# # This is formatted for Splunk # # The latest list of application whitelisting bypass utils may be found here # https://github.com/api0cradle/UltimateAppLockerByPassList # New_Process_Name Function *appverif.exe* *arp.exe* *at.exe* *bcdedit.exe* *bcp.exe* *bitsadmin.exe* *chcp.exe* *cmd.exe* *cmstp.exe* *csc.exe* *cscript.exe* *csvde.exe* *cvtres.exe* *dsquery* *eventvwr.exe* *fltMC.exe* *installutil.exe* *ipconfig.exe* *klist.exe* *mavinject32.exe* *mshta.exe* *mstsc.exe* *mimikatz.exe* *nbtstat.exe* *nc.exe* *netcat.exe* *netstat.exe* *nmap* *nslookup.exe* *netsh* *ntdsutil.exe* *OSQL.exe* *paexec.exe* *ping.exe* *powershell.exe* *powercat.ps1* *psexec.exe* *psexecsvc.exe* *psLoggedOn.exe* *procdump.exe* *qprocess.exe* *query.exe* *rar.exe* *recdisc.exe* *reg.exe* *regasm.exe* *regsvr32.exe* *route.exe* *runas.exe* *rundll32.exe* *runscripthelper.exe* *schtasks.exe* *scrcons.exe* *sethc.exe* *sqlcmd.exe* *sc.exe*, # Normally noisy, may need to exclude *ssh.exe* *stordiag,exe* *SyncAppvPublishingServer.exe* *sysprep.exe* *systeminfo.exe* *system32\\net.exe* *reg.exe* *tasklist.exe* *tree.exe* *tpminit.exe* *tracert.exe* *vssadmin.exe* *wevtutil.exe* *whoami.exe* *winrar.exe* *winrshost.exe* *wscript.exe* *winrm.* *winrs.* *wsmprovhost.exe* *wmic.exe* *wsmprovhost.exe* *wusa.exe*