svchost exclusion #215
Description
hi,
I have the svchost exclusion enabled, but i think this one is missing in the current exclusions:
""Process Create:\r\nRuleName: technique_id=T1546.011,technique_name=Application Shimming\r\nUtcTime: 2025-11-13 14:22:51.997\r\nProcessGuid: {4ec7f6fa-e9bb-6915-fc03-000000003500}\r\nProcessId: 1300\r\nImage: C:\Windows\System32\sdbinst.exe\r\nFileVersion: 10.0.26100.7019 (WinBuild.160101.0800)\r\nDescription: Application Compatibility Database Installer\r\nProduct: Microsoft® Windows® Operating System\r\nCompany: Microsoft Corporation\r\nOriginalFileName: sdbinst.exe\r\nCommandLine: C:\WINDOWS\System32\sdbinst.exe -m -bg\r\nCurrentDirectory: C:\WINDOWS\system32\\r\nUser: AUTORITE NT\Système\r\nLogonGuid: {4ec7f6fa-86b1-6915-e703-000000000000}\r\nLogonId: 0x3E7\r\nTerminalSessionId: 0\r\nIntegrityLevel: System\r\nHashes: SHA1=F529B59765AA3E545C2ABE84827441FAC305A0FB,MD5=312DBD6D132136E849B9B25110AF02DE,SHA256=F46F5C25953111CC5364D6B43506277C2834D7C241A2F19C8283E1709ABB3E11,IMPHASH=1B6EE3C1899EA90A8A3811555E1DA64E\r\nParentProcessGuid: {4ec7f6fa-8741-6915-ec00-000000003500}\r\nParentProcessId: 6476\r\nParentImage: C:\Windows\System32\svchost.exe\r\nParentCommandLine: C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc\r\nParentUser: AUTORITE NT
}
is that something we could / should add to the exclusions?