Skip to content

v0.4.2

Choose a tag to compare

View all tags
@TMHSDigital TMHSDigital released this 15 Mar 20:44
· 9 commits to main since this release
v0.4.2
1124bc6

False-Positive Reduction & Reliability

Warning count drops from ~52 to ~24 on a typical developer workstation.

Fixed

  • AMSI false CRITICAL -- Get-FileSignature now returns a CheckFailed sentinel when PS.Security module can't load, instead of treating it as an unsigned file
  • Scanner self-contamination -- remoteIpMoProxy_* temp files from the scanner's own CIM/WMI calls no longer flagged
  • Stale COM registrations -- HKCU COM overrides where the DLL no longer exists are skipped (can't be exploited)
  • Known-legitimate scheduled tasks -- OneDrive, Opera, Zoom, Discord, Teams updaters no longer flagged as persistence
  • Per-user session services -- baseline diffs skip Windows per-user instances (e.g. AarSvc_ddff8)
  • $args shadowing -- renamed to $taskArgs in scheduled task checks
  • Restored Unicode box-drawing on verdict summary border
Assets 2
Loading