sys"),
_T("CAADFlt.sys"),
// Quick Heal Technologies Pvt. Ltd.
_T("sieflt.sys"),
_T("cssdlp.sys"),
_T("fam.sys"),
// Quorum Labs
_T("qfilter.sys"),
// Rackware
_T("rwchangedrv.sys"),
// Redstor Limited
_T("RsFlt.sys"),
// RES Software
_T("FileGuard.sys"),
_T("NetGuard.sys"),
_T("RegGuard.sys"),
_T("ImgGuard.sys"),
_T("AppGuard.sys"),
// Resplendence Software Projects
_T("mmPsy32.sys"),
_T("mmPsy64.sys"),
_T("rrMon32.sys"),
_T("rrMon64.sys"),
// rhipe Australia Pty
_T("SeRdr.sys"),
// Rubrik Inc
_T("RubrikFileAudit.sys"),
_T("FileSystemCBT.sys"),
// rubysoft
_T("IronGateFD.sys"),
// RuiGuard Ltd
_T("RuiMinispy.sys"),
_T("RuiFileAccess.sys"),
_T("RuiEye.sys"),
_T("RuiMachine.sys"),
_T("RuiDiskFs.sys"),
// RUNEXY
_T("ruaff.sys"),
_T("mlsaff.sys"),
// SAFE-Cyberdefense
_T("SAFE-Agent.sys"),
// Safend
_T("Sahara.sys"),
_T("Santa.sys"),
// SaferZone Co.
_T("SZEDRDrv.sys"),
_T("szardrv.sys"),
_T("szpcmdrv.sys"),
_T("szdfmdrv.sys"),
_T("szdfmdrv_usb.sys"),
_T("sprtdrv.sys"),
// Samsung SDS Ltd
_T("SGResFlt.sys"),
// SanDisk Inc.
_T("fiopolicyfilter.sys"),
// Sandoll Communication
_T("SfdFilter.sys"),
// SC ODEKIN SOLUTIONS SRL
_T("ospmon.sys"),
// Scalable Software Inc.
_T("PkgFilter.sys"),
// ScriptLogic
_T("FSAFilter.sys"),
// Secdo
_T("SecdoDriver.sys"),
// SecureAxis
_T("usbl_ifsfltr.sys"),
// SecureAxis Software
_T("llfilter.sys"),
// Secured Globe Inc.
_T("fltRs329.sys"),
// SecureLink Inc.
_T("CBFSFilter2017.sys"),
// Security Code LLC
_T("ScAuthFSFlt.sys"),
_T("ScAuthIoDrv.sys"),
// SentinelOne
_T("SentinelMonitor.sys"),
// Sevtechnotrans
_T("uamflt.sys"),
// Shanghai YiCun Network Tech Co. Ltd
_T("AccessValidator.sys"),
// SharpCrafters
_T("psisolator.sys"),
// SheedSoft Ltd
_T("SheedSelfProtection.sys"),
// SheedSoft Ltd.
_T("arta.sys"),
// Shenzhen CloudRiver
_T("CrUnCopy.sys"),
// SHENZHEN UNNOO Information Techco.
_T("RyGuard.sys"),
_T("FileShareMon.sys"),
_T("ryfilter.sys"),
// Shenzhen Unnoo LTD
_T("secufile.sys"),
_T("XiaobaiFs.sys"),
_T("XiaobaiFsR.sys"),
// ShinNihonSystec Co
_T("sagntflt.sys"),
// Simopro Technology
_T("CbFltFs4.sys"),
// SK Infosec Co
_T("PLPOffDrv.sys"),
_T("ISFPDrv.sys"),
_T("ionmonwdrv.sys"),
// Sky Co., LTD.
_T("SkyRGDrv.sys"),
_T("SkyAMDrv.sys"),
// Sky Co.,Ltd.
_T("SkyWPDrv.sys"),
// SmartFile LLC
_T("FileHubAgent.sys"),
// SMTechnology Co.
_T("storagedrv.sys"),
// SN Systems Ltd
_T("cbfilter20.sys"),
_T("cbfsfilter2017.sys"),
// SnoopWall LLC
_T("SWCommFltr.sys"),
// SODATSW
_T("sodatpfl.sys"),
// SODATSW spol. s r.o.
_T("sodatpfl.sys"),
_T("fcontrol.sys"),
// SoftCamp Co.
_T("scred.sys"),
// Softnext Technologies
_T("snimg.sys"),
// SoftPerfect Research
_T("fsnk.sys"),
// Software Pursuits Inc.
_T("SPIMiniFilter.sys"),
// Sogou Ltd.
_T("SCAegis.sys"),
// Solarwinds LLC
_T("SWFsFltrv2.sys"),
_T("SWFsFltr.sys"),
// Soliton Systems
_T("it2reg.sys"),
_T("it2drv.sys"),
_T("solitkm.sys"),
// Soliton Systems K.K.
_T("SDVFilter.sys"),
// Solusseum Inc
_T("Sefo.sys"),
// Soluto LTD
_T("PDGenFam.sys"),
// Somma Inc
_T("MonsterK.sys"),
// SonicWall Inc
_T("SFPMonitor.sys"),
// Sophos
_T("SophosED.sys"),
// Sophos Plc
_T("soidriver.sys"),
// SoulFrost
_T("sfac.sys"),
// SPEKNET EOOD
_T("Asgard.sys"),
// Spharsoft Technologies
_T("SvCBT.sys"),
// Squadra Technologies
_T("secRMM.sys"),
// Stegosystems Inc
_T("StegoProtect.sys"),
// StorageCraft Tech
_T("stcvsm.sys"),
// Stormshield
_T("EsProbe.sys"),
// Sumitomo Electric Ltd.
_T("MCFileMon64.sys"),
_T("MCFileMon32.sys"),
// Sun&Moon Rise
_T("ntfsf.sys"),
// Symantec
_T("pgpwdefs.sys"),
_T("GEProtection.sys"),
_T("sysMon.sys"),
_T("ssrfsf.sys"),
_T("emxdrv2.sys"),
_T("reghook.sys"),
_T("spbbcdrv.sys"),
_T("bhdrvx86.sys"),
_T("bhdrvx64.sys"),
_T("SISIPSFileFilter"),
_T("symevent.sys"),
// Symantec Corp.
_T("diflt.sys"),
// Syncopate
_T("thetta.sys"),
// Systemneeds, Inc
_T("Snilog.sys"),
// TaaSera Inc.
_T("AwareCore.sys"),
// Tanium
_T("TaniumRecorderDrv.sys"),
// TCXA Ltd.
_T("fcnotify.sys"),
// Tech Research
_T("FASDriver"),
// TechnoKom Ltd.
_T("agfsmon.sys"),
// Telefnica Digital
_T("path8flt.sys"),
// Temasoft S.R.L.
_T("filemon.sys"),
// Tencent (Shenzhen)
_T("QQProtect.sys"),
_T("QQProtectX64.sys"),
// Tencent Technology
_T("TenRSafe2.sys"),
_T("tesxporter.sys"),
_T("tesxnginx.sys"),
// Tetraglyph Technologies
_T("TGFSMF.sys"),
// ThinAir Labs Inc
_T("taobserveflt.sys"),
// ThinScale Tech
_T("TSTFsReDir.sys"),
_T("TSTRegReDir.sys"),
_T("TSTFilter.sys"),
// Third Brigade
_T("tbfsfilt.sys"),
// Threat Stack
_T("ThreatStackFIM.sys"),
// Tiversa Inc
_T("tss.sys"),
// Topology Ltd
_T("dsfemon.sys"),
// Tranxition Corp
_T("regmonex.sys"),
_T("TXRegMon.sys"),
// Trend Micro Inc.
_T("TMUMS.sys"),
_T("hfileflt.sys"),
_T("TMUMH.sys"),
// Trend Micro, Inc.
_T("AcDriver.sys"),
_T("SakFile.sys"),
_T("SakMFile.sys"),
// Tritium Inc.
_T("Tritiumfltr.sys"),
// Trustware Ltd
_T("Redlight.sys"),
// Trustwave
_T("TWBDCFilter.sys"),
// UpGuard
_T("UpGuardRealTime.sys"),
// Varlook Ltd.
_T("varpffmon.sys"),
// Varonis Ltd
_T("VrnsFilter.sys"),
// Veramine Inc
_T("phantomd.sys"),
// Vidder Inc.
_T("vidderfs.sys"),
// Viewfinity
_T("vfdrv.sys"),
// Vision Solutions
_T("repdrv.sys"),
_T("repmon.sys"),
// VMware, Inc.
_T("VMWVvpfsd.sys"),
_T("RTOLogon.sys"),
// VoodooSoft
_T("VSScanner.sys"),
// WaikatoLink Ltd
_T("proggerdriver.sys"),
// WardWiz
_T("WRDWIZFILEPROT.SYS"),
_T("WRDWIZREGPROT.SYS"),
// Warp Disk Software
_T("DsDriver.sys"),
// Weing Co.,Ltd.
_T("pscff.sys"),
// Wellbia.com
_T("xhunter64.sys"),
_T("uncheater.sys"),
// Wellbiacom
_T("xhunter1.sys"),
// Whitebox Security
_T("wbfilter.sys"),
// WhiteCell Software Inc.
_T("EGMinFlt.sys"),
// WidgetNuri Corp
_T("wsafefilter.sys"),
_T("RansomDetect.sys"),
// Winicssec Ltd
_T("wlminisecmod.sys"),
_T("WntGPDrv.sys"),
// X-Cloud Systems
_T("xcpl.sys"),
// Xacti
_T("stflt.sys"),
// Yahoo Japan Corporation
_T("YahooStorage.sys"),
// Yandex LLC
_T("bmregdrv.sys"),
_T("bmfsdrv.sys"),
// YATEM Co. Ltd.
_T("LCmPrintMon.sys"),
_T("LCgAdMon.sys"),
_T("LCmAdMon.sys"),
_T("LCgFileMon.sys"),
_T("LCmFile.sys"),
_T("LCgFile.sys"),
_T("LCmFileMon.sys"),
// Yokogawa Corpration
_T("YFSD2.sys"),
// Yokogawa R&L Corp
_T("YFSDR.SYS"),
_T("YFSD.SYS"),
_T("YFSRD.sys"),
_T("psgfoctrl.sys"),
_T("psgdflt.sys"),
// Zampit
_T("zampit_ml.sys"),
// ZenmuTech Inc.
_T("mumdi.sys"),
// Zhuan Zhuan Jing Shen
_T("zzpensys.sys"),
// ZoneFox
_T("KernelAgent32.sys"),
/*
* FSFilter Activity Monitor - END
*/
/*
* Invoke-EDRCheck.ps1 - BEGIN
* Duplicates from previous source are removed.
*/
// Altiris Symantec
_T("atrsdfw.sys"),
// Avast
_T("naswSP.sys"),
// Carbon Black
_T("CbELAM.sys"),
_T("ctifile.sys"),
_T("ctinet.sys"),
_T("parity.sys"),
// Cisco
_T("csacentr.sys"),
_T("csaenh.sys"),
_T("csareg.sys"),
_T("csascr.sys"),
// CJSC Returnil Software
_T("rvsavd.sys"),
// Comodo Security
_T("CmdMnEfs.sys"),
_T("MyDLPMF.sys"),
// CrowdStrike
_T("im.sys"),
_T("CSDeviceControl.sys"),
_T("CSFirmwareAnalysis.sys"),
// Cybereason
_T("CRExecPrev.sys"),
// Endgame
_T("esensor.sys"),
// ESET
_T("edevmon.sys"),
// F-Secure
_T("xfsgk.sys"),
// Malwarebytes
_T("mbamwatchdog.sys"),
// Microsoft Defender
_T("MpKslDrv.sys"),
// Palo Alto Networks - Cortex XDR
_T("cyverak.sys"),
_T("cyvrlpc.sys"),
_T("cyvrmtgn.sys"),
_T("tdevflt.sys"),
// Raytheon Cyber Solutions
_T("eaw.sys"),
// Symantec
_T("vxfsrep.sys"),
_T("VirtFile.sys"),
_T("SymAFR.sys"),
_T("symefasi.sys"),
_T("symefa.sys"),
_T("symefa64.sys"),
_T("SymHsm.sys"),
_T("evmf.sys"),
_T("GEFCMP.sys"),
_T("VFSEnc.sys"),
_T("pgpfs.sys"),
_T("fencry.sys"),
_T("symrg.sys"),
// Verdasys Inc
_T("ndgdmk.sys"),
/*
* Invoke-EDRCheck.ps1 - END
*/

/*
* User contributions
*/
// Tehtris
_T("egfilterk.sys"),
// Sophos
_T("SophosDt2.sys"),
_T("SophosSupport.sys"),
// Cisco AMP
_T("ExPrevDriver.sys"),
// Harfang
_T("hlprotect.sys"),
};
 
Также нашел альтернативный способ и наиболее оптимальный. Для каждого PID открывать дескриптор с правами PROCESS_QUERY_LIMITED_INFORMATION (не думаю что АВ будет палить такое действие, ведь это исключительно просмотр). Далее на каждый дескриптор делается вызов NtQueryInformationProcess с классом ProcessProtectionInformation, в качестве буффера - структура PS_PROTECTION размером 1 байт. А далее просто проверяем поле Signer на PsProtectedSignerAntimalware, которое сделано специально для АВ, так что не думаю что будут ложные совпадения с другими процессами. Обычно на всех нормальных АВ все процессы защищены, так что это универсальный способ.
 
Спасибо, добавил себе в систему процессы с этими именами (ниче не делают, потребляют 0% ресурсов, просто отпугивают малварь)). АВ не пользуюсь так как у самого на хостовой машине миллион моих же файлов детектами, которые ав мне удаляет, из за чего работать не удобно
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх