Release version 1.4

Version 1.4:

1. Fixed the bug when the program is compiled in Windows environment and the swprintf function did not work as expected inside the function "ConvertToNtPath".
2. Configured the filter as highest weight so the block will work if there is other WFP filter in the same sub-layer to explicitly permit EDR outbound traffic. However, it doesn't mean the filters created by EDRSilencer will always be the highest priorities as the filter arbitration will check sub-layer's weight too. (https://learn.microsoft.com/en-us/windows/win32/fwp/filter-arbitration)

Release version 1.3

Version 1.3:

1. Some EDR controls (e.g., minifilter) deny access when a process attempts to obtain a file handle of its EDR processes (e.g., through CreateFileW). However, the FwpmGetAppIdFromFileName0 API, which is used to obtain the FWP app id of the targeted EDR process, calls CreateFileW internally. To avoid this, a custom FwpmGetAppIdFromFileName0 was implemented to construct the app id without invoking CreateFileW, thus preventing unexpected failures when adding a WFP filter to an EDR process

Release version 1.2

Version 1.2:

1. Added Harfanglab EDR (Credit @John-R12)
2. Added TrendMicro Apex One (Credit @rajatsharma1337)
3. Updated Elastic EDR (Credit @pbssubhash)
4. Code change: A new WFP provider will be created for WFP filters created by this tool
5. Code change: update the process check condition from "contain" to "exact match" the pre-defined EDR process names

Release version 1.1

Version 1.1:

1. Added Cisco Secure Endpoint (Credit @logdumpster)
2. Removed CrowdStrike from the list. Someone reported to me that blocking its service process is insufficient. Therefore, I need to conduct further testing for this EDR.