Merge pull request Pennyw0rth#1173 from 0xaled/NetExec-Enum-AV

enum_av module: add HarfangLab Hurukai EDR indicators and minor tipo fix

Author: NeffIsBack

nxc/modules/enum_av.py

@@ -259,15 +259,14 @@ def LsarLookupNames(self, dce, policyHandle, service):
                 {"name": "vsmon", "description": "Check Point Endpoint Security Network Protection"},
                 {"name": "CPFileAnlyz", "description": "Check Point Endpoint Security File Analyzer"},
                 {"name": "EPClientUIService", "description": "Check Point Endpoint Security Client UI"}
-
             ],
             "pipes": []
         },
         {
             "name": "Cortex",
             "services": [
                 {"name": "xdrhealth", "description": "Cortex XDR Health Helper"},
-                {"name": "cyserver", "description": " Cortex XDR"}
+                {"name": "cyserver", "description": "Cortex XDR"}
             ],
             "pipes": []
         },
@@ -342,6 +341,21 @@ def LsarLookupNames(self, dce, policyHandle, service):
                 {"name": "exploitProtectionIPC", "processes": ["AVKWCtlx64.exe"]}
             ]
         },
+        {
+            "name": "HarfangLab EDR",
+            "services": [
+                {"name": "hurukai", "description": "HarfangLab Hurukai Agent"},
+                {"name": "Hurukai agent", "description": "HarfangLab Hurukai Agent Service"},
+                {"name": "HarfangLab Hurukai agent", "description": "HarfangLab Hurukai Agent Program"},
+                {"name": "hurukai-av", "description": "HarfangLab Hurukai Antivirus"},
+                {"name": "hurukai-ui", "description": "HarfangLab Hurukai UI"}
+            ],
+            "pipes": [
+                {"name": "hurukai-control", "processes": ["hurukai.exe"]},
+                {"name": "hurukai-servicing", "processes": ["hurukai.exe"]},
+                {"name": "hurukai-amsi", "processes": ["hurukai.exe"]}
+            ]
+        },
         {
             "name": "Ivanti Security",
             "services": [