WFP is a set of Windows APIs and services that developers can use to interact with the network packet processing deep inside the Windows networking stack. This powerful capability is usually leveraged by firewalls and other security applications to monitor, block or modify network packets based on IP addresses, ports, originating processes and so on.
EDRSilencer creates WFP filters that target processes associated with popular EDR tools. Agents supported by default include Microsoft Defender for Endpoint and Microsoft Defender Antivirus, Elastic EDR, Trellix EDR, Qualys EDR, SentinelOne, Cylance, Cybereason, Carbon Black EDR, Carbon Black Cloud, Tanium, Palo Alto Networks Traps/Cortex XDR, FortiEDR, Cisco Secure Endpoint (Formerly Cisco AMP), ESET Inspect, Harfanglab EDR and TrendMicro Apex One.
If the EDR agent installed on a system is not one from this list and is not automatically recognized, the user can pass a full path to the process they want to have its network communication blocked. So, in theory, it could block network traffic for any programs, not just EDR agents.
