EDRHunt v1.4.8 releases: Scan installed EDRs and AVs on Windows

EDRHunt

EDRHunt scans Windows services, drivers, processes, the registry for installed EDRs (Endpoint Detection And Response).

Detections

EDR Detections Currently Available

• Windows Defender
• Kaspersky Security
• Symantec Security
• Crowdstrike Security
• Mcafee Security
• Cylance Security
• Carbon Black
• SentinelOne
• FireEye

Use

• Find installed EDRs

  $ .\EDRHunt.exe scan
  
  [EDR]
  
  Detected EDR: Windows Defender
  
  Detected EDR: Kaspersky Security

   

   

   

   

• Scan Everything

  $ .\EDRHunt.exe all
  
  Running in user mode, escalate to admin for more details.
  
  Scanning processes, services, drivers, and registry...
  
  [PROCESSES]
  
  
  
  Suspicious Process Name: MsMpEng.exe
  
  Description: MsMpEng.exe
  
  Caption: MsMpEng.exe
  
  Binary:
  
  ProcessID: 6764
  
  Parent Process: 1148
  
  Process CmdLine :
  
  File Metadata:
  
  Matched Keyword: [msmpeng]
  
  
  
  
  
  Suspicious Process Name: NisSrv.exe
  
  Description: NisSrv.exe
  
  Caption: NisSrv.exe
  
  Binary:
  
  ProcessID: 9840
  
  Parent Process: 1148
  
  Process CmdLine :
  
  File Metadata:
  
  Matched Keyword: [nissrv]
  
  ...

   

   

   

   

• Find services matching EDR keywords

• Find drivers matching EDR keywords

• Find registry keys matching EDR keywords

Changelog v1.4.8

• No Registry Lookup

Download & Tutorial

Copyright 2021 FourCore Labs team@fourcore.vision