Bleeping Computer

New EDR-Freeze tool uses Windows WER to suspend security software

EDR-Freeze is described as a much stealthier method that requires no kernel driver, works entirely from the user mode, and leverages legitimate Windows components that are present by default in the ...
Bleeping Computer

PoorTry Windows driver evolves into a full-featured EDR wiper

The malicious PoorTry kernel-mode Windows driver used by multiple ransomware gangs to turn off Endpoint Detection and Response (EDR) solutions has evolved into an EDR wiper, deleting files crucial for ...