Skip to content

Commit 570a7d7

Browse files
harleyQu1nnharleyQu1nn
authored
Merge pull request #16 from 0xAsh/master
Fix Syntax errors + Big logic bug
2 parents 16dcae7 + 906fa34 commit 570a7d7

File tree

1 file changed

+27
-27
lines changed

1 file changed

+27
-27
lines changed

EDR.cna

+27-27
Original file line numberDiff line numberDiff line change
@@ -96,7 +96,7 @@ sub list {
9696
## Driver checking
9797

9898
### Absolute
99-
if ('psepfilter.sys' || 'cve.sys' || 'cbfsfilter2017.sys' in @matches) {
99+
if ('psepfilter.sys' in @matches || 'cve.sys' in @matches || 'cbfsfilter2017.sys' in @matches) {
100100
blog($bid, "Absolute Found!");
101101
}
102102

@@ -106,42 +106,42 @@ sub list {
106106
}
107107

108108
### Avast
109-
if ('aswSP.sys' || 'naswSP.sys' in @matches) {
109+
if ('aswSP.sys' in @matches || 'naswSP.sys' in @matches) {
110110
blog($bid, "Avast Found!");
111111
}
112112

113113
### AVG Technologies
114-
if ('avgtpx86.sys' || 'avgtpx64.sys' in @matches) {
114+
if ('avgtpx86.sys' in @matches || 'avgtpx64.sys' in @matches) {
115115
blog($bid, "AVG Technologies Found!");
116116
}
117117

118118
## BitDefender
119-
if ('edrsensor.sys' || 'hbflt.sys' || 'bdsvm.sys' || 'gzflt.sys' || 'bddevflt.sys' || 'AVCKF.SYS' || 'Atc.sys' || 'AVC3.SYS' || 'TRUFOS.SYS' || 'BDSandBox.sys' in @matches) {
119+
if ('edrsensor.sys' in @matches || 'hbflt.sys' in @matches || 'bdsvm.sys' in @matches || 'gzflt.sys' in @matches || 'bddevflt.sys' in @matches || 'AVCKF.SYS' in @matches || 'Atc.sys' in @matches || 'AVC3.SYS' in @matches || 'TRUFOS.SYS' in @matches || 'BDSandBox.sys' in @matches) {
120120
blog($bid, "BitDefender Found!");
121121
}
122122

123123
## Bromium
124-
if ('brfilter.sys' || 'BrCow_x_x_x_x.sys' || 'bemk.sys' in @matches) {
124+
if ('brfilter.sys' in @matches || 'BrCow_x_x_x_x.sys' in @matches || 'bemk.sys' in @matches) {
125125
blog($bid, "Bromium Found!");
126126
}
127127

128128
### Carbon Black
129-
if ('CarbonBlackK.sys' || 'carbonblackk.sys' || "Parity.sys" || "cbk7.sys" || "cbstream.sys" || "ctifile.sys" in @matches) {
129+
if ('CarbonBlackK.sys' in @matches || 'carbonblackk.sys' in @matches || "Parity.sys" in @matches || "cbk7.sys" in @matches || "cbstream.sys" in @matches || "ctifile.sys" in @matches) {
130130
blog($bid, "Carbon Black Found!");
131131
}
132132

133133
### Check Point Software Technologies
134-
if ('epregflt.sys' || 'medlpflt.sys' || 'dsfa.sys' || 'cposfw.sys' || 'epklib.sys' in @matches) {
134+
if ('epregflt.sys' in @matches || 'medlpflt.sys' in @matches || 'dsfa.sys' in @matches || 'cposfw.sys' in @matches || 'epklib.sys' in @matches) {
135135
blog($bid, "Check Point Software Technologies Found!");
136136
}
137137

138138
### Cisco AMP
139-
if ('CiscoAMPCEFWDriver.sys' || 'CiscoAMPHeurDriver.sys' in @matches) {
139+
if ('CiscoAMPCEFWDriver.sys' in @matches || 'CiscoAMPHeurDriver.sys' in @matches) {
140140
blog($bid, "Cisco AMP Found!")
141141
}
142142

143143
### Cisco Secure Endpoint
144-
if ('csacentr.sys' || 'csaenh.sys' || 'csareg.sys' || 'csascr.sys' || 'csaav.sys' || 'csaam.sys' in @matches) {
144+
if ('csacentr.sys' in @matches || 'csaenh.sys' in @matches || 'csareg.sys' in @matches || 'csascr.sys' in @matches || 'csaav.sys' in @matches || 'csaam.sys' in @matches) {
145145
blog($bid, "Cisco Found!");
146146
}
147147

@@ -151,17 +151,17 @@ sub list {
151151
}
152152

153153
### Comodo Security Solutions
154-
if ('cfrmd.sys' || 'cmdccav.sys' || 'cmdguard.sys' || 'CmdMnEfs.sys' || 'MyDLPMF.sys' in @matches) {
154+
if ('cfrmd.sys' in @matches || 'cmdccav.sys' in @matches || 'cmdguard.sys' in @matches || 'CmdMnEfs.sys' in @matches || 'MyDLPMF.sys' in @matches) {
155155
blog($bid, "Comodo Security Solutions Found!");
156156
}
157157

158158
### CrowdStrike
159-
if ('im.sys' || 'CSAgent.sys' || 'CSBoot.sys' || 'CSDeviceControl.sys' || 'cspcm2.sys' in @matches) {
159+
if ('im.sys' in @matches || 'CSAgent.sys' in @matches || 'CSBoot.sys' in @matches || 'CSDeviceControl.sys' in @matches || 'cspcm2.sys' in @matches) {
160160
blog($bid, "CrowdStrike Found!");
161161
}
162162

163163
### CyberArk
164-
if ('CybKernelTracker.sys' || 'vfdrv.sys' || 'vfnet.sys' || 'vfpd.sys' in @matches ) {
164+
if ('CybKernelTracker.sys' in @matches || 'vfdrv.sys' in @matches || 'vfnet.sys' in @matches || 'vfpd.sys' in @matches ) {
165165
blog($bid, "CyberArk Software Found!");
166166
}
167167

@@ -171,17 +171,17 @@ sub list {
171171
}
172172

173173
### Cylance Inc.
174-
if ('CyOptics.sys' || 'CyProtectDrv32.sys' || 'CyProtectDrv64.sys' in @matches) {
174+
if ('CyOptics.sys' in @matches || 'CyProtectDrv32.sys' in @matches || 'CyProtectDrv64.sys' in @matches) {
175175
blog($bid, "Cylance Inc. Found!");
176176
}
177177

178178
### Dell Secureworks
179-
if ('groundling32.sys' || 'groundling64.sys' in @matches) {
179+
if ('groundling32.sys' in @matches || 'groundling64.sys' in @matches) {
180180
blog($bid, "Dell Secureworks Found!");
181181
}
182182

183183
### Elastic Security for Endpoint
184-
if ('ElasticEndpoint.sys' || 'ElasticEndpointDriver.sys' in @matches) {
184+
if ('ElasticEndpoint.sys' in @matches || 'ElasticEndpointDriver.sys' in @matches) {
185185
blog($bid, "Elastic Security for Endpoint detected!")
186186
}
187187

@@ -191,17 +191,17 @@ sub list {
191191
}
192192

193193
### ESET
194-
if ('edevmon.sys' || 'ehdrv.sys' || 'eamonm.sys' || 'ekbdflt.sys' in @matches) {
194+
if ('edevmon.sys' in @matches || 'ehdrv.sys' in @matches || 'eamonm.sys' in @matches || 'ekbdflt.sys' in @matches) {
195195
blog($bid, "ESET Found!");
196196
}
197197

198198
### FireEye
199-
if ('FeKern.sys' || 'WFP_MRT.sys' in @matches) {
199+
if ('FeKern.sys' in @matches || 'WFP_MRT.sys' in @matches) {
200200
blog($bid, "FireEye Found!");
201201
}
202202

203203
### F-Secure
204-
if ('xfsgk.sys' || 'fsgk.sys' || 'fsatp.sys' || 'fshs.sys' in @matches) {
204+
if ('xfsgk.sys' in @matches || 'fsgk.sys' in @matches || 'fsatp.sys' in @matches || 'fshs.sys' in @matches) {
205205
blog($bid, "F-Secure Found!");
206206
}
207207

@@ -211,7 +211,7 @@ sub list {
211211
}
212212

213213
### Kaspersky
214-
if ('klifks.sys' || 'klifaa.sys' || 'Klifsm.sys' in @matches) {
214+
if ('klifks.sys' in @matches || 'klifaa.sys' in @matches || 'Klifsm.sys' in @matches) {
215215
blog($bid, "Kaspersky Found!");
216216
}
217217

@@ -226,7 +226,7 @@ sub list {
226226
}
227227

228228
### McAfee
229-
if ('mfeaskm.sys' || 'mfencfilter.sys' || 'epdrv.sys' || 'mfencoas.sys' || 'mfehidk.sys' || 'swin.sys' || 'hdlpflt.sys' || 'mfprom.sys' || 'MfeEEFF.sys' in @matches) {
229+
if ('mfeaskm.sys' in @matches || 'mfencfilter.sys' in @matches || 'epdrv.sys' in @matches || 'mfencoas.sys' in @matches || 'mfehidk.sys' in @matches || 'swin.sys' in @matches || 'hdlpflt.sys' in @matches || 'mfprom.sys' in @matches || 'MfeEEFF.sys' in @matches) {
230230
blog($bid, "McAfee Found!");
231231
}
232232

@@ -236,12 +236,12 @@ sub list {
236236
}
237237

238238
### Palo Alto
239-
if ('telam.sys' in @matches {
239+
if ('telam.sys' in @matches) {
240240
blog($bid, "Palo Alto Cortex Found!");
241-
})
241+
}
242242

243243
### Panda Security
244-
if ('PSINPROC.SYS' || 'PSINFILE.SYS' || 'amfsm.sys' || 'amm8660.sys' || 'amm6460.sys' in @matches) {
244+
if ('PSINPROC.SYS' in @matches || 'PSINFILE.SYS' in @matches || 'amfsm.sys' in @matches || 'amm8660.sys' in @matches || 'amm6460.sys' in @matches) {
245245
blog($bid, "Panda Security Found!");
246246
}
247247

@@ -261,22 +261,22 @@ sub list {
261261
}
262262

263263
### Sophos
264-
if ('SAVOnAccess.sys' || 'savonaccess.sys' || 'sld.sys' || 'SophosED.sys' || 'sntp.sys' || 'swi_callout.sys' || 'hmpalert.sys' || 'sdcfilter.sys' || 'SophosBootDriver.sys' in @matches) {
264+
if ('SAVOnAccess.sys' in @matches || 'savonaccess.sys' in @matches || 'sld.sys' in @matches || 'SophosED.sys' in @matches || 'sntp.sys' in @matches || 'swi_callout.sys' in @matches || 'hmpalert.sys' in @matches || 'sdcfilter.sys' in @matches || 'SophosBootDriver.sys' in @matches) {
265265
blog($bid, "Sophos Found!");
266266
}
267267

268268
### Symantec
269-
if ('pgpwdefs.sys' || 'GEProtection.sys' || 'diflt.sys' || 'sysMon.sys' || 'ssrfsf.sys' || 'emxdrv2.sys' || 'reghook.sys' || 'spbbcdrv.sys' || 'bhdrvx86.sys' || 'bhdrvx64.sys' || 'SISIPSFileFilter.sys' || 'symevent.sys' || 'vxfsrep.sys' || 'VirtFile.sys' || 'SymAFR.sys' || 'symefasi.sys' || 'symefa.sys' || 'symefa64.sys' || 'SymHsm.sys' || 'evmf.sys' || 'GEFCMP.sys' || 'VFSEnc.sys' || 'pgpfs.sys' in || 'fencry.sys' || 'symrg.sys' in @matches) {
269+
if ('pgpwdefs.sys' in @matches || 'GEProtection.sys' in @matches || 'diflt.sys' in @matches || 'sysMon.sys' in @matches || 'ssrfsf.sys' in @matches || 'emxdrv2.sys' in @matches || 'reghook.sys' in @matches || 'spbbcdrv.sys' in @matches || 'bhdrvx86.sys' in @matches || 'bhdrvx64.sys' in @matches || 'SISIPSFileFilter.sys' in @matches || 'symevent.sys' in @matches || 'vxfsrep.sys' in @matches || 'VirtFile.sys' in @matches || 'SymAFR.sys' in @matches || 'symefasi.sys' in @matches || 'symefa.sys' in @matches || 'symefa64.sys' in @matches || 'SymHsm.sys' in @matches || 'evmf.sys' in @matches || 'GEFCMP.sys' in @matches || 'VFSEnc.sys' in @matches || 'pgpfs.sys' in @matches || 'fencry.sys' in @matches || 'symrg.sys' in @matches) {
270270
blog($bid, "Symantec Found!");
271271
}
272272

273273
### Trend Micro
274-
if ('TMUMS.sys' || 'hfileflt.sys' || 'TMUMH.sys' || 'AcDriver.sys' || 'SakFile.sys' || 'SakMFile.sys' || 'fileflt.sys' || 'TmEsFlt.sys' || 'tmevtmgr.sys' || 'TmFileEncDmk.sys' in @matches) {
274+
if ('TMUMS.sys' in @matches || 'hfileflt.sys' in @matches || 'TMUMH.sys' in @matches || 'AcDriver.sys' in @matches || 'SakFile.sys' in @matches || 'SakMFile.sys' in @matches || 'fileflt.sys' in @matches || 'TmEsFlt.sys' in @matches || 'tmevtmgr.sys' in @matches || 'TmFileEncDmk.sys' in @matches) {
275275
blog($bid, "Trend Micro Inc Found!");
276276
}
277277

278278
### Verdasys
279-
if ('dgdmk.sys' || 'ndgdmk.sys' in @matches) {
279+
if ('dgdmk.sys' in @matches || 'ndgdmk.sys' in @matches) {
280280
blog($bid, "Verdasys Inc. Found!");
281281
}
282282

0 commit comments

Comments
 (0)