Update README.md

yuhisern7 · Jan 23, 2020 · 8862b87 · 8862b87
1 parent 0dca467
commit 8862b87
Showing 1 changed file with 21 additions and 2 deletions.
diff --git a/Malwarebytes/v3.7.1.2839/README.md b/Malwarebytes/v3.7.1.2839/README.md
@@ -1,8 +1,22 @@
 # v3.7.1.2839
 
-## Demo
+# Malicious Code Bypass via Extension Whitelisting 
 
-![demo](https://image.prntscr.com/image/s2WOwStiR7_uacVQZFGHyQ.gif)
+## Issues
+
+1. Does not proactively scan files dropped to disk,
+2. Executables with `etl`, `Config`, and `Manifest` file extensions ran using `CreateProcess` do not get scanned.
+
+### Recommended Fix(?)
+
+1. Include `IRP_MJ_CLEANUP` (and optionally `IRP_MJ_WRITE`) minifilter callback operations,
+2. Do not whitelist `etl`, `Config`, and `Manifest` file extensions from scanning.
+
+### Tested Environments
+
+* Windows 7 x64 Home Premium
+* Windows 7 x64 Ultimate
+* Windows 10 x64 Pro
 
 ## How to Compile
 
@@ -33,3 +47,8 @@ Run the built payload:
 ```
 > out.exe
 ```
+
+
+## Demo
+
+![demo](https://image.prntscr.com/image/s2WOwStiR7_uacVQZFGHyQ.gif)