The Trend Micro Threat Hunting Team uncovered EDRSilencer, originally a red team tool designed to interfere with endpoint detection and response solutions. Threat actors are repurposing it to evade detection by blocking EDR traffic. This tool disrupts the transmission of telemetry or alerts to EDR management consoles, making it challenging to identify and remove malware
By dynamically identifying and blocking EDR processes using the Windows Filtering Platform, EDRSilencer creates filters to impede outbound communication effectively. Though essential for improving security posture, red team tools like EDRSilencer are increasingly hijacked for malicious purposes, posing a silent threat to endpoint security solutions. To counter this threat, organizations must employ multi-layered defenses, including behavior analysis, application whitelisting, and continuous monitoring coupled with threat hunting efforts to mitigate risks and protect digital assets. https://www.trendmicro.com/en_us/research/24/j/edrsilencer-disrupting-endpoint-security-solutions.html