v1.91

Addes some processes to existing tools:

"sgrmbroker.exe", "Windows System Integrity Management Broker", "System Integrity"
"mbamagent.exe", "Malwarebytes Agent", "Antivirus"
"mpdefendercoreservice.exe", "Windows Defender Core Service", "Antivirus"

v1.9

New processes added:

Process,Name,Type
MsSense.exe,Microsoft Defender ATP,EDR
SentinelAgent.exe,SentinelOne,EDR
SentinelStaticEngine.exe,SentinelOne,EDR
SentinelStaticEngineScanner.exe,SentinelOne,EDR
SentinelServiceHost.exe,SentinelOne,EDR
SentinelMemoryScanner.exe,SentinelOne,EDR
SenseTVM.exe,Windows Defender,AV
SenseIR.exe,Windows Defender,AV
SenseNdr.exe,Windows Defender,AV
SecurityHealthService.exe,Windows Security,Security
SecurityHealthSystray.exe,Windows Security,Security

v1.8

Fixed capitals processes comparison errors.

v1.7

Added:

• Trend Micro (AppControlAgent.exe) - Application Control
• Trend Micro (BrowserExploitDetection.exe) - Exploit Detection
• Trend Micro (ClientCommunicationService.exe) - Antivirus/EDR
• Trend Micro (ClientLogService.exe) - Antivirus/EDR
• Trend Micro (RealTimeScanService.exe) - Antivirus/EDR
• Trend Micro (SamplingService.exe) - Antivirus/EDR
• Trend Micro (ClientSolutionFramework.exe) - Antivirus/EDR
• Trend Micro (DataProtectionService.exe) - Data Protection
• Trend Micro (EndpointBasecamp.exe) - EDR
• Trend Micro (PersonalFirewallService.exe) - Firewall
• Trend Micro (SecurityAgentMonitor.exe) - Antivirus/EDR
• Trend Micro (TelemetryAgentService.exe) - Telemetry
• Trend Micro (VulnerabilityProtectionAgent.exe) - Vulnerability Protection
• Trend Micro (WSCService.exe) - Security Service

v1.6

What's new?

• Palo Alto Networks (Cortex XDR) (improved)
• Absolute Persistence (acnamagent.exe) - Asset Management
• Absolute Persistence (acnamlogonagent.exe) - Asset Management
• Norton Antivirus (ccSvcHst.exe) - AV
• Microsoft OMS (HealthService.exe) - Monitoring
• Microsoft Monitoring Agent (MonitoringHost.exe) - Monitoring
• SolarWinds NPM (NPMDAgent.exe) - Network Monitoring
• Microsoft .NET Framework (SMSvcHost.exe) - Application
• Cisco AnyConnect (vpnagent.exe) - VPN
• Cisco AnyConnect (vpnui.exe) - VPN

v1.5

New processes included:

• Palo Alto Networks GlobalProtect (additional process) - VPN
• Palo Alto Networks (Cyvera) - EDR
• Darktrace - EDR
• Unknown (TelemetryService.exe) - Telemetry
• Unknown (Sentinel.exe - Potential: Microsoft Defender) - EDR
• Adobe (AGMService.exe) - Telemetry
• Adobe (AGSService.exe) - Telemetry
• VMware (vm3dservice.exe) - Virtualization
• VMware (vmtoolsd.exe) - Virtualization
• VMware (VGAuthService.exe) - Virtualization

v1.4

What's New

• Added support for the following security software processes:
  • Norton Antivirus:
    • nortonsecurity.exe
    • nsservice.exe
    • ns.exe
  • Avast:
    • aswidsagent.exe
  • Malwarebytes:
    • mbamswissarmy.sys
    • mbae64.sys
  • CrowdStrike Falcon:
    • csfalcondaterepair.exe
    • csfalconcontainer.exe
  • SentinelOne:
    • SentinelAgent.exe
    • SentinelCtl.exe
  • Sophos:
    • SophosClean.exe
    • SophosHealth.exe
  • McAfee:
    • mfeann.exe
    • mfemms.exe
  • Trend Micro:
    • coreServiceShell.exe
    • uiWinMgr.exe
  • Bitdefender:
    • updatesrv.exe
    • bdntwrk.exe
  • Kaspersky:
    • klwtblfs.exe
    • klwtpwrs.srv

v1.3

Added apps:

• avpui.exe Kaspersky AV
• ksde.exe Kaspersky Secure Connection VPN
• ksdeui.exe Kaspersky Secure Connection VPN
• openvpnserv.exe OpenVPN VPN
• sbiesvc.exe Sandboxie Security
• sysmon64.exe Microsoft Sysmon Security
• winlogbeat.exe Elastic Winlogbeat Security
• wireguard.exe WireGuard VPN

v1.2

New supported processes:

• Cisco AnyConnect Secure Mobility Client - VPN
• McAfee Endpoint Security - AV
• McAfee Endpoint Encryption - Encryption
• Palo Alto Networks GlobalProtect - VPN
• Microsoft Defender ATP (Advanced Threat Protection) - Security
• Cisco Umbrella Roaming Security - Security
• McAfee Endpoint Security Firewall - Firewall

v1.1

Fixes

• webroot AV fixed

Apps detected:

• Agnitum Outpost Firewall - Firewall
• Avast - AV
• Avira - AV
• AxCrypt - Encryption
• Bitdefender Total Security - AV
• Check Point Daemon - Security
• Check Point Firewall - Firewall
• CrowdStrike Falcon Insight XDR - XDR
• Cybereason EDR - EDR
• Cytomic Orion - Security
• DriveSentry - Security
• ESET NOD32 AV - AV
• FireEye Endpoint Agent - Security
• FireEye HX - Security
• FortiEDR - EDR
• Host Intrusion Prevention System - HIPS
• Kaspersky - AV
• Kerio Personal Firewall - Firewall
• Malwarebytes - AV
• McAfee DLP Sensor - DLP
• McAfee Endpoint Security - AV
• McAfee Host Intrusion Prevention - HIPS
• McAfee VirusScan - AV
• Microsoft Security Essentials - AV
• Microsoft Sysmon - Security
• Palo Alto Networks Cortex XDR - XDR
• Panda Security - AV
• SentinelOne Singularity XDR - XDR
• Sophos Endpoint Security - AV
• Symantec DLP Agent - DLP
• Symantec Endpoint Protection - AV
• Tanium EDR - EDR
• Trend Micro OfficeScan - AV
• TrueCrypt - Encryption
• VMware Carbon Black EDR - EDR
• Webroot Anywhere - AV
• Windows Defender - AV