diff --git a/SharpEDRChecker/DriverChecker.cs b/SharpEDRChecker/DriverChecker.cs index 8879abe..d52ebb7 100644 --- a/SharpEDRChecker/DriverChecker.cs +++ b/SharpEDRChecker/DriverChecker.cs @@ -93,6 +93,10 @@ internal static string CheckDriver(string driverFileName, string driverBaseName) { fixedDriverPath = fixedDriverPath.Replace(@"\windows\".ToLower(), @"c:\windows\".ToLower()); } + else if (fixedDriverPath.ToLower().StartsWith(@"\??\")) + { + fixedDriverPath = fixedDriverPath.ToLower().Replace(@"\??\", @""); + } var metadata = $"{FileChecker.GetFileInfo(fixedDriverPath)}"; var allattribs = $"{driverBaseName} - {metadata}"; diff --git a/SharpEDRChecker/EDRData.cs b/SharpEDRChecker/EDRData.cs index 9a53ffe..ab16872 100644 --- a/SharpEDRChecker/EDRData.cs +++ b/SharpEDRChecker/EDRData.cs @@ -12,6 +12,7 @@ class EDRData "anti virus", "anti-virus", "antivirus", + "appsense", "authtap", "avast", "avecto", @@ -47,6 +48,7 @@ class EDRData "groundling", "GRRservic", "inspector", + "ivanti", "kaspersky", "lacuna", "logrhythm", @@ -94,7 +96,8 @@ class EDRData "windowssensor", "wireshark", "threat", - "xagt" + "xagt.exe", + "xagtnotif.exe" }; } } \ No newline at end of file diff --git a/SharpEDRChecker/FileChecker.cs b/SharpEDRChecker/FileChecker.cs index b2c5033..e138f1a 100644 --- a/SharpEDRChecker/FileChecker.cs +++ b/SharpEDRChecker/FileChecker.cs @@ -27,7 +27,7 @@ internal static string GetFileInfo(string filePath) { if (filePath.ToLower().StartsWith(@"c:\windows\system32\")) { - filePath = filePath.ToLower().Replace(@"c:\windows\system32\", @"C:\Windows\Sysnative\"); + filePath = filePath.ToLower().Replace(@"c:\windows\system32\", @"c:\Windows\Sysnative\"); return GetFileInfo(filePath); } else