Added CompatTelRunner.exe as an exclusion to persistence_unusual_process_modified_registry_run_key.yml

NovaSky0x1 · NovaSky0x1 · commit 18cc9f37b5ef · 2025-02-24T12:19:23.000-05:00
diff --git a/rules/persistence_unusual_process_modified_registry_run_key.yml b/rules/persistence_unusual_process_modified_registry_run_key.yml
@@ -43,7 +43,8 @@ condition: >
       '?:\\Windows\\SysWOW64\\prevhost.exe',
       '?:\\Windows\\System32\\conhost.exe',
       '?:\\Windows\\System32\\taskhostw.exe',
-      '?:\\Windows\\System32\\backgroundTaskHost.exe'
+      '?:\\Windows\\System32\\backgroundTaskHost.exe',
+      '?:\\Windows\\System32\\CompatTelRunner.exe'
     )
 
 min-engine-version: 2.4.0

Original file line number	Diff line number	Diff line change
`@@ -43,7 +43,8 @@ condition: >`
`43`	`43`	`'?:\\Windows\\SysWOW64\\prevhost.exe',`
`44`	`44`	`'?:\\Windows\\System32\\conhost.exe',`
`45`	`45`	`'?:\\Windows\\System32\\taskhostw.exe',`
`46`		`- '?:\\Windows\\System32\\backgroundTaskHost.exe'`
	`46`	`+ '?:\\Windows\\System32\\backgroundTaskHost.exe',`
	`47`	`+ '?:\\Windows\\System32\\CompatTelRunner.exe'`
`47`	`48`	`)`
`48`	`49`
`49`	`50`	`min-engine-version: 2.4.0`