v1.4

README.md

@@ -2,42 +2,48 @@
 This program detects if any security software (AV, EDR, XDR, firewall, etc.) is running on the system. The program searches the list of running processes and compares their names with a predefined list of known security software processes.
 
 # Requirements
-A C++11 or later compatible compiler.
+A C++17 or later compatible compiler.
 Windows as the operating system.
 
 # Compilation
 Open a terminal or command prompt.
 Navigate to the directory where the main.cpp file is located.
-Compile the program using CLion, also a C++11 or later compatible compiler. For example, to compile with g++, execute the following command:
+Compile the program using CLion, also a C++17 or later compatible compiler. For example, to compile with g++, execute the following command:
 ```
-g++ -std=c++11 -o av_detect main.cpp
+g++ -std=c++17 -o av_detect main.cpp
 ```
 This will create an executable file named av_detect.exe in the same directory.
 
 # Detected Apps
 - Agnitum Outpost Firewall - Firewall
+- Avast (additional process) - AV
 - Avast - AV
 - Avira - AV
 - AxCrypt - Encryption
+- Bitdefender (additional processes) - AV
 - Bitdefender Total Security - AV
 - Check Point Daemon - Security
 - Check Point Firewall - Firewall
 - Cisco AnyConnect Secure Mobility Client - VPN
 - Cisco Umbrella Roaming Security - Security
+- CrowdStrike Falcon (additional processes) - EDR
 - CrowdStrike Falcon Insight XDR - XDR
 - Cybereason EDR - EDR
 - Cytomic Orion - Security
 - DriveSentry - Security
-- Elastic Winlogbeat - Security
 - ESET NOD32 AV - AV
+- Elastic Winlogbeat - Security
 - FireEye Endpoint Agent - Security
 - FireEye HX - Security
 - FortiEDR - EDR
 - Host Intrusion Prevention System - HIPS
-- Kaspersky Secure Connection - VPN
+- Kaspersky (additional processes) - AV
 - Kaspersky - AV
+- Kaspersky Secure Connection - VPN
 - Kerio Personal Firewall - Firewall
+- Malwarebytes (additional processes) - AV
 - Malwarebytes - AV
+- McAfee (additional processes) - AV
 - McAfee DLP Sensor - DLP
 - McAfee Endpoint Encryption - Encryption
 - McAfee Endpoint Security - AV
@@ -47,16 +53,20 @@ This will create an executable file named av_detect.exe in the same directory.
 - Microsoft Defender ATP (Advanced Threat Protection) - Security
 - Microsoft Security Essentials - AV
 - Microsoft Sysmon - Security
+- Norton Antivirus - AV
 - OpenVPN - VPN
 - Palo Alto Networks Cortex XDR - XDR
 - Palo Alto Networks GlobalProtect - VPN
 - Panda Security - AV
 - Sandboxie - Security
+- SentinelOne (additional processes) - EDR
 - SentinelOne Singularity XDR - XDR
+- Sophos (additional processes) - AV
 - Sophos Endpoint Security - AV
 - Symantec DLP Agent - DLP
 - Symantec Endpoint Protection - AV
 - Tanium EDR - EDR
+- Trend Micro (additional processes) - AV
 - Trend Micro OfficeScan - AV
 - TrueCrypt - Encryption
 - VMware Carbon Black EDR - EDR

main.cpp

@@ -18,18 +18,30 @@ bool isSecuritySoftwareRunning() {
     SetConsoleOutputCP(65001); //Set console encoding to utf8
 
     std::map<std::string, SecuritySoftware> securitySoftwareProcesses = {
+            {"SentinelAgent.exe",       {"SentinelOne",                      "EDR"}},
+            {"SentinelCtl.exe",         {"SentinelOne",                      "EDR"}},
+            {"SophosClean.exe",         {"Sophos",                           "AV"}},
+            {"SophosHealth.exe",        {"Sophos",                           "AV"}},
+            {"aciseagent.exe", 		   {"Cisco Umbrella Roaming Security", 					"Security"}},
+            {"acumbrellaagent.exe",     {"Cisco Umbrella Roaming Security", 					"Security"}},
+            {"aswidsagent.exe",         {"Avast",                            "AV"}},
             {"avastsvc.exe",            {"Avast",                            "AV"}},
             {"avastui.exe",             {"Avast",                            "AV"}},
             {"avgnt.exe",               {"Avira",                            "AV"}},
             {"avguard.exe",             {"Avira",                            "AV"}},
             {"avp.exe",                 {"Kaspersky",                        "AV"}},
+            {"avpui.exe",		       {"Kaspersky",						"AV"}},
             {"axcrypt.exe",             {"AxCrypt",                          "Encryption"}},
             {"bdagent.exe",             {"Bitdefender Total Security",       "AV"}},
+            {"bdntwrk.exe",             {"Bitdefender",                      "AV"}},
             {"carbonsensor.exe",        {"VMware Carbon Black EDR",          "EDR"}},
             {"cbcomms.exe",             {"CrowdStrike Falcon Insight XDR",   "XDR"}},
             {"ccsvchst.exe",            {"Symantec Endpoint Protection",     "AV"}},
+            {"coreServiceShell.exe",    {"Trend Micro",                      "AV"}},
             {"cpd.exe",                 {"Check Point Daemon",               "Security"}},
             {"cpx.exe",                 {"SentinelOne Singularity XDR",      "XDR"}},
+            {"csfalconcontainer.exe",   {"CrowdStrike Falcon",               "EDR"}},
+            {"csfalcondaterepair.exe",  {"CrowdStrike Falcon",               "EDR"}},
             {"csfalconservice.exe",     {"CrowdStrike Falcon Insight XDR",   "XDR"}},
             {"cybereason.exe",          {"Cybereason EDR",                   "EDR"}},
             {"cytomicendpoint.exe",     {"Cytomic Orion",                    "Security"}},
@@ -38,63 +50,71 @@ bool isSecuritySoftwareRunning() {
             {"dsmonitor.exe",           {"DriveSentry",                      "Security"}},
             {"dwengine.exe",            {"DriveSentry",                      "Security"}},
             {"edpa.exe",                {"McAfee Endpoint Security",         "AV"}},
+            {"eegoservice.exe", 	       {"McAfee Endpoint Encryption", 				"Encryption"}},
             {"egui.exe",                {"ESET NOD32 AV",                    "AV"}},
             {"ekrn.exe",                {"ESET NOD32 AV",                    "AV"}},
             {"firesvc.exe",             {"FireEye Endpoint Agent",           "Security"}},
             {"firetray.exe",            {"FireEye Endpoint Agent",           "Security"}},
             {"fortiedr.exe",            {"FortiEDR",                         "EDR"}},
             {"fw.exe",                  {"Check Point Firewall",             "Firewall"}},
             {"hips.exe",                {"Host Intrusion Prevention System", "HIPS"}},
+            {"klwtblfs.exe",            {"Kaspersky",                        "AV"}},
+            {"klwtpwrs.srv",            {"Kaspersky",                        "AV"}},
             {"kpf4ss.exe",              {"Kerio Personal Firewall",          "Firewall"}},
+            {"ksde.exe", 		       {"Kaspersky Secure Connection",		"VPN"}},
+            {"ksdeui.exe", 		       {"Kaspersky Secure Connection", 	"VPN"}},
+            {"macmnsvc.exe", 		   {"McAfee Endpoint Security",				"AV"}},
+            {"masvc.exe", 			   {"McAfee Endpoint Security",     			"AV"}},
+            {"mbae64.sys",              {"Malwarebytes",                     "AV"}},
             {"mbamservice.exe",         {"Malwarebytes",                     "AV"}},
+            {"mbamswissarmy.sys",       {"Malwarebytes",                     "AV"}},
             {"mbamtray.exe",            {"Malwarebytes",                     "AV"}},
             {"mcshield.exe",            {"McAfee VirusScan",                 "AV"}},
+            {"mdecryptservice.exe",     {"McAfee Endpoint Encryption", 				"Encryption"}},
+            {"mfeann.exe",              {"McAfee",                           "AV"}},
+            {"mfeepehost.exe", 		   {"McAfee Endpoint Encryption", 				"Encryption"}},
             {"mfefire.exe",             {"McAfee Host Intrusion Prevention", "HIPS"}},
+            {"mfemactl.exe", 		   {"McAfee Endpoint Security Firewall", 					"Firewall"}},
+            {"mfemms.exe",              {"McAfee",                           "AV"}},
             {"msascuil.exe",            {"Windows Defender",                 "AV"}},
             {"msmpeng.exe",             {"Windows Defender",                 "AV"}},
             {"msseces.exe",             {"Microsoft Security Essentials",    "AV"}},
+            {"mssense.exe", 		       {"Microsoft Defender ATP (Advanced Threat Protection)",	"Security"}},
             {"nissrv.exe",              {"Microsoft Security Essentials",    "AV"}},
+            {"nortonsecurity.exe",      {"Norton Antivirus",                 "AV"}},
+            {"ns.exe",                  {"Norton Antivirus",                 "AV"}},
+            {"nsservice.exe",           {"Norton Antivirus",                 "AV"}},
+            {"openvpnserv.exe",         {"OpenVPN", 						"VPN"}},
             {"outpost.exe",             {"Agnitum Outpost Firewall",         "Firewall"}},
             {"panda_url_filtering.exe", {"Panda Security",                   "AV"}},
+            {"pangps.exe", 			   {"Palo Alto Networks GlobalProtect",		"VPN"}},
             {"pavfnsvr.exe",            {"Panda Security",                   "AV"}},
             {"pavsrv.exe",              {"Panda Security",                   "AV"}},
             {"psanhost.exe",            {"Panda Security",                   "AV"}},
             {"rtvscan.exe",             {"Symantec Endpoint Protection",     "AV"}},
             {"savservice.exe",          {"Sophos Endpoint Security",         "AV"}},
+            {"sbiesvc.exe", 	           {"Sandboxie", 						"Security"}},
             {"shstat.exe",              {"McAfee VirusScan",                 "AV"}},
             {"sophosav.exe",            {"Sophos Endpoint Security",         "AV"}},
             {"sophossps.exe",           {"Sophos Endpoint Security",         "AV"}},
             {"sophosui.exe",            {"Sophos Endpoint Security",         "AV"}},
             {"sysmon.exe",              {"Microsoft Sysmon",                  "Security"}},
+            {"sysmon64.exe", 	       {"Microsoft Sysmon", 				"Security"}},
             {"tanclient.exe",           {"Tanium EDR",                       "EDR"}},
             {"tmntsrv.exe",             {"Trend Micro OfficeScan",           "AV"}},
             {"tmproxy.exe",             {"Trend Micro OfficeScan",           "AV"}},
             {"trapsagent.exe",          {"Palo Alto Networks Cortex XDR",    "XDR"}},
             {"trapsd.exe",              {"Palo Alto Networks Cortex XDR",    "XDR"}},
             {"truecrypt.exe",           {"TrueCrypt",                        "Encryption"}},
+            {"uiWinMgr.exe",            {"Trend Micro",                      "AV"}},
+            {"updatesrv.exe",           {"Bitdefender",                      "AV"}},
+            {"vpnagent.exe",		       {"Cisco AnyConnect Secure Mobility Client","VPN"}},
             {"vsserv.exe",              {"Bitdefender Total Security",       "AV"}},
-            {"wrsa.exe",                {"Webroot Anywhere",                 "AV"}},
             {"windefend.exe",           {"Windows Defender",                 "AV"}},
-            {"xagt.exe",                {"FireEye HX",                       "Security"}},
-            {"vpnagent.exe",		       {"Cisco AnyConnect Secure Mobility Client","VPN"}},
-            {"macmnsvc.exe", 		   {"McAfee Endpoint Security",				"AV"}},
-            {"masvc.exe", 			   {"McAfee Endpoint Security",     			"AV"}},
-            {"eegoservice.exe", 	       {"McAfee Endpoint Encryption", 				"Encryption"}},
-            {"mfeepehost.exe", 		   {"McAfee Endpoint Encryption", 				"Encryption"}},
-            {"mdecryptservice.exe",     {"McAfee Endpoint Encryption", 				"Encryption"}},
-            {"pangps.exe", 			   {"Palo Alto Networks GlobalProtect",		"VPN"}},
-            {"mssense.exe", 		       {"Microsoft Defender ATP (Advanced Threat Protection)",	"Security"}},
-            {"acumbrellaagent.exe",     {"Cisco Umbrella Roaming Security", 					"Security"}},
-            {"aciseagent.exe", 		   {"Cisco Umbrella Roaming Security", 					"Security"}},
-            {"mfemactl.exe", 		   {"McAfee Endpoint Security Firewall", 					"Firewall"}},
-            {"avpui.exe",		       {"Kaspersky",						"AV"}},
-            {"ksde.exe", 		       {"Kaspersky Secure Connection",		"VPN"}},
-            {"ksdeui.exe", 		       {"Kaspersky Secure Connection", 	"VPN"}},
-            {"openvpnserv.exe",         {"OpenVPN", 						"VPN"}},
-            {"sbiesvc.exe", 	           {"Sandboxie", 						"Security"}},
-            {"sysmon64.exe", 	       {"Microsoft Sysmon", 				"Security"}},
             {"winlogbeat.exe", 	       {"Elastic Winlogbeat", 				"Security"}},
-            {"wireguard.exe", 	       {"WireGuard", 						"VPN"}}
+            {"wireguard.exe", 	       {"WireGuard", 						"VPN"}},
+            {"wrsa.exe",                {"Webroot Anywhere",                 "AV"}},
+            {"xagt.exe",                {"FireEye HX",                       "Security"}}
     };
 
     bool found = false;

processes.csv

@@ -1,6 +1,11 @@
 Process, Name, Type
+"SentinelAgent.exe", "SentinelOne", "EDR"
+"SentinelCtl.exe", "SentinelOne", "EDR"
+"SophosClean.exe", "Sophos", "AV"
+"SophosHealth.exe", "Sophos", "AV"
 "aciseagent.exe", "Cisco Umbrella Roaming Security", "Security"
 "acumbrellaagent.exe", "Cisco Umbrella Roaming Security", "Security"
+"aswidsagent.exe", "Avast", "AV"
 "avastsvc.exe","Avast","AV"
 "avastui.exe","Avast","AV"
 "avgnt.exe","Avira","AV"
@@ -9,11 +14,15 @@ Process, Name, Type
 "avpui.exe","Kaspersky","AV"
 "axcrypt.exe","AxCrypt","Encryption"
 "bdagent.exe","Bitdefender Total Security","AV"
+"bdntwrk.exe", "Bitdefender", "AV"
 "carbonsensor.exe","VMware Carbon Black EDR","EDR"
 "cbcomms.exe","CrowdStrike Falcon Insight XDR","XDR"
 "ccsvchst.exe","Symantec Endpoint Protection","AV"
+"coreServiceShell.exe", "Trend Micro", "AV"
 "cpd.exe","Check Point Daemon","Security"
 "cpx.exe","SentinelOne Singularity XDR","XDR"
+"csfalconcontainer.exe", "CrowdStrike Falcon", "EDR"
+"csfalcondaterepair.exe", "CrowdStrike Falcon", "EDR"
 "csfalconservice.exe","CrowdStrike Falcon Insight XDR","XDR"
 "cybereason.exe","Cybereason EDR","EDR"
 "cytomicendpoint.exe","Cytomic Orion","Security"
@@ -30,23 +39,32 @@ Process, Name, Type
 "fortiedr.exe","FortiEDR","EDR"
 "fw.exe","Check Point Firewall","Firewall"
 "hips.exe","Host Intrusion Prevention System","HIPS"
+"klwtblfs.exe", "Kaspersky", "AV"
+"klwtpwrs.srv", "Kaspersky", "AV"
 "kpf4ss.exe","Kerio Personal Firewall","Firewall"
 "ksde.exe", "Kaspersky Secure Connection", "VPN"
 "ksdeui.exe", "Kaspersky Secure Connection", "VPN"
 "macmnsvc.exe", "McAfee Endpoint Security", "AV"
 "masvc.exe", "McAfee Endpoint Security", "AV"
+"mbae64.sys", "Malwarebytes", "AV"
 "mbamservice.exe","Malwarebytes","AV"
+"mbamswissarmy.sys", "Malwarebytes", "AV"
 "mbamtray.exe","Malwarebytes","AV"
 "mcshield.exe","McAfee VirusScan","AV"
 "mdecryptservice.exe", "McAfee Endpoint Encryption", "Encryption"
+"mfeann.exe", "McAfee", "AV"
 "mfeepehost.exe", "McAfee Endpoint Encryption", "Encryption"
 "mfefire.exe","McAfee Host Intrusion Prevention","HIPS"
 "mfemactl.exe", "McAfee Endpoint Security Firewall", "Firewall"
+"mfemms.exe", "McAfee", "AV"
 "msascuil.exe","Windows Defender","AV"
 "msmpeng.exe","Windows Defender","AV"
 "msseces.exe","Microsoft Security Essentials","AV"
 "mssense.exe", "Microsoft Defender ATP (Advanced Threat Protection)", "Security"
 "nissrv.exe","Microsoft Security Essentials","AV"
+"nortonsecurity.exe", "Norton Antivirus", "AV"
+"ns.exe", "Norton Antivirus", "AV"
+"nsservice.exe", "Norton Antivirus", "AV"
 "openvpnserv.exe", "OpenVPN", "VPN"
 "outpost.exe","Agnitum Outpost Firewall","Firewall"
 "panda_url_filtering.exe","Panda Security","AV"
@@ -69,6 +87,8 @@ Process, Name, Type
 "trapsagent.exe","Palo Alto Networks Cortex XDR","XDR"
 "trapsd.exe","Palo Alto Networks Cortex XDR","XDR"
 "truecrypt.exe","TrueCrypt","Encryption"
+"uiWinMgr.exe", "Trend Micro", "AV"
+"updatesrv.exe", "Bitdefender", "AV"
 "vpnagent.exe","Cisco AnyConnect Secure Mobility Client","VPN"
 "vsserv.exe","Bitdefender Total Security","AV"
 "windefend.exe","Windows Defender","AV"