root/capture-mod/trunk/install/ProcessMonitor.exl
| Revision 1726, 1.9 kB (checked in by xkovah, 5 months ago) | |
|---|---|
and now it at least compiles |
|
| |
| Line | |
|---|---|
| 1 | #[+,-] [Process Created] [Parent Process] [Process Path] |
| 2 | ################################################### |
| 3 | ### Clean Windows XP SP 2 System ### |
| 4 | ################################################### |
| 5 | #Windows update (it runs even if disabled) |
| 6 | + wuauclt.exe .* C:\\WINDOWS\\system32\\wuauclt\.exe |
| 7 | # |
| 8 | + savedump.exe .* C:\\WINDOWS\\system32\\savedump\.exe |
| 9 | #Standard screensaver |
| 10 | + logon.scr .* C:\\WINDOWS\\system32\\logon\.scr |
| 11 | #defragmenter |
| 12 | + dfrgntfs.exe .* C:\\WINDOWS\\system32\\dfrgntfs\.exe |
| 13 | + defrag.exe .* C:\\WINDOWS\\system32\\defrag\.exe |
| 14 | ################################################### |
| 15 | ### Microsoft Internet Explorer 6.0 ### |
| 16 | ################################################### |
| 17 | + iexplore.exe .* C:\\Program Files\\Internet Explorer\\iexplore.exe |
| 18 | #agent server is an activeX control that starts upon displaying multimedia content |
| 19 | + agentsvr.exe .* C:\\WINDOWS\\msagent\\agentsvr.exe |
| 20 | #messenger activeX |
| 21 | + msmsgs.exe .* C:\\Program Files\\Messenger\\msmsgs.exe |
| 22 | ################################################### |
| 23 | ### Honeyclient added/specific? ### |
| 24 | ################################################### |
| 25 | #FIXME: Xeno - Does specifying a parent process even work? I tried |
| 26 | + bash.exe .* C:\\cygwin\\bin\\bash\.exe |
| 27 | + perl.exe .* C:\\cygwin\\bin\\perl\.exe |
| 28 | + helpsvc.exe .* C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpsvc\.exe |
| 29 | + wmiprvse.exe .* C:\\WINDOWS\\system32\\wbem\\wmiprvse\.exe |
| 30 | + wmiadap.exe .* C:\\WINDOWS\\system32\\wbem\\wmiadap\.exe |
| 31 | + sleep.exe .* C:\\cygwin\\bin\\sleep\.exe |
| 32 | + userinit.exe .* C:\\WINDOWS\\system32\\userinit\.exe |
| 33 | + WgaTray.exe .* C:\\WINDOWS\\system32\\WgaTray\.exe |
| 34 | + alg.exe .* C:\\WINDOWS\\system32\\alg\.exe |
| 35 | + firefox.exe .* C:\\Program Files\\Mozilla Firefox\\firefox\.exe#### HONEYCLIENT AUTO EXCLUDE SCRIPT |
| 36 | + setup_wm.exe .* C:\\Program Files\\Windows Media Player\\setup_wm.exe |
| 37 | + wmplayer.exe .* C:\\Program Files\\Windows Media Player\\wmplayer.exe |
Note: See TracBrowser for help on using the browser.
