EDRHunt v1.4.8 releases: Scan installed EDRs and AVs on Windows

by do son · Published · Updated

Endpoint Detection

EDRHunt

EDRHunt scans Windows services, drivers, processes, the registry for installed EDRs (Endpoint Detection And Response).

Detections

EDR Detections Currently Available

  • Windows Defender
  • Kaspersky Security
  • Symantec Security
  • Crowdstrike Security
  • Mcafee Security
  • Cylance Security
  • Carbon Black
  • SentinelOne
  • FireEye

Use

  • Find installed EDRs
    $ .\EDRHunt.exe scan

    [EDR]

    Detected EDR: Windows Defender

    Detected EDR: Kaspersky Security

     

     

     

     

  • Scan Everything
    $ .\EDRHunt.exe all

    Running in user mode, escalate to admin for more details.

    Scanning processes, services, drivers, and registry...

    [PROCESSES]

    

    Suspicious Process Name: MsMpEng.exe

    Description: MsMpEng.exe

    Caption: MsMpEng.exe

    Binary:

    ProcessID: 6764

    Parent Process: 1148

    Process CmdLine :

    File Metadata:

    Matched Keyword: [msmpeng]

    

    

    Suspicious Process Name: NisSrv.exe

    Description: NisSrv.exe

    Caption: NisSrv.exe

    Binary:

    ProcessID: 9840

    Parent Process: 1148

    Process CmdLine :

    File Metadata:

    Matched Keyword: [nissrv]

    ...

     

     

     

     

  • Find services matching EDR keywords
$ .\EDRHunt.exe -s
  • Find drivers matching EDR keywords
$ .\EDRHunt.exe -d
  • Find registry keys matching EDR keywords
$ .\EDRHunt.exe -r

Changelog v1.4.8

  • No Registry Lookup

Download & Tutorial

Copyright 2021 FourCore Labs team@fourcore.vision

Tags: Endpoint Detection