A new open-source tool called SilentButDeadly has emerged, designed to disrupt Endpoint Detection and Response (EDR) and antivirus (AV) software by severing their network communications.

Developed by security researcher Ryan Framiñán, the tool leverages the Windows Filtering Platform (WFP) to create temporary, bidirectional blocks on EDR cloud connectivity, isolating threats without terminating processes.

His approach builds on the 2023 EDRSilencer technique, offering improved operational safety through dynamic, self-cleaning filters.