this tool was created with the aim of blocking the outbound traffic of running EDR processes using Windows Filtering Platform (WFP) APIs.
Usage: SharpEDRSilencer.exe <blockedr/block/unblockall/unblock>
- Add WFP filters to block the IPv4 and IPv6 outbound traffic of all detected EDR processes:
SharpEDRSilencer.exe blockedr
- Add WFP filters to block the IPv4 and IPv6 outbound traffic of a specific process (full path is required):
SharpEDRSilencer.exe block "C:\Windows\System32\curl.exe"
- Remove all WFP filters applied by this tool:
SharpEDRSilencer.exe unblockall
- Remove a specific WFP filter based on filter id:
SharpEDRSilencer.exe unblock <filter id>