Merge pull request Pennyw0rth#371 from termanix/patch-5

NeffIsBack · web-flow · commit 3a5c109fedbc · 2024-07-18T09:46:21.000+02:00
diff --git a/nxc/modules/enum_av.py b/nxc/modules/enum_av.py
@@ -358,6 +358,27 @@ def LsarLookupNames(self, dce, policyHandle, service):
                 {"name": "sophoslivequery_*", "processes": [""]}
             ]
         },
+        {
+            "name": "Trellix Endpoint Detection and Response (EDR)",
+            "services": [
+                {"name": "McAfee Endpoint Security Platform Service", "description": "Trellix Core Service"},
+                {"name": "mfemactl", "description": "Trellix Management Service"},
+                {"name": "mfemms", "description": "McAfee Management Service"},
+                {"name": "mfefire", "description": "Trellix Firewall Core Service"},
+                {"name": "masvc", "description": "Trellix Agent Service"},
+                {"name": "macmnsvc", "description": "Trellix Agent Common Service"},
+                {"name": "mfetp", "description": "Trellix Endpoint Threat Prevention Service"},
+                {"name": "mfewc", "description": "Trellix Endpoint Security Web Control Service"}, 
+                {"name": "mfeaack", "description": "Trellix Anti-Malware Core Service"}
+            ],
+            "pipes": [
+                {"name": "TrellixEDR_Pipe_*", "processes": ["McAfeeEDR.exe"]},
+                {"name": "mfemactl_*", "processes": ["mfemactl.exe"]},
+                {"name": "mfefire_*", "processes": ["mfefire.exe"]},
+                {"name": "McAfeeAgent_Pipe_*", "processes": ["McAfeeAgent.exe"]},
+                {"name": "mfetp_*", "processes": ["mfetp.exe"]}
+            ]
+        },
         {
             "name": "Trend Micro Endpoint Security",
             "services": [
