From 914e00c62c468463da8c081f44a4af027524d92c Mon Sep 17 00:00:00 2001
From: YamatoSecurity <tanaka@tanakazakku.com>
Date: Thu, 26 Dec 2024 09:22:17 +0300
Subject: [PATCH] re-enable FP rules

---
 ignore-uuid-list.txt | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/ignore-uuid-list.txt b/ignore-uuid-list.txt
index 2c55541..0b575c4 100644
--- a/ignore-uuid-list.txt
+++ b/ignore-uuid-list.txt
@@ -1,5 +1,5 @@
-# These rules are ignored because they have keywords that cause false positives for Windows Defender
-ec19ebab-72dc-40e1-9728-4c0b805d722c # Tamper Windows Defender - PSClassic
-14c71865-6cd3-44ae-adaa-1db923fae5f2 # Tamper Windows Defender - ScriptBlockLogging
-30edb182-aa75-42c0-b0a9-e998bb29067c # Potential AMSI Bypass Via .NET Reflection
-0f06a3a5-6a09-413f-8743-e6cf35561297 # Looks for any Sysmon WMI event but is better handled with Hayabusa rules
\ No newline at end of file
+# This file contained rules that would cause Windows Defender alerts but now we do not ignore them as users can use the live response release that encodes the rules so that there will not be any Defender false positives.
+#ec19ebab-72dc-40e1-9728-4c0b805d722c # Tamper Windows Defender - PSClassic
+#14c71865-6cd3-44ae-adaa-1db923fae5f2 # Tamper Windows Defender - ScriptBlockLogging
+#30edb182-aa75-42c0-b0a9-e998bb29067c # Potential AMSI Bypass Via .NET Reflection
+#0f06a3a5-6a09-413f-8743-e6cf35561297 # Looks for any Sysmon WMI event but is better handled with Hayabusa rules
\ No newline at end of file