Created
August 30, 2023 15:02
-
-
Save adamsvoboda/9ac52548d3d81f3185e36b9f0be31990 to your computer and use it in GitHub Desktop.
Windows Defender LSASS ASR Exclusion Paths - 08.30.2023
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
%windir%\system32\WerFaultSecure.exe | |
%windir%\system32\mrt.exe | |
%windir%\system32\svchost.exe | |
%windir%\system32\NETSTAT.EXE | |
%windir%\system32\wbem\WmiPrvSE.exe | |
%windir%\system32\DriverStore\FileRepository\*\NVWMI\nvWmi64.exe | |
%programfiles(x86)%\Microsoft Intune Management Extension\ClientHealthEval.exe | |
%programfiles(x86)%\Microsoft Intune Management Extension\SensorLogonTask.exe | |
%programfiles(x86)%\Microsoft Intune Management Extension\Microsoft.Management.Services.IntuneWindowsAgent.exe | |
%programdata%\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\*\OpenHandleCollector.exe | |
%programfiles%\WindowsApps\Microsoft.GamingServices_*\gamingservices.exe | |
%programfiles(x86)%\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe | |
%programfiles(x86)%\Zoom\bin\CptHost.exe | |
%programfiles(x86)%\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | |
%programfiles(x86)%\Microsoft\Edge\Application\*\Installer\setup.exe | |
%programfiles(x86)%\Google\Update\GoogleUpdate.exe | |
%programfiles(x86)%\Splunk\bin\splunkd.exe | |
%programfiles(x86)%\Zscaler\ZSAUpm\ZSAUpm.exe | |
%programfiles(x86)%\Fortinet\FortiClient\FortiESNAC.exe | |
%programfiles(x86)%\FireEye\xagt\xagt.exe | |
%programfiles(x86)%\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe | |
%programfiles(x86)%\Dropbox\Update\DropboxUpdate.exe | |
%programfiles(x86)%\HP\HP Touchpoint Analytics Client\Provider Data Sources\ProcInfo\ProcInfo.exe | |
%programfiles(x86)%\Common Files\Adobe\AdobeGCClient\AGMService.exe | |
%programfiles(x86)%\Tanium\Tanium Client\Tools\Detect3\TaniumDetectEngine.exe | |
%programfiles(x86)%\Airwatch\AgentUI\AWProcessCommands.exe | |
%programfiles(x86)%\Bit9\Parity Agent\Parity.exe | |
%programfiles(x86)%\Arctic Wolf Networks\Agent\ossec-agent.exe | |
%programfiles(x86)%\Cordaware\Infoband\Infoclient.exe | |
%programfiles(x86)%\Splunk\bin\splunk-regmon.exe | |
%programfiles(x86)%\Lenovo\VantageService\*\LenovoVantage-(LenovoBoostSystemAddin).exe | |
%programfiles(x86)%\Micro Focus\Discovery Agent\bin32\discagnt.ex | |
%programfiles(x86)%\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe | |
%programfiles(x86)%\Micro Focus\Discovery Agent\Plugins\usage\discusge.exe | |
%programfiles(x86)%\Hewlett-Packard\Discovery Agent\Plugins\usage\discusge.exe | |
%programfiles(x86)%\Cisco\Cisco AnyConnect Secure Mobility Client\aciseagent.exe | |
%programfiles(x86)%\BigFix Enterprise\BES Client\BESClient.exe | |
%programfiles(x86)%\Logitech\LogiSync\sync-agent\LogiSyncHandler.exe | |
%programfiles(x86)%\ManageSoft\Tracker\ndtrack.exe | |
%programfiles(x86)%\Aternity Information Systems\Agent | |
%programfiles(x86)%\Cisco\Cisco AnyConnect Secure Mobility Client\vpndownloader.exe | |
%programfiles(x86)%\Common Files\Adobe\ARM\*\AdobeARMHelper.exe | |
%programfiles(x86)%\Common Files\Adobe\ARM\*\Temp\*\AdobeARMHelper.exe | |
%programfiles(x86)%\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe | |
%programfiles(x86)%\Aternity Information Systems\Update\AternityUpdate.exe | |
%programfiles(x86)%\Tanium\Tanium Client\TaniumClient.exe | |
%programfiles(x86)%\BraveSoftware\Update\BraveUpdate.exe | |
%programfiles(x86)%\SysTrack\LsiAgent\LsiSupervisor\*\LsiSupervisor.exe | |
%programfiles(x86)%\Cisco\Cisco HostScan\bin\ciscod.exe | |
%programfiles(x86)%\SysTrack\LsiAgent\LsiMods64.exe | |
%programfiles(x86)%\CheckPoint\Endpoint Connect\Watchdog\EPWD.exe | |
%programfiles(x86)%\CheckPoint\Endpoint Security\Endpoint Common\bin\cpda.exe | |
%programfiles(x86)%\VMware\VMware Tools | |
%programfiles(x86)%\VMware\VMware Horizon View Client | |
%programfiles(x86)%\Common Files\VMware\Remote Experience | |
%programfiles(x86)%\Cisco\Cisco AnyConnect Secure Mobility Client\acswgagent.exe | |
%programfiles(x86)%\N-able Technologies\Windows Agent\bin\agent.exe | |
%programfiles(x86)%\Digital Arts\AC\app\bin\acservice.exe | |
%programfiles(x86)%\MOTEX\LanScope Cat MR\Lspcmr.exe | |
%programfiles(x86)%\Power Automate Desktop\Microsoft.Flow.RPA.LauncherService.exe | |
%programfiles(x86)%\DesktopCentral_Agent\bin\dcagentservice.exe | |
%programfiles(x86)%\CheckPoint\Endpoint Security\Endpoint Common\bin\IDAFServerHostService.exe | |
%programfiles(x86)%\Arctic Wolf Networks\Agent\plugins\osquery\osqueryi.exe | |
%programfiles(x86)%\Btc\eAudytor\eAgent\Bin\qati.exe | |
%programfiles(x86)%\Adobe\Adobe Sync\CoreSync\customhook\CoreSyncCustomHook.exe | |
%programfiles(x86)%\NetSupport\NetSupport School | |
%programfiles(x86)%\UEMS_Agent\bin\dcagentservice.exe | |
%programfiles(x86)%\Google\Temp\*\GoogleUpdate.exe | |
%programfiles(x86)%\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroServicesUpdater.exe | |
%programfiles(x86)%\Ninite Agent\NiniteAgent.exe | |
%programfiles(x86)%\HP\HP Classroom Manager\Runplugin64.exe | |
%programfiles(x86)%\SysTrack\LsiAgent\LsiAgent.exe | |
%programfiles(x86)%\VMware\VMware Player\vmware-authd.exe | |
%programfiles(x86)%\Dameware Remote Everywhere Agent\BASupSysInf.exe | |
%programfiles(x86)%\Power Automate Desktop\Microsoft.Flow.RPA.*.exe | |
%programfiles(x86)%\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe | |
%programfiles(x86)%\Common Files\Adobe\Adobe Desktop Common\HDBox\Setup.exe | |
%programfiles(x86)%\SolarWinds | |
%programfiles(x86)%\checkmk\service\check_mk_agent.exe | |
%programfiles(x86)%\ClassPolicyAgent\PolicyAgent.exe | |
%programfiles(x86)%\VMware\VMware Workstation\vmware-authd.exe | |
%programfiles(x86)%\Cisco\Cisco Secure Client\vpnagent.exe | |
%programfiles(x86)%\Balbix\Update\BalbixUpdate.exe | |
%programfiles(x86)%\Bradford Networks\Persistent Agent\bndaemon.exe | |
%programfiles(x86)%\Site24x7\WinAgent\monitoring\bin\MEAgentHelper.exe | |
%programfiles(x86)%\Site24x7\WinAgent\monitoring\bin\AppBin\Site24x7AppAgent.exe | |
%programfiles(x86)%\Cato Networks\Cato Client\winvpnclient.cli.exe | |
%programfiles(x86)%\ManageEngine\UEMS_Agent\bin\dcagentservice.exe | |
%programfiles%\Avecto\Privilege Guard Client\DefendpointService.exe | |
%programfiles%\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe | |
%programfiles%\Microsoft Monitoring Agent\Agent\HealthService.exe | |
%programfiles%\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe | |
%programfiles%\Nexthink\Collector\Collector\nxtsvc.exe | |
%programfiles%\Splunk\bin\splunkd.exe | |
%programfiles%\Azure Advanced Threat Protection Sensor\*\Microsoft.Tri.Sensor.Updater.exe | |
%programfiles%\common files\microsoft shared\ClickToRun\Updates\*\OfficeClickToRun.exe | |
%programfiles%\Zscaler\ZSAUpm\ZSAUpm.exe | |
%programfiles%\Fortinet\FortiClient\FortiESNAC.exe | |
%programfiles%\FireEye\xagt\xagt.exe | |
%programfiles%\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe | |
%programfiles%\Qualys\QualysAgent\QualysAgent.exe | |
%programfiles%\Altiris\Altiris Agent\AeXNSAgent.exe | |
%programfiles%\VMware\VMware Tools | |
%programfiles%\VMware\VMware Horizon View Client | |
%programfiles%\Common Files\VMware\Remote Experience | |
%programfiles%\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe | |
%programfiles%\Rapid7\Insight Agent\components\insight_agent\*\ir_agent.exe | |
%programfiles%\Microsoft RDInfra\RDMonitoringAgent_*\Agent\MonAgentCore.exe | |
%programfiles%\BMCSoftware\Client Management\Client\bin\mtxagent.exe | |
%programfiles%\DisplayLink Core Software\DisplayLinkHotDeskService.exe | |
%programfiles%\ManageSoft\Tracker\ndtrack.exe | |
%programfiles%\Websense\Websense Endpoint\wepsvc.exe | |
%programfiles%\Ricoh\Streamline NX\PC Client\jre\bin\java.exe | |
%programfiles%\Microsoft Monitoring Agent\Agent\Health Service State\Resources\*\pmfexe.exe | |
%programfiles%\Microsoft Monitoring Agent\Agent\MonitoringHost.exe | |
%programfiles%\AppSense\Application Manager\Agent\AMAgent.exe | |
%programfiles%\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe | |
%programfiles%\osquery\osqueryd\osqueryd.exe | |
%programfiles%\Microsoft OneDrive\OneDriveStandaloneUpdater.exe | |
%programfiles%\CyberArk\Endpoint Privilege Manager\Agent\PASAgent\PASAgent.exe | |
%programfiles%\Palo Alto Networks\GlobalProtect\PanGPS.exe | |
%programfiles%\Smart-X\ControlUpAgent\Version*\cuAgent.exe | |
%programfiles%\Citrix\*\XenDesktopRestApiService.exe | |
%programfiles%\Palo Alto Networks\DEM\DEMAgentProcess.exe | |
%programfiles%\Phantom\IBSA\ibsaService.exe | |
%programfiles%\eGurkha\lib\AppPid.exe | |
%programfiles%\dynatrace\oneagent\agent\lib64\oneagentos.exe | |
%programfiles%\dynatrace\oneagent\agent\lib64\oneagentplugin.exe | |
%programfiles%\Remote Desktop WebRTC Redirector\MsRdcWebRTCSvc.exe | |
%programfiles%\Sophos\Sophos File Scanner\SophosFileScanner.exe | |
%programfiles%\NetSupport\NetSupport School | |
%programfiles%\OEM\AMS\Service\ams.exe | |
%programfiles%\Eracent\EPM\epm.exe | |
%programfiles%\Cybereason ActiveProbe\minionhost.exe | |
%programfiles%\Google\Temp\*\GoogleUpdate.exe | |
%programfiles%\Orbit\bin\osqueryd\windows\stable\osqueryd.exe | |
%programfiles%\1E\Client\1E.Client.exe | |
%programfiles%\Endgame\esensor.exe | |
%programfiles%\Microsoft Cloud Managed Desktop Extension\CMDExtension\Microsoft.Management.Services.CloudManagedDesktop.Agent.exe | |
%programfiles%\common files\microsoft shared\ClickToRun\OfficeClickToRun.exe | |
%programfiles%\Adobe\Adobe Creative Cloud Experience\libs\node.exe | |
%programfiles%\Fortinet\FortiClient\FortiProxy.exe | |
%programfiles%\Guardicore\gc-launcher.exe | |
%programfiles%\Microsoft Azure AD Connect Health Sync Agent\Insights\Microsoft.Identity.AadConnect.Health.AadSync.Host.exe | |
%programfiles%\Huntress\HuntressAgent.exe | |
%programfiles%\vast limits\uberAgent\uberAgent.exe | |
%programfiles%\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroServicesUpdater.exe | |
%programfiles%\Dell\DellOptimizer\DellOptimizer.exe | |
%programfiles%\Manufacturer\Endpoint Agent\edpa.exe | |
%programfiles%\CyberArk\Endpoint Privilege Manager\Agent\vf_agent.exe | |
%programfiles%\Morphisec\bin\ProtectorService64.exe | |
%programfiles%\Zoom\bin\CptHost.exe | |
%programfiles%\TOLLAD\GEMONPROC.exe | |
C:\Packages\Plugins\Microsoft.Azure.Diagnostics.IaaSDiagnostics\*\Monitor\x64\MonAgentCore.exe | |
C:\eGurkha\lib\AppPid.exe | |
%windir%\System32\DriverStore\FileRepository\hpanalyticscomp.*\x64\Provider Data Sources\ProcInfo\ProcInfo.exe | |
%windir%\system32\RtkAudUService64.exe | |
%windir%\system32\nvwmi64.exe | |
%windir%\system32\lpksetup.exe | |
%windir%\system32\LogonUI.exe | |
%windir%\system32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_*\x64\AppHelperCap.exe | |
%windir%\AdminArsenal\PDQInventory-Scanner\service-1\PDQInventory-Scanner-1.exe | |
%windir%\RtkBtManServ.exe | |
%windir%\CarbonBlack\cb.exe | |
%windir%\LTSvc\LTSVC.exe | |
%windir%\CCM\CcmExec.exe | |
%windir%\CCM\SensorLogonTask.exe | |
%windir%\CCM\SleepAgentService.exe | |
%windir%\SSysmon64.exe | |
%windir%\Temp\Ctx-*\Extract\TrolleyExpress.exe | |
%programdata%\Citrix\Citrix Receiver*\TrolleyExpress.exe | |
%programdata%\Citrix\Citrix Workspace *\TrolleyExpress.exe | |
%programfiles(x86)%\Citrix\Citrix Workspace *\TrolleyExpress.exe | |
%temp%\Ctx-*\Extract\TrolleyExpress.exe | |
%programfiles%\Quest\ChangeAuditor\Agent\NPSrvHost.exe | |
%programfiles%\Quest\ChangeAuditor\Service\ChangeAuditor.Service.exe | |
%windir%\system32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_*\HotKeyServiceUWP.exe | |
%windir%\system32\CompatTelRunner.exe | |
%programfiles(x86)%\Printer Properties Pro\Printer Installer Client\PrinterInstallerClient.exe | |
%programfiles%\Printer Properties Pro\Printer Installer Client\PrinterInstallerClient.exe | |
%programfiles(x86)%\Zscaler\ZSATunnel\ZSATunnel.exe | |
%programfiles%\Zscaler\ZSATunnel\ZSATunnel.exe | |
%programfiles(x86)%\ManageSoft\Security Agent\mgssecsvc.exe | |
%programfiles%\ManageSoft\Security Agent\mgssecsvc.exe | |
%programfiles(x86)%\Snow Software\Inventory\Agent\snowagent.exe | |
%programfiles%\Snow Software\Inventory\Agent\snowagent.exe | |
c:\windows\system32\WerFaultSecure.exe | |
c:\windows\system32\wbem\WmiPrvSE.exe | |
c:\windows\SysWOW64\wbem\WmiPrvSE.exe | |
\Device\HarddiskVolume?\Windows\System32\svchost.exe | |
\Device\HarddiskVolume?\Windows\System32\wbem\wmiprvse.exe | |
%windir%\system32\fsiso.exe |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment