An open-source tool called RealBlindingEDR enables attackers to blind, permanently disable, or terminate antivirus (AV) and endpoint detection and response (EDR) software by clearing critical kernel callbacks on Windows systems.
That’s why any EDR worth its salt has detected both this and the attempted abuse of the signed drivers it uses since early 2024. Many will also block it from running.
That’s why any EDR worth its salt has detected both this and the attempted abuse of the signed drivers it uses since early 2024. Many will also block it from running.