← All tools

av_detect

https://github.com/nand0san/av_detect

Free

Categories

Forensics

Description

This program detects if any security software (AV, EDR, XDR, firewall, etc.) is running on the system. The program searches the list of running processes and compares their names with a predefined list of known security software processes.

Keywords

forensics pentesting c++

Example Usage

AV_detect Version: v2.3.0

[unknown] Non-system unknown processes (N):
- someproc.exe | cmd=C:\Path\To\someproc.exe --arg1 --arg2 ...
- othersvc.exe | svc=ServiceName(+2) | bin=C:\Program Files\Vendor\svc.exe -k group
- another.exe | img=C:\Windows\System32\another.exe


[AV] Kaspersky UI - avpui.exe
[CLOUD] Nextcloud Desktop - nextcloud.exe
[EDR] CrowdStrike Falcon Sensor - csfalconservice.exe
[RDP] Microsoft Remote Desktop Client - mstsc.exe
[VPN] WireGuard - wireguard.exe
...