This is a tool that exploits the software vulnerability of WerFaultSecure to suspend the processes of EDRs and antimalware without needing to use the BYOVD (Bring Your Own Vulnerable Driver) attack method.
EDR-Freeze operates in user mode, so you don't need to install any additional drivers. It can run on the latest version of Windows.
The experiment was conducted with the latest version of Windows at the time of the project creation: Windows 11 24H2
EDR-Freeze.exe [TargetPID] [SleepTime]
Example: EDR-Freeze.exe 1234 10000
Freeze the target for 10000 milliseconds
EDR-Freeze: A Tool That Puts EDRs And Antivirus Into A Coma State