Tag: WFP filters

Blocking EDRs traffic Two tools written in C that block network traffic for blacklisted EDR processes, using either Windows Defender Firewall (WDF) or Windows Filtering Platform (WFP). Overview WindowsDefenderFirewall.exe Creates inbound and outbound block rules in Windows Defender Firewall for blacklisted EDR processes. WindowsFilteringPlatform.exe Creates WFP filters that block traffic for blacklisted EDR processes. Includes a custom AppID resolution routine to obtain executable…