Update wiper signatures and add new ones#583
Conversation
Refactor wiper signatures for clarity and functionality enhancements and add new signatures
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request refactors the existing WiperZeroedBytes signature and introduces several new Windows wiper signatures, including detections for large zero-byte writes, disk fill attacks, command-line disk destruction, raw disk access via EldoS driver, transient kernel drivers, recycle bin destruction, activity logging, and recursive directory removal. The review feedback highlights several critical improvements for robustness and compatibility, such as normalizing file paths to lowercase to handle Windows case-insensitivity, refining driver name extraction, making command-line regex patterns more robust against evasion, and fixing Python 2 compatibility issues related to integer division and set intersection.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Updated description to remove redundant information.
1 participant
Refactor wiper signatures for clarity and functionality enhancements and add new signatures
13037b749aa4b1eda538fda26d6ac41c8f7b1d02d83f47b0d187dd645154e033, bfda142bc5c44913eed9ef1cf2a8ad07b7a71312a26e4c7c519bf1a3fedeb6a0 & 67882a1c3d3058837767d01eba6938a9eacee3bd1743539a6459c0da21007c41
1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672d77b9f6928d292591
bfda142bc5c44913eed9ef1cf2a8ad07b7a71312a26e4c7c519bf1a3fedeb6a0
a294620543334a721a2ae8eaaf9680a0786f4b9a216d75b55cfd28f39e9430ea
