Skip to content

Windows: reduce false positives on Suspicious PowerShell (AMSI Bypass) rule#2311

Open
rvald26 wants to merge 1 commit into
v11from
feature/powershell-amsi-bypass-fp-tuning
Open

Windows: reduce false positives on Suspicious PowerShell (AMSI Bypass) rule#2311
rvald26 wants to merge 1 commit into
v11from
feature/powershell-amsi-bypass-fp-tuning

fix(rules/windows): exclude benign AMSI 'sentinel' harness from Power…

4365211
Select commit
Loading
Failed to load commit list.