https://github.com/hfiref0x/MpEnum
What it can: enumerate all "bad" threats (families) from AV DB, list it by category (> 50 categories) and save each category families list to file.
What it can't: enumerate actual definitions in each family. As you understand this is out of my interest.
Compiled binary included.
Mainly created when I was forced to bypass idiotic detection from Windows Defender on newest insider build.
Full categorized dump for WD AV Signature DB version 1.273.443.0
https://github.com/hfiref0x/MpEnum/tree/master/Dump
P.S.
There exist PowerShell command, https://technet.microsoft.com/en-us/lib ... .630).aspx which also can enumerate AV DB, however it output is messed up as it seems doesn't take MPTHREAT_CATEGORY into account/output.
What it can: enumerate all "bad" threats (families) from AV DB, list it by category (> 50 categories) and save each category families list to file.
What it can't: enumerate actual definitions in each family. As you understand this is out of my interest.
Compiled binary included.
Mainly created when I was forced to bypass idiotic detection from Windows Defender on newest insider build.
Full categorized dump for WD AV Signature DB version 1.273.443.0
https://github.com/hfiref0x/MpEnum/tree/master/Dump
P.S.
There exist PowerShell command, https://technet.microsoft.com/en-us/lib ... .630).aspx which also can enumerate AV DB, however it output is messed up as it seems doesn't take MPTHREAT_CATEGORY into account/output.
Ring0 - the source of inspiration
