Skip to content

Release version 1.3
Compare
Choose a tag to compare
@netero1010 netero1010 released this 07 Jan 13:20
· 6 commits to main since this release
1.3
57f6bb6

Version 1.3:

  1. Some EDR controls (e.g., minifilter) deny access when a process attempts to obtain a file handle of its EDR processes (e.g., through CreateFileW). However, the FwpmGetAppIdFromFileName0 API, which is used to obtain the FWP app id of the targeted EDR process, calls CreateFileW internally. To avoid this, a custom FwpmGetAppIdFromFileName0 was implemented to construct the app id without invoking CreateFileW, thus preventing unexpected failures when adding a WFP filter to an EDR process
Assets 3
Loading