-
Notifications
You must be signed in to change notification settings - Fork 17
/
Copy pathproducts.go
31 lines (25 loc) · 1.07 KB
/
products.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
package main
import "path/filepath"
var (
// AV product to vital executables and driver paths mapping
productList = map[string]func() []string{
"defender": defender_files,
}
)
func defender_files() []string {
var result filescanner
result.AddIfFound("C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\*\\*.exe") // Windows Defender Engine executables
result.AddIfFound("C:\\Program Files\\Windows Defender Advanced Threat Protection\\*.exe") // Microsoft Defender ATP Service
result.AddIfFound("C:\\Program Files\\Windows Defender\\*.exe") // Windows Defender Engine executables (built in)
//Nuking drivers results in BSOD
//result.AddIfFound("C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\*\\Drivers\\*.sys") // Windows Defender Drivers
// result.AddIfFound("C:\\Windows\\System32\\Drivers\\WD\\*.sys") // Windows Defender Drivers (built in)
return result
}
type filescanner []string
func (fs *filescanner) AddIfFound(glob string) {
files, _ := filepath.Glob(glob)
if len(files) > 0 {
*fs = append(*fs, files...)
}
}