diff --git a/client/command/processes/ps.go b/client/command/processes/ps.go
index e05a6e84d6..6c67e181d2 100644
--- a/client/command/processes/ps.go
+++ b/client/command/processes/ps.go
@@ -46,14 +46,20 @@ var knownSecurityTools = map[string][]string{
 	"RepUx.exe":                       {console.Red, "Carbon Black Cloud Sensor"},    // Carbon Black Cloud Sensor
 	"RepWSC.exe":                      {console.Red, "Carbon Black Cloud Sensor"},    // Carbon Black Cloud Sensor
 	"scanhost.exe":                    {console.Red, "Carbon Black Cloud Sensor"},    // Carbon Black Cloud Sensor
-	"MsMpEng.exe":                     {console.Red, "Windows Defender"},             // Windows Defender
-	"SenseIR.exe":                     {console.Red, "Windows Defender MDE"},         // Windows Defender Endpoint (Live Response Session)
-	"SenseCncProxy.exe":               {console.Red, "Windows Defender MDE"},         // Windows Defender Endpoint
-	"MsSense.exe":                     {console.Red, "Windows Defender MDE"},         // Windows Defender Endpoint
-	"MpCmdRun.exe":                    {console.Red, "Windows Defender"},             // Windows Defender
+	"smartscreen.exe":                 {console.Red, "Windows Smart Screen"},         // Windows Defender Smart Screen
+	"MpCmdRun.exe":                    {console.Red, "Windows Defender"},             // Windows Defender Command-line
 	"MonitoringHost.exe":              {console.Red, "Windows Defender"},             // Microsoft Monitoring Agent
 	"HealthService.exe":               {console.Red, "Windows Defender"},             // Microsoft Monitoring Agent
-	"smartscreen.exe":                 {console.Red, "Windows Smart Screen"},         // Windows Defender Smart Screen
+	"MsMpEng.exe":                     {console.Red, "Windows Defender"},             // Windows Defender (Service Executable)
+	"NisSrv.exe":                      {console.Red, "Windows Defender"},             // Windows Defender (Network Realtime Inspection)
+	"SenseIR.exe":                     {console.Red, "Windows Defender MDE"},         // Windows Defender Endpoint (Live Response Session)
+	"SenseNdr.exe":                    {console.Red, "Windows Defender MDE"},         // Windows Defender Endpoint (Network Detection and Response)	
+	"SenseSC.exe":                     {console.Red, "Windows Defender MDE"},         // Windows Defender Endpoint (Screenshot Capture Module)	
+	"SenseCE.exe":                     {console.Red, "Windows Defender MDE"},         // Windows Defender Endpoint (Classification Engine Module)	
+	"SenseCM.exe":                     {console.Red, "Windows Defender MDE"},         // Windows Defender Endpoint (Configuration Management Module)	
+	"SenseSampleUploader.exe":         {console.Red, "Windows Defender MDE"},         // Windows Defender Endpoint (Sample Uploader Module)	
+	"SenseCncProxy.exe":               {console.Red, "Windows Defender MDE"},         // Windows Defender Endpoint (Communication Module)
+	"MsSense.exe":                     {console.Red, "Windows Defender MDE"},         // Windows Defender Endpoint (Service Executable)
 	"CSFalconService.exe":             {console.Red, "CrowdStrike"},                  // Crowdstrike Falcon Service
 	"CSFalconContainer.exe":           {console.Red, "CrowdStrike"},                  // CrowdStrike Falcon Container Security
 	"bdservicehost.exe":               {console.Red, "Bitdefender"},                  // Bitdefender (Total Security)