There has been some reporting that cybercrime collective known as FIN7 that is used to undermine EDR tools. From DarkReading:
AuKill," developed by the notorious FIN7 cybercrime collective (aka Carbanak, Carbon Spider, Cobalt Group, Navigator Group), is a program specifically designed to undermine endpoint security. It employs more than 10 different user and kernel mode techniques to that end, like sandboxing protected processes and leveraging fundamental Windows APIs like Restart Manager and Service Control Manager.
I'm guessing that Sophos has already addressed this, just curious as to the status of it.
This thread was automatically locked due to age.